| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3FE87C1D.7040807@brvenik.com> From: security at brvenik.com (Jason) Subject: Removing ShKit Root Kit > > Actually, deleting the host file deletes all associated data streams. > If a file of the same name is created on the system, the ADS' will not > remain: > > \> echo this is a test > notepad.txt > \> echo testing again > notepad.txt:ads > \> more < notepad.txt > this is a test > \> more < notepad.txt:ads > testing again > \> del notepad.txt > \> more < notepad.txt:ads > The system cannot find the file specified. > \> touch notepad.txt > \> more < notepad.txt:ads > The system cannot find the file specified. > > Just my two cents; carry on. > I seem to recall an ADS being handled slightly differently and as a result was more prone to remain even after a delete of the host file, it was a matter of locating it. my thoughts were more along the lines of can the original file, even partially overwritten, be recovered with the ADS intact? will clobbering the original file leave the ADS intact.
Powered by blists - more mailing lists