Tools to remove files, usually dealing with log wiping or secure deletion


Invoke-ReflectivePEInjection is a PowerShell script which can reflectively load and execute a windows PE file such as an EXE or DLL inside the PowerShell process on a remote computer without writing to disk. This is accomplished by (partially) rewriting the Win32 functionality which loads EXEs/DLLs in PowerShell.

The script allows a penetration tester to:

Execute EXEs/DLLs on remote computers without writing to disk (detection is extremely difficult)
Execute existing tools inside the PowerShell process (potentially bypassing application whitelisting)
Hide reflectively loaded EXEs/DLLs from tools such as ListDLL's which lists all loaded DLL's
Bypass antivirus by never writing anything to disk, everything happens in memory using PowerShell remoting

A beta version of the script is currently available for download on Github at: The final version will be a part of PowerSploit (and hopefully synced in to Kali linux).


Displays information about and performs functions to manipulate audit policies. Auditpol is used on windows to set, clear, change, and manipulate certain audit polices. This tool is useful for clearing failed security logins, turning off auditing and logging to cover tracks, and many other useful actions.

TCP Killer

TCPkiller is a CLI network utility tool for windows helps you kill specified in-progress TCP connections and primarily designed for network administrators.

Windows Credential Editor

Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes and Kerberos tickets). This can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used to perform further attacks, obtain Kerberos tickets and reuse them in other Windows or Unix systems. Also dumps passwords in plain-text without the need to crack the hashes. Supports Windows XP, 2003, Vista, 7 and 2008.


Eraser is an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 98, ME, NT, 2000, XP, Vista, Windows Server 2003 and Server 2008.
Eraser is Free software and its source code is released under GNU General Public License.


Short for Darik's Boot and Nuke, is a good utility for securely erasing contents of hard disk.
It uses encryption and re-writing over drives multiple times for a fairly secure deletion which makes it very difficult if not impossible to recover using forensics.

Syndicate content