🔬Alternate Data Stream
Lab 1 (Extra)
🔬 Home Lab
I will use a Windows 10 Virtual Machine for this demonstration
Open a Command Prompt (
cmd
)
Check the Resource Stream (metadata) of the file
e.g.
- Download latest winPEASx64_ofs.exe (Antivirus may block the file), rename it to payload.exe
and move it to C:\Temp
directory
Using the
type
command, redirect the output into a new legitimate text file, passing in the actual executable into the text file resource stream.
windows_log.txt
file can be filled with legitimate logs data to make it as realistic as possibleStart the hidden executable
Open an elevated
cmd
and create a symbolic link
Run
wupdate.exe
to launch thewinpeas.exe
payload from the Resource stream of the windows_log.txt file
📌 Same as above procedure can be done with a malicious
msfvenom
payload.
Last updated