| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: henri123 at netzero.net (Henri123-Netzero) Subject: FW: [inbox] Re: Windows covert channel If you need to get to the data in an ADS, there are several utilities that will notify you and/or copy out the Alternate Data Stream from the file. Just to name a few, Mares has one called copy_ads; Heysoft has one called lads; and another one called streams.exe is out there as well. To add to Curt's comment earlier, I believe Silkrope was one of the tools you referred to that allows exe packing. Henri -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Maynard, David C Sent: Monday, October 20, 2003 12:47 PM To: full-disclosure@...ts.netsys.com Subject: RE: [inbox] Re: [Full-Disclosure] Windows covert channel I believe you are refering to editing a file and saving with a :hidden Say you have a file test 4k you can open the that file with lets say test:hidden and add as much info as you want and the orignial file size never changes and test:hidden it not listed in file system but is treated as a seprate file when edited. You have to know the hidden info is attached to the test file to detect the info. -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Curt Purdy Sent: Monday, October 20, 2003 9:49 AM To: 'jazper'; full-disclosure@...ts.netsys.com Subject: RE: [inbox] Re: [Full-Disclosure] Windows covert channel > You are probably thinking of ADS(Alternate Data Streams). > > jazper > > > > I seem to remember in the dim reaches of my memory a covert > channel in > > the Windows file system where you could paste one file at > the end of > > another without it being detectible when you edited the > orginal file. It may be that he is referring to an exe packer as used to attach a trojan to a legitimate exe aka whackamole. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists