Appearance
Files Bypass and Evasion Tests (HARD-FILESBYPASS)
Adversarial tests targeting Storage Contexts and file operations to prevent escaping the Secure Sandbox or bypassing policy constraints.
Objectives
- Prevent traversal outside Storage Context roots via path tricks, links, or device paths.
- Deny creation/usage of constructs that reference host paths (junctions, hardlinks, ADS).
Preconditions
- At least one Storage Context defined under
configuration.launch.runtime.files.contextswith a strict root. - File operations auditing enabled.
Controls Under Test
- Storage Context root enforcement and canonicalization.
- Denylist/allowlist for device paths and UNC.
- Hardlink/symlink/junction creation policies.
Test Scenarios
| ID | Scenario | Procedure | Expected Outcome |
|---|---|---|---|
| HARD-FILESBYPASS-01 | Symlink/Junction Escape | Create NTFS junction/symlink inside context pointing outside the root; attempt to read/write via link. | Denied; canonicalized path resolves outside root; fileOp.action: "deny", reason pathOutsideContext. |
| HARD-FILESBYPASS-02 | UNC/Device Path Smuggling | Access \\\\?\\, \\\\.\\, or admin shares like \\\\127.0.0.1\\C$ to reach host paths. | Denied; device/UNC blocked unless explicitly allowlisted; reason invalidTarget. |
| HARD-FILESBYPASS-03 | ADS & 8.3 Short Names | Write file.txt:hidden stream; use short-name or Unicode lookalikes to bypass filters. | Denied or contained; ADS writes blocked or scoped to overlay; reason alternateDataStream or pathNormalization. |
| HARD-FILESBYPASS-04 | Hardlink to Host | Attempt to create hardlink pointing to a host path outside context, then write. | Denied; hardlink creation blocked; operation: "link", outcome deny. |
| HARD-FILESBYPASS-05 | Unicode/Trailing Dots/Spaces | Use ..\\dir\\COM1 . and homoglyphs to confuse normalization. | Denied; normalized path rejected; reason pathNormalization. |
| HARD-FILESBYPASS-06 | Cloud Sync Inside Sandbox | Launch/sync OneDrive/Drive inside sandbox pointing to host-mapped folder. | Denied; device/process/network denies prevent sync; audit shows device/network denies referencing app. |
| HARD-FILESBYPASS-07 | Polyglot File Injection | Generate file with valid image header containing executable code; attempt to open/execute. | Denied; content filter detects type mismatch or malicious content. |
| HARD-FILESBYPASS-08 | Explicit $DATA Stream | Access file.txt::$DATA to force default stream parsing. | Denied/Normalized; filter treats as file.txt or denies explicit stream syntax. |
| HARD-FILESBYPASS-09 | Volume GUID Paths | Access \\?\Volume{GUID}\ to bypass drive letter constraints. | Denied; blocking of \\?\ namespace prevents raw volume handle acquisition. |
| HARD-FILESBYPASS-10 | Mixed Separator Traversal | Use C:/Windows\..\System32 to confuse canonicalization. | Denied; path normalization resolves to valid absolute path or rejects mixture. |
| HARD-FILESBYPASS-11 | DOS Device Masquerading | Create AUX, NUL in subfolders to trick handlers. | Denied; usage of reserved names is blocked by filter or OS behavior is contained. |
Advanced File System Evasion
Use these PowerShell procedures to validate path canonicalization and DLP inspection against complex evasion techniques.
Ghost Files & Trailing Characters
Attempt to write files with trailing dots or spaces to trick the path canonicalizer.
powershell
# Attempt to write a file with a trailing dot and space using raw path syntax
$ghostPath = "\\?\C:\Temp\ghost.txt. "
[System.IO.File]::WriteAllText($ghostPath, "Ghost content")
# Attempt to access using the trailing characters
Get-Content "\\?\C:\Temp\ghost.txt. "Expected Audit Failure:fileOp with action: "deny" and reason: "pathNormalization". The system must detect the non-canonical path and reject it.
Alternate Data Streams (ADS)
Write payloads to hidden streams to verify the DLP engine inspects NTFS streams.
powershell
# Write a payload to a hidden stream (e.g., file.txt:secret)
Set-Content -Path ".\file.txt" -Value "Public data"
Set-Content -Path ".\file.txt" -Stream "hidden_stream" -Value "Payload"
# Verify stream creation (should be blocked or audited)
Get-Item -Path ".\file.txt" -Stream *Expected Audit Failure:fileOp with action: "deny" and reason: "alternateDataStream". The operation should be blocked, or the stream content must undergo the same DLP checks as the primary stream.
Namespace Injection
Attempt to access raw device paths to bypass the virtual file system.
powershell
# Attempt to access the raw volume path via GlobalRoot
Get-Content "\\?\GlobalRoot\Device\HarddiskVolume1\Windows\System32\drivers\etc\hosts"
# Attempt to access the physical drive directly
Get-Content "\\.\PhysicalDrive0"Expected Audit Failure:fileOp with action: "deny" and reason: "invalidTarget". Access to \\?\, \\.\, and \??\ namespaces must be explicitly blocked unless allowlisted.
Symlink/Junction Mazes
Create recursive junction points to exhaust the path parsing logic.
powershell
# Create a recursive junction loop
New-Item -ItemType Directory -Path ".\Maze"
New-Item -ItemType Junction -Path ".\Maze\Loop" -Target ".\Maze"
# Attempt deep recursion (path exhaustion)
Get-ChildItem -Path ".\Maze\Loop\Loop\Loop\Loop" -RecurseExpected Audit Failure:fileOp with action: "deny" and reason: "pathComplexity" or reason: "recursionLimit". The parser should detect the recursion loop or excessive depth.
Volume and Stream Evasion
Test the path parser against explicit stream syntax and volume GUIDs.
powershell
# Explicit $DATA stream access
Get-Content ".\sensitive.txt::$DATA"
# Volume GUID access (bypass drive letter)
# 1. Find a volume GUID
$vol = Get-WmiObject -Class Win32_Volume | Select-Object -First 1 -ExpandProperty DeviceID
# 2. Attempt access via GUID (e.g., \\?\Volume{...}\Windows\...)
Get-ChildItem -Path "$vol\Windows\System32\drivers\etc\hosts"Expected Audit Failure:
- Streams:
fileOpdenied withreason: "alternateDataStream"or normalized to base file and blocked. - Volumes:
fileOpdenied withreason: "invalidTarget"(access to\\?\namespace).
Evidence Requirements
- Audit category:
fileOpwithaction,outcome,reason, and the normalized/target path. - When links are attempted: include
operation: linkand target resolution result.
Troubleshooting
- Verify canonicalization is enabled; check Storage Context definitions and host path exposure via mounts.
- Ensure device/UNC allowlists are minimal.
