https://blogs.technet.microsoft.com/askcore/2013/03/24/alternate-data-streams-in-ntfs/
I learned about this today and thought it was really cool.
NTFS allows you to save files inside of other files, while remaining completely invisible to the user and many commands.
Here I created a new file – hello.txt (CygWin for Linux commands but that’s not relevant here)
Then I open/create a new file with notepad – hello.txt:doggo.txt
Add some content to this new file and save it
Notice the size of hello.txt did not change? It’s still 0 bytes in both the command prompt and windows explorer
Trying to open the file with more does not display any information, but opening the file with notepad will show our message.
Diving a little bit deeper, we can see that hello.txt:doggo.txt does not seem to exist in a command prompt.
In powershell, the file is not listed and hello.txt is still showing as 0 bytes, but if we get the content of hello.txt:doggos.txt, we get our original message!
Killian Sherer 