Which technique can be used by attackers to escalate privileges, install backdoors, and disable Windows Defender by manipulating application behavior?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which technique can be used by attackers to escalate privileges, install backdoors, and disable Windows Defender by manipulating application behavior?

Explanation:
Application Shimming uses the Windows Application Compatibility framework to alter how a specific program runs at runtime. It works by applying a shim database that can intercept or replace certain Windows API calls made by the target application. Because of this, an attacker can steer the program to execute code they added, bypass privilege checks, or load a malicious DLL within a trusted process, effectively escalating privileges, installing a backdoor, or disabling security features like Windows Defender without changing the program’s binary itself. This makes it the best fit for the scenario because it focuses on modifying the behavior of a legitimate application to achieve stealthy, high-impact outcomes. The other options don’t capture this specific capability: path interception is about redirecting where files are loaded from, pivoting is lateral movement across systems, and a general reference to shims lacks the runtime behavior manipulation tied to a single application.

Application Shimming uses the Windows Application Compatibility framework to alter how a specific program runs at runtime. It works by applying a shim database that can intercept or replace certain Windows API calls made by the target application. Because of this, an attacker can steer the program to execute code they added, bypass privilege checks, or load a malicious DLL within a trusted process, effectively escalating privileges, installing a backdoor, or disabling security features like Windows Defender without changing the program’s binary itself.

This makes it the best fit for the scenario because it focuses on modifying the behavior of a legitimate application to achieve stealthy, high-impact outcomes. The other options don’t capture this specific capability: path interception is about redirecting where files are loaded from, pivoting is lateral movement across systems, and a general reference to shims lacks the runtime behavior manipulation tied to a single application.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy