delete-self-poc Logo

delete-self-poc

0
Free
Visit Website

The delete-self-poc is a demonstration of a method to delete a locked executable or currently running file from disk. This concept was initially discovered by Jonas Lykkegaard, and I have created the proof of concept (POC) for it. Additionally, it can be used to delete locked files on disk, provided that the current calling process has the necessary permissions to access and delete them. How does this work, though - in this POC? - Open a HANDLE to the current running process with DELETE access. Note that only DELETE access is required. - Use the SetFileInformationByHandle function to rename the primary file stream, :$DATA, to :wtfbbq. - Close the HANDLE. - Open a HANDLE to the current process and set the DeleteFile flag of the FileDispositionInfo class to TRUE. - Close the HANDLE to trigger the file disposition. Voila! The file is now gone. Releases: I have included a statically linked release within this repository, if you can't be bothered compiling the original source code.

FEATURES

ALTERNATIVES

A tool for breaking crypto and identifying weak cryptosystems, with a humorous name and a separate library called Cryptanalib.

A powerful tool for searching and scraping data from GitHub

Calculates RSA parameters and generates RSA private keys in DER or PEM format.

A data security platform that provides automated sensitive data discovery, access control, monitoring, and compliance capabilities for organizations managing data across multiple storage platforms.

Commercial

A utility tool for decrypting data from weak public keys and attempting to recover the corresponding private key, primarily for educational purposes.

A browser extension that helps you find and track sensitive data exposure across the web.

Zui is a desktop app for exploring and working with data, powered by Zed's 'Super-Structured Data' approach.

Microsoft Azure's dedicated HSM for secure key management and cryptographic operations.