Vshadow: Abusing the Volume Shadow Service for Evasion, Persistence, and Active Directory Database Extraction

[Source: blog.microsoft.com] What is Vshadow? Vshadow (vshadow.exe) is a command line utility for managing volume shadow copies.  This tool is included within the Windows SDK and is signed by Microsoft (more on this later). Vshadow has a lot of functionality, including the ability to execute scripts and invoke commands in support of volume shadow snapshot … Continue reading Vshadow: Abusing the Volume Shadow Service for Evasion, Persistence, and Active Directory Database Extraction