03-19, 12:30–13:20 (UTC), Mainstage
This talk provides a brief overview of the history of steganography, with a detailed explanation & live demonstration of a PoC steganography based shellcode encoder/runner I wrote. This demonstrates a defence evasion technique by hiding malicious payloads in plain sight, within benign images. This talk finishes with a live analysis of samples of malware found in the wild that abuse steganography.
Steganography is the art of concealing data from within another seemingly unrelated medium, such as an image, video, text, or physical object. The first recorded use of steganography predates Christ, and it has remained a prevalent technique used by intelligence agencies, terrorists, hackers and many more to evade detection ever since.
This presentation provides a brief overview of the history of steganography and the various methods to perform it. I will also explain, in detail, the concept of Least Significant Bit (LSB) steganography and how I used this method to create a steganography based shellcode encoder and runner. This technique enables a route for evasion of detection, by concealing malicious payloads from within benign images. The talk will finish with an analysis of a real sample of malware, found in the wild, that abuses steganography for evasion.
Ben is massive cyber-nerd, with a passion for creative defence-evasion techniques, reverse-engineering malware and fighting adversaries! He currently works full time in a SOC for Accenture/Context Information Security. In his spare time you'll find him dissecting malware captured in his honeypots, pwning boxes and recording his solutions for his YouTube, or enjoying a pint in the pub.