delete-self-poc Logo

delete-self-poc

0
Free
600
06 Aug 2025
10 September 2025
Visit Website

The delete-self-poc is a demonstration of a method to delete a locked executable or currently running file from disk. This concept was initially discovered by Jonas Lykkegaard, and I have created the proof of concept (POC) for it. Additionally, it can be used to delete locked files on disk, provided that the current calling process has the necessary permissions to access and delete them. How does this work, though - in this POC? - Open a HANDLE to the current running process with DELETE access. Note that only DELETE access is required. - Use the SetFileInformationByHandle function to rename the primary file stream, :$DATA, to :wtfbbq. - Close the HANDLE. - Open a HANDLE to the current process and set the DeleteFile flag of the FileDispositionInfo class to TRUE. - Close the HANDLE to trigger the file disposition. Voila! The file is now gone. Releases: I have included a statically linked release within this repository, if you can't be bothered compiling the original source code.

FEATURES

EXPLORE BY TAGS

SIMILAR TOOLS

A tool for securely backing up and versioning production secrets or shared passwords

Steganographic Swiss army knife for encoding and decoding data into images.

Themis is an open-source cryptographic services library that provides high-level encryption and data protection capabilities for securing data during authentication, storage, messaging, and network exchange.

A steganographic file system in userspace for plausible deniability of files.

Steganography brute-force utility with performance issues, deprecated in favor of stegseek.

Red October is a TLS-based encryption server that implements two-man rule authorization, requiring multiple users to collaborate for cryptographic operations.

Audio file steganography tool

BleachBit is an open-source system cleaning utility that removes temporary files and system artifacts to free disk space and protect user privacy.

A tool for creating encrypted volumes with self-destruction capabilities that automatically destroy data when tampering is detected or commands are issued.

PINNED

RoboShadow Logo

A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.

Vulnerability Management
Proton Pass Logo

Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.

Data Protection
NordVPN Logo

NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.

Network Security
Mandos Logo

Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Consulting
CybersecTools logoCybersecTools

Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.

Operated by:

Mandos Cyber • KVK: 97994448

Netherlands • contact@mandos.io

VAT: NL005301434B12

Copyright © 2025 - All rights reserved