Skip to main content

· 3 min read
Bora

INTRODUCTION

Alternate Data Streams (ADS) is a feature of the NTFS file system that allows a file to have multiple data streams, each of which can be manipulated as if it were a separate file. This feature can be useful in a variety of scenarios, but it is not widely used and is often considered a security risk. In this article, we will discuss what ADS are, how they work, and some examples of how they can be used.

HISTORY

ADS was first introduced in the NTFS file system in the early 1990s as part of the Windows NT operating system. They were intended to allow for the creation of multiple data streams within a single file, each of which could be manipulated independently. For example, one data stream could be used to store the data of a file, while another could be used to store metadata or other information about the file.

HOW-TO

To create an ADS, a programmer can use the CreateFile API function to open a handle to a file, specifying the name of the data stream in the filename. For example, to create an ADS called “mystream” within a file called “myfile.txt”, the filename passed to CreateFile would be “myfile.txt:mystream”. Once the handle to the stream is created, the programmer can use standard file I/O functions to read and write data to the stream, just as they would with a normal file.

To display a list of all the alternate data streams of a file, you can use the command-line utility dir /R on windows or ls -l with find -exec on Linux/Unix.

ADS can be used for legitimate purposes, such as adding metadata to a file, but they can also be used for malicious purposes. For example, a hacker could use ADS to hide a malicious file within a seemingly innocent one. This is often referred to as “stream-sniping” or “hiding a file in a file”. An attacker could also use ADS to hide a back door or other malicious code within a file, making it difficult to detect.

An example of legitimate usage of ADS is when creating an installer of software, where the installer package contains a separate stream that holds the actual installation script.

Another example is that media files like images, audio, and videos, may have an additional alternate data stream to store some metadata information like creation date, a location where the media was captured, and also some other user-defined data like comments, etc.

CONCLUSION

In conclusion, Alternate Data Streams (ADS) are a powerful feature of the NTFS file system, but it is not widely used and is often considered a security risk. The feature can be useful in a variety of scenarios, but it’s important to be aware of the security risks and to use this feature carefully.

· 4 min read
Bora

Robocopy, also known as “Robust File Copy,” is a command-line utility in Windows that allows users to quickly and efficiently copy files from one location to another. It was first introduced in Windows Vista and has been included in every subsequent version of Windows since.

One of the key benefits of using Robocopy is its ability to copy large numbers of files very quickly. It is also able to copy files over network connections, making it a useful tool for backing up data or transferring files between computers. Additionally, Robocopy is able to copy files even if they are in use, which can be helpful when trying to copy files that are currently open and being accessed by other programs.

One of the more advanced features of Robocopy is its ability to copy entire directories and subdirectories, including all of the files contained within them. This can be particularly useful when copying large file structures or when trying to create a backup of a specific folder on your computer.

In terms of syntax, using Robocopy is fairly straightforward. The basic command structure is as follows:

robocopy source destination [options]

The source and destination arguments are the locations of the files you want to copy, and the options argument allows you to specify various parameters for the copy operation. Some of the more commonly used options include:

/E: Copies subdirectories, including empty ones.

/MIR: Mirrors a directory tree. Deletes files in the destination that no longer exist in the source.

/Z: Copies files in restartable mode. If the copy is interrupted, it can be resumed from where it left off.

/XF: Excludes files with the specified names or paths from the copy.

/NP: Does not display the progress of the copy operation.

There are many other options available with Robocopy, and you can see a full list of them by typing robocopy /? at the command prompt.

EXAMPLES


Incremental backups:

Robocopy has the option to copy only files that have been modified or created since the last backup. This can be achieved by using the /XO (exclude older) option along with the /DCOPY:T (copy directory timestamps) option. This allows you to keep multiple versions of a file, so you can recover an older version if necessary. The command for an incremental backup would look something like this:

robocopy C:\Source E:\Backup /MIR /XO /DCOPY:T

Excluding specific files or folders:

You may want to exclude certain files or folders from the backup, such as temporary files or large media files. The /XF option allows you to specify the names or paths of files or folders to exclude. You can use the wildcard * to match multiple files. For example, if you want to exclude all files with the .tmp extension, the command would look like this:

robocopy C:\Source E:\Backup /MIR /XF *tmp

Backup to a remote location:

Robocopy can also be used to copy files over a network connection. To do this, you simply need to specify the remote server and share name as the destination. You should be logged in as an authorized user on the remote server. The command would look something like this:

robocopy C:\Source \\remote_server\share E:\Backup /MIR

Schedule the backup:

You can schedule a robocopy job to run at specific time period using Task Scheduler on Windows. This allows you to perform the backup automatically at a certain time of day, or on a certain day of the week or month. Keep in mind that when using the /MIR option, Robocopy will delete files in the destination that no longer exist in the source. So, it is important to make sure that you have a recent backup or a good understanding of the files you are backing up before running the command.

By using these options and techniques, you can create more complex backups using Robocopy and schedule them to run automatically. However, it’s important to test the backup thoroughly and ensure that you can restore the files correctly in case of disaster.

· 2 min read
Bora

INTRODUCTION:

Quick Assist is a built-in feature in Microsoft Windows that allows users to remotely connect and share their screen with another user.

This can be useful for troubleshooting purposes, or for providing assistance to someone who is not physically present.

STEPS:

Here is a step-by-step guide on how to use Quick Assist in Microsoft Windows:

1.On the device that needs assistance, click on the Start button and search for “Quick Assist”.

2.Click on the “Quick Assist” app to launch it.

3.Click on the “Get assistance” button to generate a code and a link.

4.Send the code and link to the person who will be providing the assistance.

5.On the device that will be providing the assistance, click on the link to open Quick Assist.

6.Enter the code that was provided by the other user.

7.Click on the “Connect” button to establish a connection.

8.The assisting user will now be able to see the screen of the device that needs assistance.

9.The assisting user can use their mouse and keyboard to control the device and troubleshoot any issues.

10.When finished, the assisting user can click on the “Disconnect” button to end the connection.

CONCLUSION

Quick Assist is a useful tool for quickly and easily providing assistance to someone who may be experiencing technical issues. It is a simple and convenient way to connect with another user and share your screen, allowing you to troubleshoot and resolve issues quickly and efficiently.

· One min read
Bora

INTRODUCTION

“The computer file hosts is an operating system file that maps hostnames to IP addresses. It is a plain text file” source wikipedia. We are going to use this file to block some websites on a single PC.

Step 1

Open notepad as administrator.

Step 2

Click File > Open and browse to C:\windows\system32\drivers\etc.

Change the file extension from Test Documents (.txt) to All Files (.*) to see the hosts file and open it.

Step 3

Under 127.0.0.1 localhost enter ‘127.0.0.1 youtube.com’ as on the screenshot. You can add # before the command which disables this blocking. We simply redirect this domain name to our local ip this creates a loop. When we try to reach blocked website in the hosts file our browser tries to reach the ip address 127.0.0.1 which is our local ip address. There is no http server running on our PC then we can’t open web page. Save the file.