daatdraqq Posted October 30, 2012 Report Posted October 30, 2012 (edited) IntroductionAlternate data stream is supported by NTFS systems to aid the MacintoshHierarchical File System (HFS) that uses resource forks to store icons and otherinformation from a file.Basically using Alternate Data Stream, users can easily hide files that gounnoticed by some system administrators. Alternate Data Strem gives you the abilityto inject / add file data into existing files without affecting their functionality andsize.This whithepaper will start with the basic use of Alternate Data Stream andtherefore this whitepaper show how to bypass Avast Sandbox.It is not the focus of this whitepaper how to bypass antivirus using publicknowledge. However, aims to circumvent protection system AvastSandBox.As a test system we used the operating system WindowsXP service pack2. Fora remote administration program was used metasploit.Any knowledge found in this whitepaper is used with educational purposesonly and the author is not responsable for damages caused to third parties withknowledge of this whitepaper.Thanks, W1ckerMan.Download:http://dl.packetstormsecurity.net/papers/bypass/bypass-avast.pdf Edited October 30, 2012 by Nytro 1 Quote
