New research has found that the DOS-to-NT path conversion process could be exploited by threat actors to achieve rootkit-like capabilities to conceal and impersonate files, directories, and processes.
« When a user executes a function that has a path argument in Windows, the DOS path at which the file or folder exists is converted to an NT path, » SafeBreach security researcher Or Yair said&