Application shimming is a powerful feature that allows for software backward compatibility across different versions of Windows OS. Adversaries manipulate this feature to bypass User Account Control, disable Data Execution Prevention, and more. Get the skills to detect this behavior and prevent adversaries from setting up shop in your organization.
Backward compatibility across different operating system versions has enabled the market to get necessary upgrades accomplished without sacrificing functionality. It’s not difficult to imagine how many more endpoints could be running Windows XP if this feature didn’t exist. However, any feature that is present on massive numbers of endpoints at the core of the operating system is likely to be a strong target for adversary actions. This is exactly where we find Application Shimming today.
Get the hands-on skills you need to detect and mitigate this attack in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by financially motivated threat group FIN7. Prevent adversaries from accomplishing the tactics of Privilege Escalation and Persistence in your environment now.
Complete this entire course to earn a Application Shimming Certificate of Completion