Volume 15, Number 6

Unveiling Advanced Persistence Techniques Through Application Shimming and Countermeasures

  Authors

Akashdeep Bhardwaj¹, Naresh Kumar² and Shawon S. M. Rahman³, ¹University of Petroleum and Energy Studies, India, ²University of Nizwa, Oman, ³University of Hawai‘i at Hilo, USA

  Abstract

In the arms race between attackers and defenders, the significance of proactive security measures was evident. The implementation of well-considered countermeasures, which may encompass stringent access controls, regular system updates, intrusion detection systems, and behavioral analysis, emerged as vital strategies to thwart the ever-evolving landscape of APTs. Application Shimming is a tool in the Windows Application Compatibility framework that lets programs work on versions of the operating system they weren't originally made for. Due to this architecture, most programs that previously operated on Windows XP can now operate on Windows 10. Shimming takes parts from a Windows Application Compatibility database after parsing it. Shims, which were created for malware investigators, examine any entry that might have been exploited to compromise a Windows system. This research presents a framework that can compromise the target operating system along with the proposed mitigation techniques.

  Keywords

APT, Application Shimming, Persistence Attack, Exploit Windows, OS Pen Testing.