ISC StormCast for Sunday, April 15th 2012 http://isc.sans.edu/podcastdetail.html?id=2467
Handler on Duty: Johannes Ullrich
Threat Level: green
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Jul 14th - Jul 19th 2025 |
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Jul 14th - Jul 19th 2025 |
×
Diary Archives
Comments
md Foo
echo foobar > Foo:altstream
sort < Foo:altstream
rd Foo
sort < Foo:altstream
Thus, one can hide arbitrary data in a directory (not in a file in a directory, but in the directory itself effectively). As in echo foobar > C:\WINDOWS:altstream.
Of course, the SysInternals streams.exe will find it, but it's still kind of cool. Personally, I've actually found streams to be useful before in scenarios where I need to record meta-data about a file in the file itself (for instance, in a generated PDF file to record what config was used to generate the PDF file so I know whether it needs to be regenerated or not).
Anonymous
Apr 18th 2012
1 decade ago
Anonymous
Apr 18th 2012
1 decade ago