Skip to content

Latest commit

 

History

History
29 lines (19 loc) · 1.29 KB

README.md

File metadata and controls

29 lines (19 loc) · 1.29 KB

SharpSelfDelete

C# implementation of the research by @jonaslyk and the drafted PoC from @LloydLabs

Why?

Well, for fun I guess, and to add another module for Inceptor.

How do I run this?

  1. Clone the project
  2. Load the .csproj in VS2019 or similar
  3. Build the project
  4. Run the SharpSelfDelete.exe

Ok, How do I use it, for real?

Well, I guess the best way to use it is to take the code, and adapt it to an existing implant. There is no recommended way to do it, as long as it works.

Thanks

Huge thanks to EthicalChaos for helping me out with a Marshalling issue.

Credit

The original research was done by Jonas Lyk, the screenshot showing the technique can be found here

The first PoC in C was created by @LloydLabs: delete-self-poc

A while ago, Espresso Cake created a BOF version, available at Self_deletion_BOF.

Any known downsides?

  • This is just a PoC using P/Invoke, so the known downsides are the same of any implant using P/Invoke to invoke Windows APIs.