What is BGInfo and how can it be abused to bypass application whitelisting?

BGInfo is a Sysinternals tool that displays system information on the desktop, but it also supports custom data sources like VBS scripts. By configuring a VBS script to launch `cmd.exe` and saving it as a `.bgi` file, an attacker can execute arbitrary commands even under application whitelisting restrictions. The bypass works by running `bginfo.exe vbs.bgi /timer:0 /nolicprompt /silent`, which triggers the script without user interaction. Note that this technique only works with BGInfo versions prior to 4.22, which patched the vulnerability. For more details, see Study Notes of using BGInfo to bypass Application Whitelisting.