Awesome
SharpSelfDelete
C# implementation of the research by @jonaslyk and the drafted PoC from @LloydLabs
Why?
Well, for fun I guess, and to add another module for Inceptor.
How do I run this?
- Clone the project
- Load the .csproj in VS2019 or similar
- Build the project
- Run the SharpSelfDelete.exe
Ok, How do I use it, for real?
Well, I guess the best way to use it is to take the code, and adapt it to an existing implant. There is no recommended way to do it, as long as it works.
Thanks
Huge thanks to EthicalChaos for helping me out with a Marshalling issue.
Credit
The original research was done by Jonas Lyk, the screenshot showing the technique can be found here
The first PoC in C was created by @LloydLabs: delete-self-poc
A while ago, Espresso Cake created a BOF version, available at Self_deletion_BOF.
Any known downsides?
- This is just a PoC using P/Invoke, so the known downsides are the same of any implant using P/Invoke to invoke Windows APIs.