During a post-compromise cleanup on a Windows Server 2019 host, you notice that an attacker stored a backdoor executable inside a user's harmless-looking text file so that the dir command did not reveal the payload and the reported file size remained unchanged. Which NTFS feature was most likely abused to achieve this stealth?
NTFS supports multiple unnamed and named forks for every file. By creating an Alternate Data Stream (ADS) such as harmless.txt:backdoor.exe, an attacker can hide data that standard directory listings and the Windows Explorer GUI do not show, and the primary file's reported size remains the same. Volume Shadow Copies are used for backups, NTFS compression only reduces size but does not hide additional forks, and junction points redirect paths but do not conceal data inside an existing file. Therefore, ADS is the technique that matches the observed behavior.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is NTFS Alternate Data Streams (ADS)?
Open an interactive chat with Bash
How can NTFS ADS be detected or monitored?
Open an interactive chat with Bash
Why are NTFS ADS a security concern?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
System Hacking Phases and Attack Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .