Malware development trick - part 35: Store payload in alternate data streams. Simple C++ example | allinfosecnews.com

July 27, 2023, 8:46 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

﷽

Hello, cybersecurity enthusiasts and white hackers!

Today, this post is the result of my own research on another popular malware development trick: store malicious data in alternate data streams (ADS) and how adversaries use it for persistence.

alternate data streams

Alternate Data Streams allow for multiple data “streams” to be associated with a single filename, a capability that can be used to store metadata. While this feature was designed to support Macintosh Hierarchical File System (HFS) which uses resource …

ads adversaries cybersecurity data development hackers hello malicious malware malware analysis malware development own payload persistence popular research result simple store today

More from malware.news / Malware Analysis, News and Indicators - Latest topics

New Redline Version: Uses Lua Bytecode, Propagates Through GitHub 12 hours ago | malware.news

bytecode code detect found +12

Cybersecurity firm Darktrace sold to Thoma Bravo for $5.3 billion 1 day ago | malware.news

acquisition article cybersecurity darktrace +5

Arctic Wolf Recognized as a Leader in Frost & Sullivan Managed Detection and Response Report 1 day, 1 hour ago | malware.news

amp and response april arctic +20

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche 1 day, 1 hour ago | malware.news

april avalanche components critical +19

Showcasing Artwork by Max for Autism Awareness Month 1 day, 2 hours ago | malware.news

art article artwork autism +6

TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland - SWN #381 1 day, 3 hours ago | malware.news

article cisco deepfakes flowmon +6

Kaiser Permanente notifies 13.4M patients of potential data exposure 1 day, 3 hours ago | malware.news

apps article data data exposure +16

Impact of organizational structure on ransomware outcomes: Where does your org fit in? 1 day, 3 hours ago | malware.news

article challenges core security detection +15

VA is warning veterans about Change Healthcare cyberattack, secretary says 1 day, 4 hours ago | malware.news

alerting article attack change +14

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Senior Security Researcher, SIEM

@ Huntress | Remote Canada

View on infosec-jobs.com

Senior Application Security Engineer

@ Revinate | San Francisco Bay Area

View on infosec-jobs.com

Cyber Security Manager

@ American Express Global Business Travel | United States - New York - Virtual Location

View on infosec-jobs.com

Incident Responder Intern

@ Bentley Systems | Remote, PA, US

View on infosec-jobs.com

SC2024-003533 Senior Online Vulnerability Assessment Analyst (CTS) - THU 9 May

@ EMW, Inc. | Mons, Wallonia, Belgium

View on infosec-jobs.com