Disabling Auditing: disable Auditing using Auditpol.
Clearing the Event Log: use elsave to clear the Event Log.
Hiding files: using attrib, NTFS file streaming. Use LNS to search for files hidden in streams.
- Rootkits: patching the OS kernel with rogue code, assuming control of the OS. See the Rootkit page and removal tools.
- Port redirection: redirect from one IP number and port to another IP number and port at the gateway/firewall. See rinetd and fpipe.
- Man-in-the-middle attacks: originally using SMBRelay and SMBProxy. Cain provides sniffing and MITM capabilities.