The Reveal Platform
Intel Name: Potentially suspicious ntfs symlink behavior modification
Date of Scan: November 20, 2025
Impact: Medium
Summary: Detects changes to NTFS symbolic link settings via fsutil, which may allow remote-to-local or remote-to-remote symlinks that could be abused in attacks.
