What is VBR persistence and how is it used to execute backdoors during Windows startup?

VBR (Volume Boot Record) persistence, as detailed in the Analysis of Windows Backdoor Exploitation Methods in CIA Vault7 RDB, involves hooking kernel code during the Windows startup process to load unsigned drivers. This technique, implemented by the tool Stolen Goods 2.0, is compatible with WinXP (x86) and Win7 (x86/x64) and was derived from the Carberp source code. It allows backdoors to execute before system defenses are fully active.