From 1d57ef77e07edfc0b7c776cf41272eebdf225869 Mon Sep 17 00:00:00 2001
From: caseysmithrc <30840394+caseysmithrc@users.noreply.github.com>
Date: Thu, 7 Dec 2017 09:03:07 -0700
Subject: [PATCH] Fix Shim References

---
 .../{AtomicShimWin7.sdb => AtomicShimx86.sdb}       | Bin
 Windows/Persistence/Application_Shimming.md         |   8 ++++++--
 2 files changed, 6 insertions(+), 2 deletions(-)
 rename Windows/Payloads/AppCompatShims/{AtomicShimWin7.sdb => AtomicShimx86.sdb} (100%)

diff --git a/Windows/Payloads/AppCompatShims/AtomicShimWin7.sdb b/Windows/Payloads/AppCompatShims/AtomicShimx86.sdb
similarity index 100%
rename from Windows/Payloads/AppCompatShims/AtomicShimWin7.sdb
rename to Windows/Payloads/AppCompatShims/AtomicShimx86.sdb
diff --git a/Windows/Persistence/Application_Shimming.md b/Windows/Persistence/Application_Shimming.md
index a63d49db..193e9cb8 100644
--- a/Windows/Persistence/Application_Shimming.md
+++ b/Windows/Persistence/Application_Shimming.md
@@ -11,7 +11,11 @@ MITRE ATT&CK Technique: [T1138](https://attack.mitre.org/wiki/Technique/T1138)
 ##### 3.) Registry Modification - This is completed either manually or by an installation tool.
 
     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
-    
+
     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
-    
+
 #### Detecting the shim execution is difficult. We suggest detection of Shim Installation.
+
+## Test Script
+
+[AppInitInject.reg](https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/Payloads/AppCompatShims)