How to Use Metasploit’s Timestomp to Modify File Attributes & Avoid Detection

It is said that the best way to avoid detection when hacking is to leave no trace, and often that means not touching the filesystem at all. But realistically, in most cases, it's impossible not to interact with the filesystem in one way or another. The next best thing to do to throw off any investigators is to change the file attributes to hide activity. We can do this with Metasploit's Timestomp. What Are MACE Values? MACE (modified, accessed, created, entry) values are file attributes that describe the dates and times of activity on a file. These attributes are used by administrators to... more