DiskShadow Logo

DiskShadow

0
Free
Visit Website

DiskShadow.exe is a tool that exposes the functionality offered by the Volume Shadow Copy Service (VSS). By default, DiskShadow uses an interactive command interpreter similar to that of DiskRaid or DiskPart. DiskShadow also includes a scriptable mode. DiskShadow is included in Windows Server 2008, Windows Server 2012, and Windows Server 2019. It allows for the creation, enumeration, and manipulation of volume shadow copies. DiskShadow also includes features for persistence and evasion, making it a useful tool for offensive security operations. IOCs for defensive considerations include the creation of suspicious volume shadow copies and the use of DiskShadow for malicious purposes. In this post, we will discuss DiskShadow, present relevant features and capabilities for offensive opportunities, and highlight IOCs for defensive considerations.

FEATURES

ALTERNATIVES

A post-exploitation framework for attacking running AWS infrastructure

Modern, asynchronous, multiplayer & multiserver C2/post-exploitation framework with Python 3 and .NETs DLR.

A comprehensive malware-analysis tool that utilizes external AV scanners to identify malicious elements in binary files.

A cheat sheet providing examples of creating reverse shells for penetration testing.

Modlishka is a reverse proxy tool for intercepting and manipulating HTTP traffic, ideal for penetration testers, security researchers, and developers to analyze and test web applications.

A powerful enumeration tool for discovering assets and subdomains.

Ultimate Internet of Things/Industrial Control Systems reconnaissance tool powered by Shodan.

Collection of Return-Oriented Programming challenges for practicing exploitation skills.