Self delete using Alternate Data Stream

Author: Whitecat18

Self-Deletion-Techniques/Alternate_Data_Stream/Cargo.toml

@@ -0,0 +1,9 @@
+[package]
+name = "Alternate_Data_Stream"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+winapi = {version = "0.3.9", features = ["fileapi","handleapi", "heapapi","minwinbase","winbase","winnt"] }
+
+

Self-Deletion-Techniques/Alternate_Data_Stream/README.md

@@ -0,0 +1,22 @@
+## Self Deletion Using Alternate Data Stream
+
+The code creates an alternate data stream, which isn't visible in typical file listings, and uses this to manipulate the file in a way that allows for self-deletion. 
+
+By renaming the file's alternate data stream, it essentially prepares the file for an operation that can be performed on itself without directly needing admin permissions for file deletion.
+
+The actual deletion occurs when the file handle is closed after marking the file for deletion, which is a Windows feature where marking a file for deletion and then closing the last handle to it results in the file being deleted.
+
+## Usage
+
+```
+cargo build --release
+
+./target/release/Alternate_Data_Stream.exe
+```
+
+## References and Credits
+
+* https://maxkersten.nl/binary-analysis-course/malware-snippets/self-deletion/
+* https://github.com/joaoviictorti/RustRedOps/blob/main/Self_Deletion/src/main.rs
+
+By [@5mukx](https://x.com/5mukx)