Potential Persistence Via Shim Database ModificationJan 11, 2023 · attack.persistence attack.t1546.011 ·
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by application shims. The Microsoft Windows Application Compatibility Infrastructure/Framework (Application Shim) was created to allow for backward compatibility of software as the operating system codebase changes over time
Possible Shim Database Persistence via sdbinst.exeOct 9, 2022 · attack.persistence attack.privilege_escalation attack.t1546.011 ·
Detects installation of a new shim using sdbinst.exe. A shim can be used to load malicious DLLs into applications.