1
00:00:00,630 --> 00:00:09,300
Don't touch that file system, you will leave your fingerprints everywhere or anywhere you touch.

2
00:00:11,190 --> 00:00:20,400
I'm sure that as a penetration test, you mostly won't need this command, but I will mention it because

3
00:00:21,030 --> 00:00:23,530
somehow, once or twice.

4
00:00:23,550 --> 00:00:27,650
OK, so I've used it a couple of times and I think you might need it, too.

5
00:00:28,650 --> 00:00:31,860
So it remains a piece of good information.

6
00:00:33,330 --> 00:00:39,120
First, I want to talk about filesystem and metadata just for a little.

7
00:00:40,130 --> 00:00:47,810
Every file on the files, no matter what it is, has metadata, which contains information such as time

8
00:00:47,810 --> 00:00:53,870
and date, when it was created, accessed, modified its size on the disk, its ownership information

9
00:00:53,870 --> 00:00:54,760
and so on and so forth.

10
00:00:55,550 --> 00:01:04,280
For forensic examiners, metadata information is really important to uncover a fraud or something along

11
00:01:04,280 --> 00:01:04,760
those lines.

12
00:01:05,570 --> 00:01:12,230
To me, it's not that bad if a forensic analyst follows your traces and detect how you compromise the

13
00:01:12,230 --> 00:01:12,680
system.

14
00:01:13,670 --> 00:01:21,560
It might even be in the scope of the test for blue team analysis, however, as a penetration tester,

15
00:01:21,590 --> 00:01:25,730
you may need this command in certain other situations.

16
00:01:26,600 --> 00:01:31,940
For instance, file integrity monitors software is a good reason to watch out for.

17
00:01:32,660 --> 00:01:40,760
And my point is that you may sometimes in the special situation and it does vary upon your usage, you

18
00:01:40,760 --> 00:01:45,800
might need to manipulate the file system integrity to escape from a monster.

19
00:01:46,490 --> 00:01:48,920
Remember to use time stop.

20
00:01:49,520 --> 00:01:52,010
So let's see where it is now.

21
00:01:52,010 --> 00:01:57,560
You will need to have at least an admin level session to manipulate the file system using timestamp

22
00:01:58,250 --> 00:02:04,400
so type timestamp each to display the help menu for this command.

23
00:02:06,010 --> 00:02:11,830
And look at that here, it has some parameters to specify commands.

24
00:02:12,900 --> 00:02:18,120
So first, I'm going to check where I am on the target, actually, IWD.

25
00:02:18,900 --> 00:02:19,230
All right.

26
00:02:19,230 --> 00:02:21,990
So I'm in system 32.

27
00:02:23,400 --> 00:02:27,900
So I'm going to change the folder to see W AB.

28
00:02:28,930 --> 00:02:30,250
W w w.

29
00:02:32,070 --> 00:02:32,910
Uploads.

30
00:02:34,800 --> 00:02:37,880
TWD, Yes, I'm there now.

31
00:02:38,970 --> 00:02:39,570
Alas.

32
00:02:41,110 --> 00:02:44,650
And I think you probably remember Allport Scott EXI.

33
00:02:45,660 --> 00:02:49,110
You use that file when searching and testing for vulnerabilities.

34
00:02:50,330 --> 00:02:52,880
And if you are files, mate, data.

35
00:02:53,900 --> 00:02:58,160
Use timestamp where the V parameter.

36
00:02:59,150 --> 00:03:04,640
Time stamp and the path of the Allport story EXI.

37
00:03:06,660 --> 00:03:07,630
Oh, look at that.

38
00:03:08,130 --> 00:03:11,300
I can't a dive at the same time, I didn't have the parameter.

39
00:03:12,000 --> 00:03:14,910
So then add the V parameter.

40
00:03:16,400 --> 00:03:27,170
Now, by the way, Mays stands for the first letters of modified access created and entry modified words.

41
00:03:28,260 --> 00:03:30,420
So anyway, go to the airport folder.

42
00:03:31,280 --> 00:03:31,850
Alas.

43
00:03:33,240 --> 00:03:38,100
Now, here there is a test, my sequel, that BHP file.

44
00:03:39,680 --> 00:03:41,450
When you display the mass data.

45
00:03:44,190 --> 00:03:55,500
It was last modified in 2010, so to hide Allport static file timestamp can pull the files, mays' data

46
00:03:56,040 --> 00:04:01,260
and set for Allport static using the F parameter.

47
00:04:02,330 --> 00:04:18,770
Timestamp c w ampe w w w upload all ports dot Yuxi, then type F and the second file c w ab.

48
00:04:19,680 --> 00:04:24,510
W w w test Maisky, well, that BHP.

49
00:04:25,740 --> 00:04:27,990
And the commands executed successfully.

50
00:04:29,480 --> 00:04:33,920
So let's check it, use the arrow key to move in the history.

51
00:04:34,900 --> 00:04:43,000
OK, so now you can see all Bords EXI now has test my skills, Messitte data.

52
00:04:45,280 --> 00:04:48,440
So you can also set these values to a specific date if you want.

53
00:04:49,300 --> 00:04:52,810
For example, you can use the sea to set a date, a date.

54
00:04:54,090 --> 00:04:57,890
Timestamp the path of Allport, statistically.

55
00:04:58,850 --> 00:05:02,090
See, use double quotes for dates.

56
00:05:03,340 --> 00:05:10,870
One one 2000 for the date and one one one four time.

57
00:05:12,170 --> 00:05:16,970
Is the key to move in the history, OK, and that change successfully.

58
00:05:19,060 --> 00:05:24,720
Now, of course, you're thinking that you can, yeah, change some other attributes in the same way,

59
00:05:25,570 --> 00:05:32,770
just use the energy for previous commands and just change that parameter to a four accessed date.

60
00:05:34,210 --> 00:05:37,810
And change parameter to M for modified.

61
00:05:40,030 --> 00:05:46,240
And now display the mass data for Allport statistics and look at that, you successfully changed.

62
00:05:47,760 --> 00:05:50,700
I forgot the entry for modified date.

63
00:05:52,430 --> 00:05:55,450
So use the E parameter to set a specific date.

64
00:05:56,910 --> 00:06:03,960
And it seems that as well, so I think he got the point here that you can change the mass data to confuse

65
00:06:04,140 --> 00:06:04,950
the analyzer.

66
00:06:05,400 --> 00:06:05,910
Awesome.