There are many shims that can be abused by attackers for malicious purposes. In this section, I will walk you through the process of creating a shim for injecting a DLL into a target process; this will help you understand how easy it is for an attacker to create a shim and abuse this feature. In this case, we will create a shim for notepad.exe and make it load a DLL of our choice. Creating a shim for an application can be broken down into four steps:
- Choosing the application to shim.
- Creating the shim database for the application.
- Saving the database (.sdb file).
- Installing the database.
To create and install a shim, you need to have administrator rights. You can perform all of the preceding steps by using a tool provided ...