LOLBAS icon indicating copy to clipboard operation
LOLBAS copied to clipboard

Published 20 hours ago verified publisher icon LOLBAS-Project

Create fsutil.yml

Open ElliotKillick opened this issue 2 years ago • 2 comments

New lolbin for zeroing out a file: fsutil.exe

9999999999 bytes is the upper limit it will zero out to, if a file is shorter than that it will not increase it to that size.

ElliotKillick avatar Aug 17 '21 00:08 ElliotKillick

Note2self: This requires a new category to the portal

api0cradle avatar Oct 22 '21 14:10 api0cradle

We are going to add a new function called 'tamper' for this use case.

Additionally, fsutil can be used to delete the usn journal volume to hide file creation activity (e.g. cover tracks)

fsutil.exe usn deletejournal /d c:

ref: https://www.elastic.co/guide/en/siem/guide/current/delete-volume-usn-journal-with-fsutil.html

bohops avatar Nov 06 '21 03:11 bohops

@elliotkillick, Thank you for your contribution to the LOLBas!

xenoscr avatar Sep 17 '22 12:09 xenoscr