International Journal of Computer Networks & Communications (IJCNC) Vol.15, No.6, November 2023 DOI:10.5121/ijcnc.2023.15604 77 UNVEILING ADVANCED PERSISTENCE TECHNIQUES THROUGH APPLICATION SHIMMING AND COUNTERMEASURES Akashdeep Bhardwaj 1 ,Naresh Kumar 2 , and Shawon S. M. Rahman 3 1 Professor of Cybersecurity & Digital Forensics, University of Petroleum and Energy Studies, Dehradun, India 2 Computer Science, DMPS,College of Arts and Sciences, University of Nizwa, Oman 3 Professor, Department of Computer Science, University of Hawai‘i at Hilo 200 W. Kawili St., Hilo, HI 96720, USA ABSTRACT In the arms race between attackers and defenders, the significance of proactive security measures was evident. The implementation of well-considered countermeasures, which may encompass stringent access controls, regular system updates, intrusion detection systems, and behavioral analysis, emerged as vital strategies to thwart the ever-evolving landscape of APTs. Application Shimming is a tool in the Windows Application Compatibility framework that lets programs work on versions of the operating system they weren't originally made for. Due to this architecture, most programs that previously operated on Windows XP can now operate on Windows 10. Shimming takes parts from a Windows Application Compatibility database after parsing it. Shims, which were created for malware investigators, examine any entry that might have been exploited to compromise a Windows system. This research presents a framework that can compromise the target operating system along with the proposed mitigation techniques. KEYWORDS APT, Application Shimming, Persistence Attack, Exploit Windows, OS Pen Testing. 1. INTRODUCTION A key characteristic that has been a part of Windows' core functionalities ever since Microsoft Windows' earliest versions is ‘Backward Compatibility’ [1]. This feature enables the use of software that was created in the past, such as when Windows XP was in use. However, since Windows 10 has been released, developers are concerned about whether Windows will still be able to run such older software. Here is where Backward Compatibility is useful. It enables software that wasn't created for the Windows OS to operate on that OS. Along with performance, stability, and manageability, one of the essential foundations of the development of Microsoft Windows operating systems is application experience and compatibility. Microsoft ensures broad software compatibility, integrating compatibility into the engineering and release process to save deployment costs and speed uptake. One such potent technological solution is the Microsoft Windows Application Compatibility Infrastructure (Shim Infrastructure) [2]. Application Shims were developed to enable backward compatibility, ensuring that programs continued to operate correctly even after modifications to Windows and its APIs [3]. These Shims give programmers the ability to repair apps that were made for earlier Windows versions and guarantee that they will function with the most recent Windows version without having to rewrite the code.