C# implementation of the research by @jonaslyk and the drafted PoC from @LloydLabs
Well, for fun I guess, and to add another module for Inceptor.
- Clone the project
- Load the .csproj in VS2019 or similar
- Build the project
- Run the SharpSelfDelete.exe
Well, I guess the best way to use it is to take the code, and adapt it to an existing implant. There is no recommended way to do it, as long as it works.
Huge thanks to EthicalChaos for helping me out with a Marshalling issue.
The original research was done by Jonas Lyk, the screenshot showing the technique can be found here
The first PoC in C was created by @LloydLabs: delete-self-poc
A while ago, Espresso Cake created a BOF version, available at Self_deletion_BOF.
- This is just a PoC using P/Invoke, so the known downsides are the same of any implant using P/Invoke to invoke Windows APIs.