#Stego

Steffen Wendzelcdpxe@dju.social
2025-04-09

A Generic Taxonomy for #Steganography. Published today by ACM Comp. Surveys (CSUR). Joint-work w/ W. Mazurczyk , @lucacav, A. Mileva, @Jana_Dittmann, @kraetzer, K. Lamshöft, @THB_Security_Research, L. Hartmann, J. Keller, @TN_THB and @niosat

Paper: dl.acm.org/doi/10.1145/3729165

#infosec #surveys #taxonomy #informationhiding #covertchannels #stego

There's supplemental material available (just scroll down on the linked page). It also features the description method for steganography techniques.

Chema Alonso :verified:chemaalonso@ioc.exchange
2025-03-18
MindChain 思维链mindchain
2024-07-31

This‍⁠⁠‍⁢⁢‌⁠⁢‌⁣⁢⁣⁢⁠⁢‌⁢‌⁠‌⁣⁢‌⁢⁠‌⁠⁣⁠⁢⁠⁢⁠⁠⁢‌‍⁢⁢‍‌‍⁠‍‌⁢⁠‌⁠‌⁠⁢‍⁢‍‌‍⁠‍⁢‍‌⁣⁢⁣⁠⁢‍⁠⁠⁠⁢⁤⁠‍⁤⁠⁠‌‍‌⁢⁠‌⁠⁢⁠⁢⁠⁢⁠‌⁠⁤⁢‍‌⁠⁠‍⁢‌ is a drill.

Matt Knightmatt@knight.fyi
2024-05-06

We think we’re finally done with everything we had to get done before concrete. The Glavel is in and compacted, the filter fabric is laid on top, and the Stego radon barrier is installed under the building slab. Every one of the 22 (!) conduits and pipes has been meticulously sealed with mastic.

Tomorrow morning our concrete contractor will form for the two slabs and add rebar, and concrete for the first slab is due at 10am. Fingers crossed!

#building #construction #vermont #diy #Glavel #Stego

Build site with StegoHome and filter fabric ready for concrete pour.We cut patches to fit around the pipes and conduit as tightly as possible.The remaining gaps were sealed with mastic to make this completely air tight.
Matt Knightmatt@knight.fyi
2024-05-05

We’ve been making good progress on the build. All that’s left to do before concrete can be poured is install filter fabric and our radon barrier (15-mil Stego). But, rain has stopped play today and the concrete contractor is coming Tuesday so Monday is going to be busy!

On Friday we bought a rock bucket for the tractor which is a game changer for getting big rocks out of our soil before we backfilled.

#building #construction #diy #concrete #Glavel #Stego #Vermont #kubota #rockbucket

2023-01-27

Some basics for Image Steganography in Linux:

file:
Running the 'file' command to see the Image's type. For instance you could be given a .jpeg file but after running 'file' command you could see its a PNG.

exiftool:
Using the 'exiftool' to see the metadata, like checking the size of the image to see its sensical or its too large, there could be location tags and other clues.

strings:
Running the 'strings' command to see if there are plaintext extractable characters

hexdump:
With 'hexdump' you will see the hex format of the file. For instance the first few bytes will tell you the type of file. or searching for the 'FE' marker what comes after 'FE' is a comment on the file.
You could also use the 'xxd' command.

binwalk:
'binwalk' will show if there are any embedded files. and if there are you can extract them with 'binwalk -e <filename>'.

steghide:
Steghide is a steganography program that hides data in various kinds of image and audio files. It also extracts hidden data.
to extract hidden data run: 'steghide --extract -sf <filename>'
some files will need you to provide a passphrase in order to extract hidden data.

for more tips on stego this is an interesting page:
book.hacktricks.xyz/crypto-and

#osint #stego #steganography #cybersec #cybersecurity #infosec #tools #ctf #data #linux

2022-11-11

#stego as a C2 method. widely feared in the late 1990s, what's old is new again. sometime if you see me in person ask me about a funny stego story from the turn of the century.

PNG Steganography Hides Backdoor

Our fellow researchers from ESET published an article about previously undocumented tools infiltrating high-profile companies and local governments in Asia. The tools, active since at least 2020 are designed to steal data. ESET dubbed them Worok. ESET monitored a significant break in activity from May 5, 2021 to the beginning of 2022. Nevertheless, when Worok became active again, new targeted victims – including energy companies in Central Asia and public sector entities in Southeast Asia – were infected to steal data based on the types of the attacked companies.

decoded.avast.io/martinchlumec

2021-01-03

Хороший список софта, если нужно что-то запрятать в картинку -> github.com

#soft #stego

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst