Sign up to save your podcasts
Or
Share HPR2707: Steganalysis 101
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
HPR2707: Steganalysis 101
1. Introduction
Hello and welcome to Hacker Public Radio, I’m Edward Miro and I’ve been a fan of HPR for a while now and really love its collaborative and random nature. It’s always been important for me to support the hacking community. I always take any opportunity to give back to this community who have given me so much throughout the years. I’ve also always subscribed to the idea that the best way to learn something is by teaching and I hope to do a good job for all you listeners. This talk is on mystical art of steganalysis which is the process of identifying the presence of and decrypting (hopefully) steganography.
2. What is steganography?
I’m into hacking, but I’m not a professional hacker. Usually I call myself a hobbyist. I like CTFs, crypto challenges, lots of stuff from Vulnhub or OverTheWire, things like that. I’ll provide some links in the end if anyone is interested, but for those who aren’t familiar a CTF, or Capture The Flag, it’s a kind of game that helps you get better at hacking. These days there are tons of VMs that are setup to be intentionally vulnerable to different techniques or attacks. You load the VM and pretend it’s a server you want to attack and follow your standard hacking protocols. Some are setup to be boot to root challenges where you ‘win’ when you get root and some are setup with flags that you can find hidden in the target worth points. There are in person and online CTFs and they’ve gotten pretty popular with the National Cyber League being a major competition. Some are easy, some are really hard and most have really good write-ups that can teach you so much about INFOSEC, penetration testing and actually let you practice the techniques in a relatively easy and legal way.
Where steganography comes in to this discussion is that it’s an element you sometimes see used in the kinds of challenges I mentioned previously and also in alternate reality games, online recruitment challenges by national agencies/big tech companies and militarys. They are even used in real world espionage and intelligence work or super spooky secret challenges like Cicada 3301.
Simply put steganography (and I’m pasting this straight out of Wikipedia): “is the practice of concealing a file, message, image, or video within another file, message, image, or video”. Steganography is used to hide secrets in plain sight. It’s a way to send a message, without anyone detecting that a message is even being sent.
I’ll give you more examples in the next section, but imagine a letter that has a secret written in invisible ink. Only the sender and receiver should know about the invisible ink and any eavesdroppers should be none the wiser. This simple example has been used by countless prisoners whose mail is routinely read and examined. Terrorists and spies the world over also use steganography and are known to embed messages in an image and post it online. With how many image hosting sites there are, with millions of people posting to them billions of images day in and day out, you can see why steganography can be such a challenge to combat. Before I move on to some more specific examples I want to stress again that I’m not an expert on cryptography or steganography. While researching for this podcast it’s overwhelmingly clear that you could spend your whole career focused on only steganography. This talk is just a primer on the subject and only the tip of the iceberg.
3. Examples (also from Wikipedia, the great repository of all knowledge)
Analog:
Head shaving
Invisible ink
Knots tied into ropes
Messages hidden under stamps on envelopes
Mixed typeface
Using a grille cipher
Sending messages via newspaper classifieds
View all episodes
By Hacker Public Radio
4.2
3434 ratings
1. Introduction
Hello and welcome to Hacker Public Radio, I’m Edward Miro and I’ve been a fan of HPR for a while now and really love its collaborative and random nature. It’s always been important for me to support the hacking community. I always take any opportunity to give back to this community who have given me so much throughout the years. I’ve also always subscribed to the idea that the best way to learn something is by teaching and I hope to do a good job for all you listeners. This talk is on mystical art of steganalysis which is the process of identifying the presence of and decrypting (hopefully) steganography.
2. What is steganography?
I’m into hacking, but I’m not a professional hacker. Usually I call myself a hobbyist. I like CTFs, crypto challenges, lots of stuff from Vulnhub or OverTheWire, things like that. I’ll provide some links in the end if anyone is interested, but for those who aren’t familiar a CTF, or Capture The Flag, it’s a kind of game that helps you get better at hacking. These days there are tons of VMs that are setup to be intentionally vulnerable to different techniques or attacks. You load the VM and pretend it’s a server you want to attack and follow your standard hacking protocols. Some are setup to be boot to root challenges where you ‘win’ when you get root and some are setup with flags that you can find hidden in the target worth points. There are in person and online CTFs and they’ve gotten pretty popular with the National Cyber League being a major competition. Some are easy, some are really hard and most have really good write-ups that can teach you so much about INFOSEC, penetration testing and actually let you practice the techniques in a relatively easy and legal way.
Where steganography comes in to this discussion is that it’s an element you sometimes see used in the kinds of challenges I mentioned previously and also in alternate reality games, online recruitment challenges by national agencies/big tech companies and militarys. They are even used in real world espionage and intelligence work or super spooky secret challenges like Cicada 3301.
Simply put steganography (and I’m pasting this straight out of Wikipedia): “is the practice of concealing a file, message, image, or video within another file, message, image, or video”. Steganography is used to hide secrets in plain sight. It’s a way to send a message, without anyone detecting that a message is even being sent.
I’ll give you more examples in the next section, but imagine a letter that has a secret written in invisible ink. Only the sender and receiver should know about the invisible ink and any eavesdroppers should be none the wiser. This simple example has been used by countless prisoners whose mail is routinely read and examined. Terrorists and spies the world over also use steganography and are known to embed messages in an image and post it online. With how many image hosting sites there are, with millions of people posting to them billions of images day in and day out, you can see why steganography can be such a challenge to combat. Before I move on to some more specific examples I want to stress again that I’m not an expert on cryptography or steganography. While researching for this podcast it’s overwhelmingly clear that you could spend your whole career focused on only steganography. This talk is just a primer on the subject and only the tip of the iceberg.
3. Examples (also from Wikipedia, the great repository of all knowledge)
Analog:
Head shaving
Invisible ink
Knots tied into ropes
Messages hidden under stamps on envelopes
Mixed typeface
Using a grille cipher
Sending messages via newspaper classifieds
More shows like Hacker Public Radio
View all
The Infinite Monkey Cage
1,952 Listeners
Click Here
418 Listeners
Hacker And The Fed
168 Listeners