| description |
|---|
Sticky keys backdoor. |
Replace the originali sethc.exe with a cmd.exe and rename it. You may need to change sethc.exe owner to yourself first as TrustedIntaller may be giving you a hard time:
Hit shift 5 times while on the logon screen to invoke the backdoor:
.png)
If you notice sethc.exe spawning well known windows processes, you may want to investigate the endpoint further:
