PowerShell data obfuscation through ADS
ShaDOS is a PowerShell module which provides a collection of functions to hide data inside alternate data streams (ADS), list the data that's been hidden, and retrieve it.
In addition to making the data difficult to discover, it can also be encrypted making it extraordinarily difficult for unauthorized access.
Due to the nature of ADS, the data is resistant to exfiltration via typical USB drives and linux-based attackers.
See presentation at: https://www.youtube.com/watch?v=EdQfrji8lL4