Home > Favorite Hacks, Interesting, Scripting, Security > Hiding Files and Information With NTFS Alternate Data Streams

Hiding Files and Information With NTFS Alternate Data Streams

Why?
Nothing new, NTFS alternate data streams is hidden information was originally created back in the NT days to be compatible with the NFS file system. Alternate data streams are ways to attach hidden information or even entire files onto existing files. The best part is that it doesnt make the orginal file any larger so it can’t be easily detected.

How?
Attaching information from a command prompt. This should open a new notepad where you can type information and store it in its own hidden file.
C:\> notepad secrets.txt:wireless.txt

Reading the information
C:\> more < secrets.txt:wireless.txt
ThisIsMySecretTextThatIStoredInTheHiddenFile

More:
Symantec has a great article demonstrating how attackers can take advantage of alternate data streams to attack a computer and store malicious files. Please note that this article should be considered for the more advanced readers in the security field.
http://www.symantec.com/connect/articles/windows-ntfs-alternate-data-streams

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: