An Alternate Data Stream (ADS) is a feature of the NTFS file system in Windows that allows multiple streams of data to be associated with a single file.
Malware developers leverage ADS to hide payloads or information while remaining concealed.
By leveraging ADS, malware can effectively hide its components without being detected by traditional file browsing methods, bypassing many security solutions.
The use of ADS in malware development remains a powerful method for hiding payloads and understanding how to manipulate these streams can provide valuable insight into offensive and defensive cybersecurity practices.