DiskShadow Logo

DiskShadow

0
Free
Visit Website

DiskShadow.exe is a tool that exposes the functionality offered by the Volume Shadow Copy Service (VSS). By default, DiskShadow uses an interactive command interpreter similar to that of DiskRaid or DiskPart. DiskShadow also includes a scriptable mode. DiskShadow is included in Windows Server 2008, Windows Server 2012, and Windows Server 2019. It allows for the creation, enumeration, and manipulation of volume shadow copies. DiskShadow also includes features for persistence and evasion, making it a useful tool for offensive security operations. IOCs for defensive considerations include the creation of suspicious volume shadow copies and the use of DiskShadow for malicious purposes. In this post, we will discuss DiskShadow, present relevant features and capabilities for offensive opportunities, and highlight IOCs for defensive considerations.

FEATURES

ALTERNATIVES

A PowerShell toolkit for attacking Azure environments

A DNS rebinding exploitation framework

A list of useful payloads and bypasses for Web Application Security.

A modular and script-friendly multithread bruteforcer for managing task parameters in Python scripts.

A tool for detecting and exploiting Server-Side Template Injection (SSTI) vulnerabilities

A cross-platform tool for creating malicious MS Office documents with hidden VBA macros and anti-analysis features.

A front-end JavaScript toolkit for creating DNS rebinding attacks

Utilizing Alternate Data Streams (ADS) to bypass AppLocker default policies by loading DLL/CPL binaries.

PINNED