From the course: Ethical Hacking: Evading IDS, Firewalls, and Honeypots
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Embedding malware in an alternate data stream
From the course: Ethical Hacking: Evading IDS, Firewalls, and Honeypots
Embedding malware in an alternate data stream
- [Instructor] A novel way of hiding files on disc is to use what's known as an alternate data stream. Originally, files were simply strings of bytes which could be read byte by bytes by applications. That's no longer the case. In NTFS, a file is a complex structure. NTFS files contain at a minimum a section called $DATA, which is where the data read by an application resides. This is the data stream. However, a file may have many other sections, each with its own name, and each of which can hold information. These are called alternate data streams. Importantly, Windows only recognizes the $DATA section, so data in any alternate data stream is hidden. I've created a text file called ode.txt and we can see the poetic contents. Let's check its size. And we can see it's 180 bytes long. I'll create another file called adsfile.txt and this is my secret message to Akhtar where no one can find it. Now I'll insert that into a…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
-
-
Evading antivirus detection1m 24s
-
Exotic scanning with Nmap4m 36s
-
Obfuscating payloads with msfvenom2m 9s
-
Hiding payloads in benign files4m 34s
-
Custom packaging of software1m 2s
-
Fileless attacks with PowerShell4m 38s
-
Hiding with the cloak of invisibility1m 42s
-
Embedding malware in an alternate data stream4m 6s
-
Tunneling through DNS with iodine2m 44s
-
Checking for oversight1m 21s
-
-