Manipulating Alternate Data Streams

This piece comes from the great Mark Minasi newsletter. He approaches Alternate Data Streams (ADS) from the perspective of does Windows know that an executable is from the internet? You might have seen some security related dialog boxes that prompt you to verify that you want to run a particular downloaded program. Mark simply wondered how Windows knows the difference. The answer is ADS. He follows up with a great indepth discussion on ADS. Good Stuff

How Windows Knows that a File Is from the Internet: Manipulating Alternate Data Streams

Leave a Reply