What technique uses NTFS streams to hide malicious files on the target system?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

What technique uses NTFS streams to hide malicious files on the target system?

Using NTFS streams to hide files is about covering tracks on the OS by taking advantage of alternate data streams. NTFS allows a file to have additional named data streams beyond the main content, and these extra streams are often not shown in normal views. An attacker can attach a malicious payload to a file as a separate stream, making the hidden data invisible to casual inspection and even some scans. This lets malware reside on the system while appearing ordinary, reducing the chance it will be noticed. It’s distinct from merely deleting files, altering audit settings, or turning off auditing, all of which address visibility in different ways. To uncover such hidden data, you’d use tools that enumerate ADS (like Sysinternals Streams or PowerShell commands that list streams).

What technique uses NTFS streams to hide malicious files on the target system?

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

What technique uses NTFS streams to hide malicious files on the target system?

Get the latest from Examzify