timestomping

0001-01-01

Timestomping is a cybersecurity term that refers to the malicious act of altering timestamps with the intent of misleading analysts and incident ...

Read More

timestomping using futimens()

0001-01-01

futimens() can be used to change timestamps of or timestomp files using a file descriptor.

#include <fcntl.h>
#include <sys/stat.h> ...

Read More

timestomping using Python

0001-01-01

Python can be used to modify timestamps or timestomp files:

import os
import time

new_time = 1672531200  # UNIX timestamp (Jan 1, 2023)
os.utime( ...

Read More

timestomping using the touch command

0001-01-01

The touch command can be used to timestomp files on Linux systems for anti-forensics purposes. Changing the timestamps on files may be done ...

Read More

timestomping using utime()

0001-01-01

utime() can be used to change timestamps of files (timestomping). utime() only supports second-level precision, not nanoseconds.

This function is ...

Read More

timestomping using utimensat()

0001-01-01

utimensat() is a POSIX function that is able to change a file’s timestamps with nanosecond precision. This can be used to timestomp files. ...

Read More

TLD

0001-01-01

A Top Level Domain (TLD) is a domain of the highest level hierarchically in DNS after the root domain. TLD names are installed in the root zone of the ...

Read More

TLS certificate

0001-01-01

A TLS certificate, also called SSL certificate, is a file that verifies the identity of a website and enables cryptographic communications.

Read More

TLS directory

0001-01-01

In PE files, the Thread Local Storage (TLS) directory is a section that provides threads with their own unique instances of certain data.

TLS ...

Read More

TLS directory injection

0001-01-01

TLS directory injection is a technique often used by malware that adds new entries to the Thread Local Storage directory of a PE file, specifying a ...

Read More