diff --git a/deprecated/windows/proc_access_win_susp_invoke_patchingapi.yml b/deprecated/windows/proc_access_win_susp_invoke_patchingapi.yml
index 309e1124d6d..0da538c5538 100644
--- a/deprecated/windows/proc_access_win_susp_invoke_patchingapi.yml
+++ b/deprecated/windows/proc_access_win_susp_invoke_patchingapi.yml
@@ -3,7 +3,7 @@ id: b916cba1-b38a-42da-9223-17114d846fd6
 status: deprecated
 description: Detects potential NT API stub patching as seen used by the project PatchingAPI
 references:
-    - https://github.com/D1rkMtr/UnhookingPatch
+    - https://web.archive.org/web/20230106211702/https://github.com/D1rkMtr/UnhookingPatch
     - https://twitter.com/D1rkMtr/status/1611471891193298944?s=20
 author: frack113
 date: 2023/01/07
diff --git a/rules-emerging-threats/2021/Exploits/CVE-2021-1675/file_event_win_cve_2021_1675_printspooler.yml b/rules-emerging-threats/2021/Exploits/CVE-2021-1675/file_event_win_cve_2021_1675_printspooler.yml
index 13082f6a4b0..230f384113f 100644
--- a/rules-emerging-threats/2021/Exploits/CVE-2021-1675/file_event_win_cve_2021_1675_printspooler.yml
+++ b/rules-emerging-threats/2021/Exploits/CVE-2021-1675/file_event_win_cve_2021_1675_printspooler.yml
@@ -3,8 +3,8 @@ id: 2131cfb3-8c12-45e8-8fa0-31f5924e9f07
 status: test
 description: Detects the default filename used in PoC code against print spooler vulnerability CVE-2021-1675
 references:
-    - https://github.com/hhlxf/PrintNightmare
-    - https://github.com/afwu/PrintNightmare
+    - https://web.archive.org/web/20210629055600/https://github.com/hhlxf/PrintNightmare/
+    - https://web.archive.org/web/20210701042336/https://github.com/afwu/PrintNightmare
     - https://github.com/cube0x0/CVE-2021-1675
 author: Florian Roth (Nextron Systems)
 date: 2021-06-29
diff --git a/rules-emerging-threats/2021/Exploits/CVE-2021-1675/win_exploit_cve_2021_1675_printspooler.yml b/rules-emerging-threats/2021/Exploits/CVE-2021-1675/win_exploit_cve_2021_1675_printspooler.yml
index 008aa75f77f..a4b89877fca 100644
--- a/rules-emerging-threats/2021/Exploits/CVE-2021-1675/win_exploit_cve_2021_1675_printspooler.yml
+++ b/rules-emerging-threats/2021/Exploits/CVE-2021-1675/win_exploit_cve_2021_1675_printspooler.yml
@@ -3,8 +3,8 @@ id: 4e64668a-4da1-49f5-a8df-9e2d5b866718
 status: test
 description: Detects events of driver load errors in print service logs that could be a sign of successful exploitation attempts of print spooler vulnerability CVE-2021-1675
 references:
-    - https://github.com/hhlxf/PrintNightmare
-    - https://github.com/afwu/PrintNightmare
+    - https://web.archive.org/web/20210629055600/https://github.com/hhlxf/PrintNightmare/
+    - https://web.archive.org/web/20210701042336/https://github.com/afwu/PrintNightmare
     - https://twitter.com/fuzzyf10w/status/1410202370835898371
 author: Florian Roth (Nextron Systems), KevTheHermit, fuzzyf10w, Tim Shelton
 date: 2021-06-30
diff --git a/rules-emerging-threats/2021/Exploits/CVE-2021-41379/file_event_win_cve_2021_41379_msi_lpe.yml b/rules-emerging-threats/2021/Exploits/CVE-2021-41379/file_event_win_cve_2021_41379_msi_lpe.yml
index 516c52d50cb..0d842436db7 100644
--- a/rules-emerging-threats/2021/Exploits/CVE-2021-41379/file_event_win_cve_2021_41379_msi_lpe.yml
+++ b/rules-emerging-threats/2021/Exploits/CVE-2021-41379/file_event_win_cve_2021_41379_msi_lpe.yml
@@ -3,7 +3,7 @@ id: 3be82d5d-09fe-4d6a-a275-0d40d234d324
 status: test
 description: Detects signs of the exploitation of LPE CVE-2021-41379 that include an msiexec process that creates an elevation_service.exe file
 references:
-    - https://github.com/klinix5/InstallerFileTakeOver
+    - https://web.archive.org/web/20220421061949/https://github.com/klinix5/InstallerFileTakeOver
     - https://www.zerodayinitiative.com/advisories/ZDI-21-1308/
 author: Florian Roth (Nextron Systems)
 date: 2021-11-22
diff --git a/rules-emerging-threats/2021/Exploits/CVE-2021-41379/win_vul_cve_2021_41379.yml b/rules-emerging-threats/2021/Exploits/CVE-2021-41379/win_vul_cve_2021_41379.yml
index 1b208b43e5f..799e3659389 100644
--- a/rules-emerging-threats/2021/Exploits/CVE-2021-41379/win_vul_cve_2021_41379.yml
+++ b/rules-emerging-threats/2021/Exploits/CVE-2021-41379/win_vul_cve_2021_41379.yml
@@ -3,7 +3,7 @@ id: 7dbb86de-a0cc-494c-8aa8-b2996c9ef3c8
 status: test
 description: Detects PoC tool used to exploit LPE vulnerability CVE-2021-41379
 references:
-    - https://github.com/klinix5/InstallerFileTakeOver
+    - https://web.archive.org/web/20220421061949/https://github.com/klinix5/InstallerFileTakeOver
 author: Florian Roth (Nextron Systems)
 date: 2021-11-22
 modified: 2022-07-12
diff --git a/rules/windows/builtin/security/account_management/win_security_rdp_bluekeep_poc_scanner.yml b/rules/windows/builtin/security/account_management/win_security_rdp_bluekeep_poc_scanner.yml
index ce57e274c58..8a9229e2ef2 100644
--- a/rules/windows/builtin/security/account_management/win_security_rdp_bluekeep_poc_scanner.yml
+++ b/rules/windows/builtin/security/account_management/win_security_rdp_bluekeep_poc_scanner.yml
@@ -4,7 +4,7 @@ status: test
 description: Detects the use of a scanner by zerosum0x0 that discovers targets vulnerable to  CVE-2019-0708 RDP RCE aka BlueKeep
 references:
     - https://twitter.com/AdamTheAnalyst/status/1134394070045003776
-    - https://github.com/zerosum0x0/CVE-2019-0708
+    - https://web.archive.org/web/20190710034152/https://github.com/zerosum0x0/CVE-2019-0708
 author: Florian Roth (Nextron Systems), Adam Bradbury (idea)
 date: 2019-06-02
 modified: 2022-12-25
diff --git a/rules/windows/builtin/smbclient/security/win_smbclient_security_susp_failed_guest_logon.yml b/rules/windows/builtin/smbclient/security/win_smbclient_security_susp_failed_guest_logon.yml
index 45318997bd6..81e633b4862 100644
--- a/rules/windows/builtin/smbclient/security/win_smbclient_security_susp_failed_guest_logon.yml
+++ b/rules/windows/builtin/smbclient/security/win_smbclient_security_susp_failed_guest_logon.yml
@@ -4,8 +4,8 @@ status: test
 description: Detect Attempt PrintNightmare (CVE-2021-1675) Remote code execution in Windows Spooler Service
 references:
     - https://twitter.com/KevTheHermit/status/1410203844064301056
-    - https://github.com/hhlxf/PrintNightmare
-    - https://github.com/afwu/PrintNightmare
+    - https://web.archive.org/web/20210629055600/https://github.com/hhlxf/PrintNightmare/
+    - https://web.archive.org/web/20210701042336/https://github.com/afwu/PrintNightmare
 author: Florian Roth (Nextron Systems), KevTheHermit, fuzzyf10w
 date: 2021-06-30
 modified: 2023-01-02
diff --git a/rules/windows/builtin/system/termdd/win_system_rdp_potential_cve_2019_0708.yml b/rules/windows/builtin/system/termdd/win_system_rdp_potential_cve_2019_0708.yml
index 4abbd93921c..28bc787bb4f 100644
--- a/rules/windows/builtin/system/termdd/win_system_rdp_potential_cve_2019_0708.yml
+++ b/rules/windows/builtin/system/termdd/win_system_rdp_potential_cve_2019_0708.yml
@@ -3,7 +3,7 @@ id: aaa5b30d-f418-420b-83a0-299cb6024885
 status: test
 description: Detect suspicious error on protocol RDP, potential CVE-2019-0708
 references:
-    - https://github.com/zerosum0x0/CVE-2019-0708
+    - https://web.archive.org/web/20190710034152/https://github.com/zerosum0x0/CVE-2019-0708
     - https://github.com/Ekultek/BlueKeep
 author: 'Lionel PRAT, Christophe BROCAS, @atc_project (improvements)'
 date: 2019-05-24
diff --git a/rules/windows/file/file_delete/file_delete_win_cve_2021_1675_print_nightmare.yml b/rules/windows/file/file_delete/file_delete_win_cve_2021_1675_print_nightmare.yml
index faceed8596f..737c2925942 100644
--- a/rules/windows/file/file_delete/file_delete_win_cve_2021_1675_print_nightmare.yml
+++ b/rules/windows/file/file_delete/file_delete_win_cve_2021_1675_print_nightmare.yml
@@ -3,7 +3,7 @@ id: 5b2bbc47-dead-4ef7-8908-0cf73fcbecbf
 status: test
 description: Detect DLL deletions from Spooler Service driver folder. This might be a potential exploitation attempt of CVE-2021-1675
 references:
-    - https://github.com/hhlxf/PrintNightmare
+    - https://web.archive.org/web/20210629055600/https://github.com/hhlxf/PrintNightmare/
     - https://github.com/cube0x0/CVE-2021-1675
 author: Bhabesh Raj
 date: 2021-07-01
diff --git a/rules/windows/file/file_event/file_event_win_powershell_exploit_scripts.yml b/rules/windows/file/file_event/file_event_win_powershell_exploit_scripts.yml
index 66b18fd9a5c..470703b8af2 100644
--- a/rules/windows/file/file_event/file_event_win_powershell_exploit_scripts.yml
+++ b/rules/windows/file/file_event/file_event_win_powershell_exploit_scripts.yml
@@ -9,7 +9,7 @@ references:
     - https://github.com/PowerShellMafia/PowerSploit
     - https://github.com/NetSPI/PowerUpSQL
     - https://github.com/CsEnox/EventViewer-UACBypass
-    - https://github.com/AlsidOfficial/WSUSpendu/
+    - https://web.archive.org/web/20210511204621/https://github.com/AlsidOfficial/WSUSpendu
     - https://github.com/nettitude/Invoke-PowerThIEf
     - https://github.com/S3cur3Th1sSh1t/WinPwn
     - https://github.com/S3cur3Th1sSh1t/PowerSharpPack/tree/master/PowerSharpBinaries
diff --git a/rules/windows/file/file_event/file_event_win_sam_dump.yml b/rules/windows/file/file_event/file_event_win_sam_dump.yml
index 94d7c14a322..76cafa7bf01 100644
--- a/rules/windows/file/file_event/file_event_win_sam_dump.yml
+++ b/rules/windows/file/file_event/file_event_win_sam_dump.yml
@@ -4,7 +4,7 @@ status: test
 description: Detects the creation of files that look like exports of the local SAM (Security Account Manager)
 references:
     - https://github.com/search?q=CVE-2021-36934
-    - https://github.com/cube0x0/CVE-2021-36934
+    - https://web.archive.org/web/20210725081645/https://github.com/cube0x0/CVE-2021-36934
     - https://www.google.com/search?q=%22reg.exe+save%22+sam
     - https://github.com/HuskyHacks/ShadowSteal
     - https://github.com/FireFart/hivenightmare
diff --git a/rules/windows/image_load/image_load_spoolsv_dll_load.yml b/rules/windows/image_load/image_load_spoolsv_dll_load.yml
index aefe1fa4d02..597d14b9357 100644
--- a/rules/windows/image_load/image_load_spoolsv_dll_load.yml
+++ b/rules/windows/image_load/image_load_spoolsv_dll_load.yml
@@ -3,7 +3,7 @@ id: 02fb90de-c321-4e63-a6b9-25f4b03dfd14
 status: test
 description: Detect DLL Load from Spooler Service backup folder
 references:
-    - https://github.com/hhlxf/PrintNightmare
+    - https://web.archive.org/web/20210629055600/https://github.com/hhlxf/PrintNightmare/
     - https://github.com/ly4k/SpoolFool
 author: FPT.EagleEye, Thomas Patzke (improvements)
 date: 2021-06-29
diff --git a/rules/windows/powershell/powershell_module/posh_pm_exploit_scripts.yml b/rules/windows/powershell/powershell_module/posh_pm_exploit_scripts.yml
index d8f72dc8cde..d5993d88508 100644
--- a/rules/windows/powershell/powershell_module/posh_pm_exploit_scripts.yml
+++ b/rules/windows/powershell/powershell_module/posh_pm_exploit_scripts.yml
@@ -11,7 +11,7 @@ references:
     - https://github.com/PowerShellMafia/PowerSploit
     - https://github.com/NetSPI/PowerUpSQL
     - https://github.com/CsEnox/EventViewer-UACBypass
-    - https://github.com/AlsidOfficial/WSUSpendu/
+    - https://web.archive.org/web/20210511204621/https://github.com/AlsidOfficial/WSUSpendu
     - https://github.com/nettitude/Invoke-PowerThIEf
     - https://github.com/S3cur3Th1sSh1t/WinPwn
     - https://github.com/S3cur3Th1sSh1t/PowerSharpPack/tree/master/PowerSharpBinaries
diff --git a/rules/windows/process_creation/proc_creation_win_hktl_dinjector.yml b/rules/windows/process_creation/proc_creation_win_hktl_dinjector.yml
index 6acd285472e..021d1341f1a 100644
--- a/rules/windows/process_creation/proc_creation_win_hktl_dinjector.yml
+++ b/rules/windows/process_creation/proc_creation_win_hktl_dinjector.yml
@@ -3,7 +3,7 @@ id: d78b5d61-187d-44b6-bf02-93486a80de5a
 status: test
 description: Detects the use of the Dinject PowerShell cradle based on the specific flags
 references:
-    - https://github.com/snovvcrash/DInjector # Original got deleted. This is a fork
+    - https://web.archive.org/web/20211001064856/https://github.com/snovvcrash/DInjector # Original got deleted. This is a fork
 author: Florian Roth (Nextron Systems)
 date: 2021-12-07
 modified: 2023-02-04