Re: How to hide a file ?

["J. J. Horner" <jhorner () 2jnetworks com>]

* H C (keydet89 () yahoo com) [020108 13:08]:
> Udi,
>
> There are many ways to go about this, beleive it or
> not.  The question really becomes...who am I hiding
> this file from?  
>
> I won't go into a lot of detail now...I don't want to
> steal my own thunder, ie, my BlackHat presentation in
> Feb...but Jose pointed out NTFS alternate data
> streams.  You can hide data or even executables in ADS
> and run them directly from the ADS itself.  
>
> But again, the question is...who are you hiding the
> data from?  Hiding from a user or a (perhaps less than
> knowledgeable) admin is pretty easy, w/o using the
> hidden DOS attribute.  How about hiding it from a
> forensics analyst?  Alternate data streams won't work
> for this, and will only highlight your intentions. 
> But there are ways to go about this...so stay tuned.  

For those of us on tight gubment subcontractor training
budgets making us unable to attend a conference of any kind,
can you give us a preview or tell us where it will be 
online after BlackHat?

Thanks,
JJ

-- 
J. J. Horner
"H*","6a686f726e657240326a6e6574776f726b732e636f6d"
***************************************************
"H*","6a6a686f726e65724062656c6c736f7574682e6e6574"

Freedom is an all-or-nothing proposition:  either we 
are completely free, or we are subjects of a
tyrannical system.  If we lose one freedom in a
thousand, we become completely subjugated.

Attachment: _bin
Description: