Hiding in plain sight - Alternate Data Streams

Описание: In this video, the Kilt Guy talks about alternate data streams and how files or even entire programs can be hidden from plain sight

===============

Commands Used in this video:
In the Command Prompt:
dir /od /q /r /s /ta

In PowerShell (this is all one command):
Get-ChildItem -File *.rtf |
ForEach { Get-Item $_.FullName -Stream * }|
Where-Object Stream -NE ':$Data' |
Select-Object Stream,Length,@{Name="AlternateDataStream";Expression={"$($_.PSChildName)"}},FileName

Chapters
0:00 Intro
0:58 What are Alternate Data Streams (ADS)?
2:04 How to find ADS in the Command Prompt
4:33 Creating an ADS-embedded file
8:50 Calling/Opening the ADS file
11:29 Going into PowerShell and using the pipeline to find the Streams
18:33 Enriching your output using the pipeline
22:00 Outro