What is an Alternative Data Stream (ADS) and how can it be exploited for stealthy payload execution?

An Alternative Data Stream (ADS) is a feature of the NTFS file system that allows hiding data within a file without affecting its visible size. Attackers can hide a payload like `putty.exe` inside a file using `type putty.exe > test.txt:putty.exe` and then execute it via WMI (`wmic process call create c:\test\test.txt:putty.exe`) or PowerShell. This technique makes detection difficult because the payload doesn't alter the host file's properties.