Steganography and PNGs

Transcript

1. Free Unlimited Storage With This One Weird Trick! System Administrators

   Hate Him!

2. steganography /stɛɡəˈnɒɡrəfɪ/ noun 1. the practice of concealing messages or

   information within other non-secret text or data.

3. Herodotus

4. Admiral Jeremiah Denton

5. Message Under The Stamp

6. Brian de Heus briandotjp

7. Append After End Byte +

8. Binary Storage

9. Least Significant Bit Source: https://www.peerlyst.com/posts/the-threat-of-digital-steganography-cloaked-malware-to-u-s-critical-infrastructure-systems-ian-barwise-m-s-cissp-ceh-cnda

10. None

11. PNG Portable Network Graphics

12. None

13. signature 8 bytes chunk size 4 bytes chunk type 4

    bytes chunk data n bytes chunk crc 4 bytes chunk size 4 bytes chunk type 4 bytes chunk data n bytes chunk crc 4 bytes chunk size 4 bytes chunk type 4 bytes chunk data n bytes chunk crc 4 bytes

14. Critical Chunks IHDR PLTE* IDAT IEND

15. Ancillary Chunks bKGD cHRM dSIG eXIf gAMA hIST iCCP iTXt

    pHYs sBIT sPLT sRGB sTER tEXt tIME tRNS zTXt

16. criticality scope reserved safety CRITICAL non-critical PUBLIC private ALWAYS UPPERCASE

    DON’T COPY safe to copy

17. I H D R CRITICAL PUBLIC DON’T COPY

18. e X I f non-critical PUBLIC safe to copy

19. None

20. Make my own chunks!

21. p u N k non-critical private safe to copy

22. None

23. +

24. Chunk size: 13 Chunk type: IHDR CRC: 9a768270 Chunk size:

    218087 Chunk type: IDAT CRC: e11d26bc Chunk size: 0 Chunk type: IEND CRC: ae426082 Hiding 27 kB ( 28208 bytes) Injecting punk chunk Punk chunk injected Reached EOF

25. Chunk size: 13 Chunk type: IHDR CRC: 9a768270 Chunk size:

    218087 Chunk type: IDAT CRC: e11d26bc Chunk size: 28208 Chunk type: puNk CRC: 8cccb594 Chunk size: 0 Chunk type: IEND Reached EOF

26. http://i.imgur.com/Qk5BP19.png

27. Demo Time!

28. Lesson 1 Do not trust user input

29. Lesson 2 Do not trust anyone

30. Lesson 3 Doge meme isn’t dead wow much brave such

    opinion

31. Thanks!!