delete-self-poc
The delete-self-poc is a demonstration of a method to delete a locked executable or currently running file from disk. This concept was initially discovered by Jonas Lykkegaard, and I have created the proof of concept (POC) for it. Additionally, it can be used to delete locked files on disk, provided that the current calling process has the necessary permissions to access and delete them. How does this work, though - in this POC? - Open a HANDLE to the current running process with DELETE access. Note that only DELETE access is required. - Use the SetFileInformationByHandle function to rename the primary file stream, :$DATA, to :wtfbbq. - Close the HANDLE. - Open a HANDLE to the current process and set the DeleteFile flag of the FileDispositionInfo class to TRUE. - Close the HANDLE to trigger the file disposition. Voila! The file is now gone. Releases: I have included a statically linked release within this repository, if you can't be bothered compiling the original source code.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A security solution that monitors, detects, and responds to insider threats by providing visibility into user activities across endpoints, email, and cloud to prevent data loss from careless, compromised, or malicious insiders.
Zui is a desktop app for exploring and working with data, powered by Zed's 'Super-Structured Data' approach.
Hide data in images while maintaining perceptual similarity and extract it from printed and photographed images.
A PHP 5.x polyfill for random_bytes() and random_int() created by Paragon Initiative Enterprises.
A portable public domain password hashing framework for PHP applications.
StegCloak is a JavaScript steganography module for hiding secrets inside text using invisible characters.
A library for generating random numbers and strings of various strengths, useful in security contexts.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.