In this video, Lisa Bock explain hidden NTFS data stream. Explore how data streams can be used to hide files behind another file on a NTFS data system, a tool used by black-hat hackers. Lisa will walk through the steps to hide a text file in a data stream of another text file, to further expose the dangers of hidden streams.
- [Voiceover] NTFS Alternate Data Streams were originally designed to provide compatibility with non-Windows file systems, but Alternate Data Streaming can also be used to allow data to be stored in hidden files that are linked to a regular visible file. The streams are not limited in size and there can be more than one stream linked to the visible file. This allows an attacker to hide their tools and data on a compromised system and retrieve them later. I'll do a little example to show you how this works.
I'm at the command line, and I'm going to go to the desktop. From there, I'll type notepad temp.txt. In it, I'll type a small amount of text and then I'll save it. Now at the command line, I'll type dir temp, and I'll note the size. We see it's 13 bytes. Now we'll go back in and use the Alternate Data Streaming. Now this creates a second file that is attached as a hidden data stream to temp.txt.
We'll go back in and take a look at temp.txt, and as we can see, it's exactly the same size, even though we did add several characters. Out on the desktop, I see temp. Let's minimize the command line and open up temp. We don't see any secret text in there, so let's go get it. All right, type dir /r, and now we can actually see that file in there with the hidden data.
So at the command prompt, I'll type more, space, less than, tmp.txt, colon, secret.txt. And there we can see the secret message and which is your hidden data. So hopefully now you can see why understanding hidden streams is critical to system security.
These tutorials, along with the other courses featured in the Ethical Hacking series, will prepare students to pass the Certified Ethical Hacker exam and start a career in this in-demand field. Find out more about the exam at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Acquiring passwords
- Generating rainbow tables
- Understanding where passwords are stored
- Defending against privilege escalation
- Understanding spyware
- Protecting against keylogging
- Detecting steganography
- How hackers cover their tracks