delete-self-poc Logo

delete-self-poc

0
Free
Visit Website

The delete-self-poc is a demonstration of a method to delete a locked executable or currently running file from disk. This concept was initially discovered by Jonas Lykkegaard, and I have created the proof of concept (POC) for it. Additionally, it can be used to delete locked files on disk, provided that the current calling process has the necessary permissions to access and delete them. How does this work, though - in this POC? - Open a HANDLE to the current running process with DELETE access. Note that only DELETE access is required. - Use the SetFileInformationByHandle function to rename the primary file stream, :$DATA, to :wtfbbq. - Close the HANDLE. - Open a HANDLE to the current process and set the DeleteFile flag of the FileDispositionInfo class to TRUE. - Close the HANDLE to trigger the file disposition. Voila! The file is now gone. Releases: I have included a statically linked release within this repository, if you can't be bothered compiling the original source code.

FEATURES

ALTERNATIVES

A command line tool for transparently hiding files within images using LSB steganography.

BleachBit cleans files to free disk space and maintain privacy with various options and command line interface support.

A project focusing on deconstructing and utilizing data for security using Python modules like IPython, Pandas, and Scikit Learn.

A machine learning-based approach to detect and prevent data breaches using natural language processing and machine learning algorithms.

Microsoft Azure service for safeguarding cryptographic keys and secrets.

A library for generating random numbers and strings of various strengths, useful in security contexts.

A portable public domain password hashing framework for PHP applications.

Tang is a server for binding data to network presence, providing an easy and secure alternative to key escrow.

PINNED