Volume 15, Number 6

Unveiling Advanced Persistence Techniques Through Application Shimming and Countermeasures


Akashdeep Bhardwaj1, Naresh Kumar2 and Shawon S. M. Rahman3, 1University of Petroleum and Energy Studies, India, 2University of Nizwa, Oman, 3University of Hawai‘i at Hilo, USA


In the arms race between attackers and defenders, the significance of proactive security measures was evident. The implementation of well-considered countermeasures, which may encompass stringent access controls, regular system updates, intrusion detection systems, and behavioral analysis, emerged as vital strategies to thwart the ever-evolving landscape of APTs. Application Shimming is a tool in the Windows Application Compatibility framework that lets programs work on versions of the operating system they weren't originally made for. Due to this architecture, most programs that previously operated on Windows XP can now operate on Windows 10. Shimming takes parts from a Windows Application Compatibility database after parsing it. Shims, which were created for malware investigators, examine any entry that might have been exploited to compromise a Windows system. This research presents a framework that can compromise the target operating system along with the proposed mitigation techniques.


APT, Application Shimming, Persistence Attack, Exploit Windows, OS Pen Testing.