Maintaining access to a target system.
Using password filters to intercept logon credentials.
Logging Keystrokes with SetWindowHookEx.
Attempting to use binary signature policies and arbitrary code guard to bypass userland hooks.
Supplying arbitrary PPID values to CreateProcess.
Encoding Shellcode for use within malware.
Hiding IAT entries to evade detection.
Using Nim to write some simple tools.
Writing a process injection tool using direct system calls.
Creating a ClickOnce installer for Phishing campaigns.
Process Injection using NtCreateSection and NtMapViewOfSection.
Assuming other users identities by copying access tokens.