Skip to content

AgeloVito/self_delete_bof

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

dist

dist

 
 

src

src

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

self_delete.cna

self_delete.cna

 
 

Repository files navigation

self_delete_bof

BOF implementation of delete self poc that delete a locked executable or a currently running file from disk by its pid, path, or the current process.

Build

git clone https://github.com/AgeloVito/self_delete_bof.git
make

And load self_delete.cna

Usage

beacon> help self_delete
Use: self_delete [pid|path]
e.g: self_delete
     self_delete 7956
     self_delete /path/file.exe

self_delete

image

self_delete by path

image

self_delete by pid

image

Issues

x86 process without manifest

image

Refences

https://stackoverflow.com/questions/71834608/

https://github.com/LloydLabs/delete-self-poc

https://github.com/LloydLabs/delete-self-poc/pull/4/files

About

BOF implementation of delete self poc that delete a locked executable or a currently running file from disk by its pid, path, or the current process.

Topics

delete-self-poc delete-self-poc-bof

Resources

Readme
Activity

Stars

62 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages