Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Defending Against Malicious Application Compatibility Shims

Black Hat via YouTube

Overview

Explore the often-overlooked Application Compatibility Toolkit (ACT) and its potential for both malicious exploitation and robust defense in this comprehensive Black Hat conference talk. Delve into the creation of Shim Database Files (sdb files) and their ability to intercept API calls, alter PE file loading, and subvert key system processes. Discover how sophisticated actors leverage the Application Compatibility Framework for advanced persistence and privilege escalation. Learn about advanced techniques such as in-memory patching, malware obfuscation, evasion, and system integrity subversion using malicious shims. Gain valuable insights into defensive strategies, including the use of publicly available tools for detection, prevention, and quick triage analysis of sdb files. Equip yourself with knowledge to protect enterprise environments, individual hosts, and applications against these stealthy and flexible attack vectors.

Syllabus

Defending Against Malicious Application Compatibility Shims

Taught by

Black Hat

Reviews

Start your review of Defending Against Malicious Application Compatibility Shims

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.