Steganography

Adversaries may use steganography techniques in order to prevent the detection of hidden information. Steganographic techniques can be used to hide data in digital media such as images, audio tracks, video clips, or text files.

Duqu was an early example of malware that used steganography. It encrypted the gathered information from a victim's system and hid it within an image before exfiltrating the image to a C2 server.

By the end of 2017, a threat group used Invoke-PSImage to hide PowerShell commands in an image file (.png) and execute code on a victims system. In this particular case the PowerShell code downloaded another obfuscated script to gather intelligence from the victim's machine and communicate it back to the adversary.

Example

Will use the Invoke-PSImage sample where we will simply attach a PS1 Script (PowerUp) and have it check for privilege escalation methods.

Something important to remember is that the image has to be Larger than the PS1 Payload Script

Once the script is done it will output the one-liner that is needed to execute the payload inside the Image

And a Successful Shell

Of Course there are various methods of Steganography and it doesn't only stop with images these can range from Music Files to Videos as well.

PreviousSoftware Packing NextCompile After Delivery

Last updated 3 years ago