This repository contains a basic PoC used to explore Windows Shell Namespace Extensions as a mechanism for execution and persistence.
The repository contains a Visual Studio solution that contains two projects:
- NsExPersist: The code for the namespace extension itself (which will be built as a DLL)
- NsExPersistReg: The code for an executable that registers the extension
The writeup can be found here: Persistence using Shell Namespace Extensions
Build the solution, and you should end up with a DLL and an EXE.
C:\SomeFolder\NsExPersist\x64\Release\NsExPersistReg.exe <Path to extension DLL>|/u
Using the /u flag removes the reg keys.