timestomping using the touch command

0001-01-01

The touch command can be used to timestomp files on Linux systems for anti-forensics purposes. Changing the timestamps on files may be done ... Read More

timestomping using utime()

0001-01-01

utime() can be used to change timestamps of files (timestomping). utime() only supports second-level precision, not nanoseconds. This function is ... Read More

timestomping using utimensat()

0001-01-01

utimensat() is a POSIX function that is able to change a file’s timestamps with nanosecond precision. This can be used to timestomp files. ... Read More

TLD

0001-01-01

A Top Level Domain (TLD) is a domain of the highest level hierarchically in DNS after the root domain. TLD names are installed in the root zone of the ... Read More

TLS certificate

0001-01-01

A TLS certificate, also called SSL certificate, is a file that verifies the identity of a website and enables cryptographic communications. Read More

TLS directory

0001-01-01

In PE files, the Thread Local Storage (TLS) directory is a section that provides threads with their own unique instances of certain data. TLS ... Read More

TLS directory injection

0001-01-01

TLS directory injection is a technique often used by malware that adds new entries to the Thread Local Storage directory of a PE file, specifying a ... Read More

TLS initialization callback

0001-01-01

A TLS initialization callback is a callback function specified in the TLS directory of a PE file that is executed when a process or thread starts or ... Read More

TLS takes precedence over main()

0001-01-01

TLS callbacks are ran before main(), which makes them attractive for file infecting malware. Read More

Tomb

0001-01-01

Tomb is an open-source tool used to manage secret files within LUKS volumes (tombs) protected by strong encryption. https://dyne.org/tomb/ Read More