From 2339ab1b36cc2dd70b5a084b864359099fe3aa06 Mon Sep 17 00:00:00 2001
From: "David J. Bianco" <davidjbianco@gmail.com>
Date: Tue, 29 Nov 2016 19:29:21 -0500
Subject: [PATCH] Added link to string distance algorithm description

---
 hunts/critical_process_impersonation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hunts/critical_process_impersonation.md b/hunts/critical_process_impersonation.md
index 574b945..c33b58a 100644
--- a/hunts/critical_process_impersonation.md
+++ b/hunts/critical_process_impersonation.md
@@ -18,7 +18,7 @@ Scripting
 
 **Description**
 
-A popular technique for hiding malware running on Windows systems is to give it a name that's confusingly similar to a legitimate Windows process, preferably one that is always present on all systems. Using a _string similarity_ algorithm, we can compare the names of running processes to a set of defined Windows system processes to look for this sort of impersonation.
+A popular technique for hiding malware running on Windows systems is to give it a name that's confusingly similar to a legitimate Windows process, preferably one that is always present on all systems. Using a _string similarity_ algorithm ([Damerau-Levenshtein](https://en.wikipedia.org/wiki/Damerau%E2%80%93Levenshtein_distance) distance), we can compare the names of running processes to a set of defined Windows system processes to look for this sort of impersonation.
 
 **Other Notes**