What are the three implementation methods for exploiting IFileOperation described in the article?

The three methods are: (1) DLL injection into explorer.exe, where a DLL calls IFileOperation to copy files; (2) modifying the PEB structure to impersonate a trusted process like explorer.exe, thereby deceiving the PSAPI; (3) directly calling IFileOperation from a trusted file like powershell.exe. Each method avoids UAC prompts by masquerading as or using a trusted process. For more on UAC bypass techniques, see Study Notes of using sdclt.exe to bypass UAC.