Steganography
Date: 2024-10-16
Difficulty: Beginner
Delivered By: Alex New
Overview
Steganography is the art of hiding information in plain sight. When applied to cyber security, it often refers to concealing data (with a special meaning) within other data - such as a hidden message inside a file. A recent, but growing, trend involves using steganography as part of a wider attack, such as to hide shellcode:
When applied to CTFs, the use of steganography can make the process of locating a flag much trickier and more puzzling. Instead of the flag being available in the open, it could be concealed in an otherwise mundane file!
In this session, we will explore the basics of steganography including what it is, how it came about, common tools used and how they are applied to data hidden in:
- Text
- Images
- Audio
- Network Traffic
- Files
There is also an opportunity to make your own challenge and compete against others to win a flag worth 600 points. We will not be discussing mathematical approaches to steganography as seen in research and literature; that is above the scope of what we will look at. If you wish to explore these techniques, you're encouraged to do so when you make your own challenge.
Prerequesites
To take part in this session, you will need to bring a laptop or share with someone else. These following tools will be very helpful!
- HxD
- Alternatively, you can use HexEd.it which is a Web-based Hex Editor!
- GIMP
- Audacity
- steghide
- Steganographic Decoder is an alternative to Steghide that works on all platforms!
- Unicode Steganography Decoder
- The ARG Toolbox contains hundreds of tools for all different types of Stego challenges!
- Wireshark is a tool for analysing live network traffic and packet captures.
SSTV Receivers & Transmitters
- QSSTV (Linux)
- Black Cat SSTV (Windows & Mac)
- RX-SSTV (Windows)
You may want to use a Linux VM if you are on Windows, but this isn't required.
Furthermore, knowledge of the following would be ideal as a starting point:
- Binary
- Hexadecimal
- HTTP (from Web 101)
Session Link
The challenges can be found at https://stego.sucss.org .
Brute forcing passwords using tools such as Hydra is not allowed.