Vshadow (vshadow.exe) is a command line utility for managing volume shadow copies included within the Windows SDK and signed by Microsoft. It allows for executing scripts and invoking commands in support of volume shadow snapshot management, which can be abused for privileged-level evasion, persistence, and file extraction. The tool supports the -exec parameter for executing binaries or scripts without command arguments.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.
Stegextract is a Bash script that extracts hidden files and strings from images, supporting PNG, JPG, and GIF formats.
A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.
A library to access the Extensible Storage Engine (ESE) Database File (EDB) format used in various Windows applications.
A library and set of tools for accessing and analyzing storage media devices and partitions for forensic analysis and investigation.
TestDisk is a free data recovery software that can recover lost partitions and undelete files from various file systems.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
A library to access the Windows New Technology File System (NTFS) format with read-only support for NTFS versions 3.0 and 3.1.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.