A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Hiding in the ShaDOS - Richard Cassara Converge 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

Hiding in the ShaDOS
Richard Cassara

Alternate Data Streams (ADS) are a feature in NTFS which are often seen as a liability in infosec circles. They have been used to obscure malware and rootkits, making it difficult to detect their presence. However, these same qualities that make ADS attractive to malware developers also makes ADS an interesting avenue for securing critical data. In this talk I'll demonstrate the initial release of ShaDOS, a PowerShell module that can create a secret file system inside of a Windows installation. This can both keep information safe from unauthorized access and prevent data exfiltration.

Though frequently found in the #misec IRC channel, the elusive @rjcassara is seldom seen in person. Last known conference sighting was at Converge 2014. Developer on the Poshsec PowerShell module. Occasional CTF participant. kids[].length = 3

Back to Converge 2015 video list

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast