persistence_demos
Demos for the presentation "Wicked malware persistence methods".
- com_hijack - loads a demo DLL via COM hijacking
- extension_hijack - hijacks extensions handlers in order to run a demo app while the file with the given extension is opened
- shim_persist - installs a shim that injects a demo DLL into explorer.exe
- restricted_directory - drops a PE into a restricted directory (that cannot be accessed or deleted), and launches it