GET /api/techniques/116/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept
{
"id": 116,
"key": "injection-using-shims",
"unprotect_id": "U1218, E1055.m03",
"name": "Injection using Shims",
"description": "Microsoft provides Shims to developers mainly for backward compatibility. Shims allow developers to apply fixes to their programs without the need of rewriting code. By leveraging shims, developers can tell the operating system how to handle their application. Shims are essentially a way of hooking into APIs and targeting specific executables. Malware can take advantage of shims to target an executable for both persistence and injection. Windows runs the Shim Engine when it loads a binary to check for shimming databases in order to apply the appropriate fixes.",
"resources": "https://www.andreafortuna.org/2018/11/12/process-injection-and-persistence-using-application-shimming/\nhttps://www.blackhat.com/docs/eu-15/materials/eu-15-Pierce-Defending-Against-Malicious-Application-Compatibility-Shims-wp.pdf",
"creation_date": "2019-03-23T17:27:38Z",
"tags": "shims",
"modification_date": "2023-10-04T10:44:28.934000Z",
"category": [
4
],
"rules": [],
"attachments": [],
"featured_api": [
7,
381,
425
],
"contributors": []
}
