Steganography

Steganography#

Or the art of hiding things in plain sight….

Tools#

Strings#

Hexedit#

Why not take a look at the raw data and see what you can find. Just because their is an end to the data, doesnt mean it’s the end of the file.

hexedit

Exiftool#

Used for examining a file for extra information. This normally includes metadata that isnt obviously seen in the file. This could include capture location, date, device etc. Most social media / image sharing sites scrub this data, but it cant hurt to check.

Another check, the ‘colour components’ may indicate another layer (such as alpha).

Exiftool

steghide#

Used for hiding data in another file (jpeg or wav)

binwalk#

Used for examining a file for other files that may be included. It can extract them too!

binwalk

Stegsnow#

Used for hiding data in ASCII files (text). To store

stegsnow -C -m “secrets” -p “superpassword”

To extract

stegsnow -C -p “superpassword”

If it comes back empty, nothing there sorry.

tineye#

Tineye.com does reverse image search. Maybe see if the file source can give any hints.

Stegseek#

Bruteforce a file for hidden data against a wordlist. Looks to try extracting against common tools that can use a password to store (such as steghide).

Zsteg#

This one isnt in the standard repos, you have to install it with gem

sudo gem install zsteg

It looks for data using a multiple methods and displays these clearly.