Skip to content

Files Bypass and Evasion Tests (HARD-FILESBYPASS)

Adversarial tests targeting Storage Contexts and file operations to prevent escaping the Secure Sandbox or bypassing policy constraints.

Objectives

  • Prevent traversal outside Storage Context roots via path tricks, links, or device paths.
  • Deny creation/usage of constructs that reference host paths (junctions, hardlinks, ADS).

Preconditions

  • At least one Storage Context defined under configuration.launch.runtime.files.contexts with a strict root.
  • File operations auditing enabled.

Controls Under Test

  • Storage Context root enforcement and canonicalization.
  • Denylist/allowlist for device paths and UNC.
  • Hardlink/symlink/junction creation policies.

Test Scenarios

IDScenarioProcedureExpected Outcome
HARD-FILESBYPASS-01Symlink/Junction EscapeCreate NTFS junction/symlink inside context pointing outside the root; attempt to read/write via link.Denied; canonicalized path resolves outside root; fileOp.action: "deny", reason pathOutsideContext.
HARD-FILESBYPASS-02UNC/Device Path SmugglingAccess \\\\?\\, \\\\.\\, or admin shares like \\\\127.0.0.1\\C$ to reach host paths.Denied; device/UNC blocked unless explicitly allowlisted; reason invalidTarget.
HARD-FILESBYPASS-03ADS & 8.3 Short NamesWrite file.txt:hidden stream; use short-name or Unicode lookalikes to bypass filters.Denied or contained; ADS writes blocked or scoped to overlay; reason alternateDataStream or pathNormalization.
HARD-FILESBYPASS-04Hardlink to HostAttempt to create hardlink pointing to a host path outside context, then write.Denied; hardlink creation blocked; operation: "link", outcome deny.
HARD-FILESBYPASS-05Unicode/Trailing Dots/SpacesUse ..\\dir\\COM1 . and homoglyphs to confuse normalization.Denied; normalized path rejected; reason pathNormalization.
HARD-FILESBYPASS-06Cloud Sync Inside SandboxLaunch/sync OneDrive/Drive inside sandbox pointing to host-mapped folder.Denied; device/process/network denies prevent sync; audit shows device/network denies referencing app.
HARD-FILESBYPASS-07Polyglot File InjectionGenerate file with valid image header containing executable code; attempt to open/execute.Denied; content filter detects type mismatch or malicious content.
HARD-FILESBYPASS-08Explicit $DATA StreamAccess file.txt::$DATA to force default stream parsing.Denied/Normalized; filter treats as file.txt or denies explicit stream syntax.
HARD-FILESBYPASS-09Volume GUID PathsAccess \\?\Volume{GUID}\ to bypass drive letter constraints.Denied; blocking of \\?\ namespace prevents raw volume handle acquisition.
HARD-FILESBYPASS-10Mixed Separator TraversalUse C:/Windows\..\System32 to confuse canonicalization.Denied; path normalization resolves to valid absolute path or rejects mixture.
HARD-FILESBYPASS-11DOS Device MasqueradingCreate AUX, NUL in subfolders to trick handlers.Denied; usage of reserved names is blocked by filter or OS behavior is contained.

Advanced File System Evasion

Use these PowerShell procedures to validate path canonicalization and DLP inspection against complex evasion techniques.

Ghost Files & Trailing Characters

Attempt to write files with trailing dots or spaces to trick the path canonicalizer.

powershell
# Attempt to write a file with a trailing dot and space using raw path syntax
$ghostPath = "\\?\C:\Temp\ghost.txt. "
[System.IO.File]::WriteAllText($ghostPath, "Ghost content")

# Attempt to access using the trailing characters
Get-Content "\\?\C:\Temp\ghost.txt. "

Expected Audit Failure:fileOp with action: "deny" and reason: "pathNormalization". The system must detect the non-canonical path and reject it.

Alternate Data Streams (ADS)

Write payloads to hidden streams to verify the DLP engine inspects NTFS streams.

powershell
# Write a payload to a hidden stream (e.g., file.txt:secret)
Set-Content -Path ".\file.txt" -Value "Public data"
Set-Content -Path ".\file.txt" -Stream "hidden_stream" -Value "Payload"

# Verify stream creation (should be blocked or audited)
Get-Item -Path ".\file.txt" -Stream *

Expected Audit Failure:fileOp with action: "deny" and reason: "alternateDataStream". The operation should be blocked, or the stream content must undergo the same DLP checks as the primary stream.

Namespace Injection

Attempt to access raw device paths to bypass the virtual file system.

powershell
# Attempt to access the raw volume path via GlobalRoot
Get-Content "\\?\GlobalRoot\Device\HarddiskVolume1\Windows\System32\drivers\etc\hosts"

# Attempt to access the physical drive directly
Get-Content "\\.\PhysicalDrive0"

Expected Audit Failure:fileOp with action: "deny" and reason: "invalidTarget". Access to \\?\, \\.\, and \??\ namespaces must be explicitly blocked unless allowlisted.

Create recursive junction points to exhaust the path parsing logic.

powershell
# Create a recursive junction loop
New-Item -ItemType Directory -Path ".\Maze"
New-Item -ItemType Junction -Path ".\Maze\Loop" -Target ".\Maze"

# Attempt deep recursion (path exhaustion)
Get-ChildItem -Path ".\Maze\Loop\Loop\Loop\Loop" -Recurse

Expected Audit Failure:fileOp with action: "deny" and reason: "pathComplexity" or reason: "recursionLimit". The parser should detect the recursion loop or excessive depth.

Volume and Stream Evasion

Test the path parser against explicit stream syntax and volume GUIDs.

powershell
# Explicit $DATA stream access
Get-Content ".\sensitive.txt::$DATA"

# Volume GUID access (bypass drive letter)
# 1. Find a volume GUID
$vol = Get-WmiObject -Class Win32_Volume | Select-Object -First 1 -ExpandProperty DeviceID
# 2. Attempt access via GUID (e.g., \\?\Volume{...}\Windows\...)
Get-ChildItem -Path "$vol\Windows\System32\drivers\etc\hosts"

Expected Audit Failure:

  • Streams: fileOp denied with reason: "alternateDataStream" or normalized to base file and blocked.
  • Volumes: fileOp denied with reason: "invalidTarget" (access to \\?\ namespace).

Evidence Requirements

  • Audit category: fileOp with action, outcome, reason, and the normalized/target path.
  • When links are attempted: include operation: link and target resolution result.

Troubleshooting

  • Verify canonicalization is enabled; check Storage Context definitions and host path exposure via mounts.
  • Ensure device/UNC allowlists are minimal.