ASP_Volume2 Security #41238

Find hidden "back streamed" files on NTFS partitions. This code is a must for sec consultants.

Name: Find hidden "back streamed" files on NTFS partitions. This code is a must for sec consultants.
Brand: Planet Source Code
SKU: PSC-41238
Availability: InStock
Rating: 4.8 (288 reviews)
Author: Israel B. Bentch

Israel B. Bentch

★★★★★

4.8 · Downloads: 2,341

With NTFS partitions, intruders can hide their toolkits behind a 'front file'. Explorer and DIR only show the front file and the size of the front file, leaving no clue as the hidden 'back streamed' files. This code finds them. You can back stream a file like this "copy MyTrojanProgram.exe SomeSystemFile.ini:MyTrojan.exe" SomSystemFile.ini will stay the same size and the backstreamed trojan will be almost undetectable.

AI Summary: This codebase represents a historical implementation of the logic described in the metadata. Our preservation engine analyzes the structure to provide context for modern developers.

Source Code

Upload

Original Comments (3)

Recovered from Wayback Machine