Sticky Keys
Sticky keys backdoor.
Replace the originali sethc.exe with a cmd.exe and rename it. You may need to change sethc.exe owner to yourself first as TrustedIntaller may be giving you a hard time:


Hit shift 5 times while on the logon screen to invoke the backdoor:

If you notice sethc.exe spawning well known windows processes, you may want to investigate the endpoint further:

Last modified 4yr ago