delete-self-poc Logo

delete-self-poc

A demonstration of a method to delete a locked executable or currently running file from disk.

600
Security Operations
Free
Visit website
0

delete-self-poc Description

The delete-self-poc is a demonstration of a method to delete a locked executable or currently running file from disk. This concept was initially discovered by Jonas Lykkegaard, and I have created the proof of concept (POC) for it. Additionally, it can be used to delete locked files on disk, provided that the current calling process has the necessary permissions to access and delete them. How does this work, though - in this POC? - Open a HANDLE to the current running process with DELETE access. Note that only DELETE access is required. - Use the SetFileInformationByHandle function to rename the primary file stream, :$DATA, to :wtfbbq. - Close the HANDLE. - Open a HANDLE to the current process and set the DeleteFile flag of the FileDispositionInfo class to TRUE. - Close the HANDLE to trigger the file disposition. Voila! The file is now gone. Releases: I have included a statically linked release within this repository, if you can't be bothered compiling the original source code.

FEATURED

Proton Pass Logo

Password manager with end-to-end encryption and identity protection features

NordVPN Logo

VPN service providing encrypted internet connections and privacy protection

Mandos Fractional CISO Services Logo

Fractional CISO services for B2B companies to accelerate sales and compliance

Stay Updated with Mandos Brief

Get the latest cybersecurity updates in your inbox

POPULAR

RoboShadow Logo

A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.

10
TestSavantAI Logo

Security platform that provides protection, monitoring and governance for enterprise generative AI applications and LLMs against various threats including prompt injection and data poisoning.

5
Cybersec Feeds Logo

A threat intelligence aggregation service that consolidates and summarizes security updates from multiple sources to provide comprehensive cybersecurity situational awareness.

5
Fabric Platform by BlackStork Logo

Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.

5
Mandos Brief Newsletter Logo

A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

5
View Popular Tools →