2000
NTFS Alternate Data Streams
Written by The Geekette on September 16, 2005 – 10:11 amPosted in 2000, 2003, Ramblings, Security, Windows, XP | No Comments »
(No Ratings Yet)
Loading ...While searching around, I happen to run across something that caught my eye. It deals with Microsoft’s NTFS and security. ADS 0r Alternate Data Streams – was originally created to provide compatibility with HFS (Macintosh Hierarchical File System).
Although widely unknown by most that ADS even exists, it is has been used by sometime by people to exploit Windows Boxes that use NTFS. Not all anti-virus programs will pick up alternate data streams. It is easy to exploit the ADS and let it go undetected for some time. Although with technology getting better, some anti-virus scanners are now picking up the ADS when changes have been made to the default configuration.
Security Focus has a demonstration of how this is used by rooting or exploiting a lab box using the MS04–011 vulnerability. The Metaspoilt Framework can allow someone to break into a computer via the lsass overflow.
Windows 2000 – Disabling IDE Detection When Windows 2000 Boots
Written by The Geekette on August 24, 2005 – 8:15 pmPosted in 2000, Tips, Windows | No Comments »
(No Ratings Yet) Loading ...Every time Win2k boots it will check the onboard controller if there is any drives attached. If you don’t have the habit of swapping IDE units in and out or you have none installed at all, then you might want to disable the scanning for IDE units and get a faster bootup.
Go here : Control Panel – System – Hardware-tab – Device Manager-button – IDE ATA/ATAPI Controllers-node
There select properties for your Primary- and Secondary-Channel and go to Advanced Settings where you can change the Device Type from "Auto detection" to "None" when there is no IDE Unit attached
Popularity: 4% [?]
