Windows ShadowMove Socket Duplication

Description

The tool (/POC) is a simple programming exercise in order to replicate the socket duplication technique explained in ShadowMove: A Stealthy Lateral Movement Strategy.

My purpose for this tool was to trigger events that can be monitored / logged and later used for endpoint detection.