Microsoft provides Shims to developers mainly for backward compatibility, but malware can take advantage of shims to target an executable for both persistence and injection.
Some months ago i’ve got GCFA certification. During exam preparation i’ve collected a lot of notes, and after the exam i’ve gradually organized them in a index based on topics emerged during the exam, usual using my few freetime.
Rootkits are tools and techniques used to hide malicious modules from being noticed by system monitoring.
There are commercial tools that provides access to the Volume Shadow Copies within a forensic image, but how can access this source of data using only free tools?
Injecting code into other process memory is not only limited to shellcodes or DLLs. PE Injection technique enables to inject and run a complete executable module inside another process memory.