Trivial Anti-BlueTeam trick #2

February 2, 2019 in Random ideas, Silly

This is a silly idea for hiding stuff on a Windows system. A bit similar to the one I described here, but even more lame 🙂

The Documents and Settings folder is a legacy location where Windows used to store users’ files. It has been replaced by the Users folder looong time ago (in Vista, year ~2006), and no one really writes or even uses a software that relies on this location anymore. And on newer versions of Windows it’s just a junction:

c:\Documents and Settings: JUNCTION
Print Name : C:\Users
Substitute Name: C:\Users

So, we can simply delete the junction, and re-create the folder as a real directory. Since everyone ‘knows’ that this directory is mapped to c:\Users, we could place legitimately looking files there and potentially fool some junior analysts.

Share this :)

Comments are closed.