To search, Click below search items. |
| All Published Papers Search Service |
|
|
|
Title |
Alternative Data Streams in NTFS ? A Gateway for Subverting Endpoint Security Systems |
|
Author |
Nenad Stojanovski, Danilo Gligoroski, Svein J. Knapskog |
| Citation |
Vol. 7 No. 12 pp. 71-75 |
|
Abstract |
In this paper we use ¡°alternative data streams¡± that were introduced with the occurrence of Windows NT and its file system NTFS, as a gateway for subverting several commercial endpoint security systems. We give a simple set of commands by which it is possible to copy data from PCs that have installed endpoint security access systems, with- out been detected or by making the endpoint security access system to generate incomplete log entries that again do not reveal an information about the files that have been copied. |
|
Keywords |
NTFS, Alternative Data Streams, Subversion, Endpoint Security Systems |
|
URL |
