diff --git a/rules/windows/process_access/sysmon_cmstp_execution.yml b/rules/windows/process_access/sysmon_cmstp_execution.yml
index 66c5a5ffd..294afe076 100755
--- a/rules/windows/process_access/sysmon_cmstp_execution.yml
+++ b/rules/windows/process_access/sysmon_cmstp_execution.yml
@@ -12,7 +12,7 @@ tags:
 author: Nik Seetharaman
 date: 2018/07/16
 references:
-    - http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/
+    - https://web.archive.org/web/20190720093911/http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/
 fields:
     - CommandLine
     - ParentCommandLine
diff --git a/rules/windows/process_creation/win_cmstp_com_object_access.yml b/rules/windows/process_creation/win_cmstp_com_object_access.yml
index 599fe2af1..0a4be8435 100644
--- a/rules/windows/process_creation/win_cmstp_com_object_access.yml
+++ b/rules/windows/process_creation/win_cmstp_com_object_access.yml
@@ -16,7 +16,7 @@ author: Nik Seetharaman
 modified: 2019/07/31
 date: 2019/01/16
 references:
-    - http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/
+    - https://web.archive.org/web/20190720093911/http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/
     - https://twitter.com/hFireF0X/status/897640081053364225
 logsource:
     category: process_creation
diff --git a/rules/windows/registry_event/sysmon_cmstp_execution.yml b/rules/windows/registry_event/sysmon_cmstp_execution.yml
index a8083a243..daf6faa1e 100755
--- a/rules/windows/registry_event/sysmon_cmstp_execution.yml
+++ b/rules/windows/registry_event/sysmon_cmstp_execution.yml
@@ -12,7 +12,7 @@ tags:
 author: Nik Seetharaman
 date: 2018/07/16
 references:
-    - http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/
+    - https://web.archive.org/web/20190720093911/http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/
 fields:
     - CommandLine
     - ParentCommandLine
diff --git a/rules/windows/sysmon/sysmon_cmstp_execution.yml b/rules/windows/sysmon/sysmon_cmstp_execution.yml
index e3b04a188..c6154de44 100644
--- a/rules/windows/sysmon/sysmon_cmstp_execution.yml
+++ b/rules/windows/sysmon/sysmon_cmstp_execution.yml
@@ -12,7 +12,7 @@ tags:
 author: Nik Seetharaman
 date: 2018/07/16
 references:
-    - http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/
+    - https://web.archive.org/web/20190720093911/http://www.endurant.io/cmstp/detecting-cmstp-enabled-code-execution-and-uac-bypass-with-sysmon/
 detection:
     condition: 1 of them
 fields: