Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Steganography and PNGs

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Brian de Heus Brian de Heus
October 12, 2019
0
59

Steganography and PNGs

How to hide arbitrary data in PNGs and have image CDNs host it for you.

Avatar for Brian de Heus

Brian de Heus

October 12, 2019
Tweet

More Decks by Brian de Heus

See All by Brian de Heus
Kubernetes 101 - A practical introduction into Kubernetes
Avatar for Brian de Heus briandeheus
0
75
Service communication made easy
Avatar for Brian de Heus briandeheus
1
73
A Docker Swarm Love Story
Avatar for Brian de Heus briandeheus
0
92

Featured

See All Featured
<Decoding/> the Language of Devs - We Love SEO 2024
Avatar for Nikki Halliwell nikkihalliwell
1
130
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
12
1.4k
Leading Effective Engineering Teams in the AI Era
Avatar for Addy Osmani addyosmani
9
1.6k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
Avatar for Tammy Everts tammyeverts
11
830
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.8k
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
Avatar for Christian Goodrich cargoodrich
3
100
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
174
15k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
31
9.9k
Digital Ethics as a Driver of Design Innovation
Avatar for Per Axbom axbom
PRO
1
190
Mind Mapping
Avatar for Hélio Medeiros helmedeiros
PRO
0
90
Building an army of robots
Avatar for Kyle Neath kneath
306
46k
Why You Should Never Use an ORM
Avatar for John Nunemaker jnunemaker
PRO
61
9.7k

Transcript

  1. Free Unlimited Storage With This One Weird Trick! System Administrators

    Hate Him!

  2. steganography /stɛɡəˈnɒɡrəfɪ/ noun 1. the practice of concealing messages or

    information within other non-secret text or data.

  3. Herodotus

  4. Admiral Jeremiah Denton

  5. Message Under The Stamp

  6. Brian de Heus briandotjp

  7. Append After End Byte +

  8. Binary Storage

  9. Least Significant Bit Source: https://www.peerlyst.com/posts/the-threat-of-digital-steganography-cloaked-malware-to-u-s-critical-infrastructure-systems-ian-barwise-m-s-cissp-ceh-cnda

  10. None

  11. PNG Portable Network Graphics

  12. None

  13. signature 8 bytes chunk size 4 bytes chunk type 4

    bytes chunk data n bytes chunk crc 4 bytes chunk size 4 bytes chunk type 4 bytes chunk data n bytes chunk crc 4 bytes chunk size 4 bytes chunk type 4 bytes chunk data n bytes chunk crc 4 bytes

  14. Critical Chunks IHDR PLTE* IDAT IEND

  15. Ancillary Chunks bKGD cHRM dSIG eXIf gAMA hIST iCCP iTXt

    pHYs sBIT sPLT sRGB sTER tEXt tIME tRNS zTXt

  16. criticality scope reserved safety CRITICAL non-critical PUBLIC private ALWAYS UPPERCASE

    DON’T COPY safe to copy

  17. I H D R CRITICAL PUBLIC DON’T COPY

  18. e X I f non-critical PUBLIC safe to copy

  19. None

  20. Make my own chunks!

  21. p u N k non-critical private safe to copy

  22. None

  23. +

  24. Chunk size: 13 Chunk type: IHDR CRC: 9a768270 Chunk size:

    218087 Chunk type: IDAT CRC: e11d26bc Chunk size: 0 Chunk type: IEND CRC: ae426082 Hiding 27 kB ( 28208 bytes) Injecting punk chunk Punk chunk injected Reached EOF

  25. Chunk size: 13 Chunk type: IHDR CRC: 9a768270 Chunk size:

    218087 Chunk type: IDAT CRC: e11d26bc Chunk size: 28208 Chunk type: puNk CRC: 8cccb594 Chunk size: 0 Chunk type: IEND Reached EOF

  26. http://i.imgur.com/Qk5BP19.png

  27. Demo Time!

  28. Lesson 1 Do not trust user input

  29. Lesson 2 Do not trust anyone

  30. Lesson 3 Doge meme isn’t dead wow much brave such

    opinion

  31. Thanks!!