DiskShadow Logo

DiskShadow

0
Free
Visit Website

DiskShadow.exe is a tool that exposes the functionality offered by the Volume Shadow Copy Service (VSS). By default, DiskShadow uses an interactive command interpreter similar to that of DiskRaid or DiskPart. DiskShadow also includes a scriptable mode. DiskShadow is included in Windows Server 2008, Windows Server 2012, and Windows Server 2019. It allows for the creation, enumeration, and manipulation of volume shadow copies. DiskShadow also includes features for persistence and evasion, making it a useful tool for offensive security operations. IOCs for defensive considerations include the creation of suspicious volume shadow copies and the use of DiskShadow for malicious purposes. In this post, we will discuss DiskShadow, present relevant features and capabilities for offensive opportunities, and highlight IOCs for defensive considerations.

FEATURES

ALTERNATIVES

Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr, ...

Pentest active directory LAB project for practicing attack techniques.

An open-source penetration testing framework for social engineering with custom attack vectors.

Python framework for building and utilizing interfaces to transfer data between frameworks with a focus on Command and Control frameworks.

Open-source project for building instrumented environments to simulate attacks and test detections.

SharpShares efficiently enumerates and maps network shares and resolves names within a domain.

Open source application for retrieving passwords stored on a local computer with support for various software and platforms.

GNU/Linux Wireless distribution for security testing with XFCE desktop environment.