From the course: Ethical Hacking: System Hacking
Detecting steganography
From the course: Ethical Hacking: System Hacking
Detecting steganography
- [Voiceover] Detecting steganography is not always easy, however it's important to be aware of stegonography as law enforcement is now becoming more and more involved. Steganography can be used for corporate espionage, terrorism, and child pornography. Image steganography tools hide the message in a carrier by bit manipulation, such as using the least significant bit to insert the pay load. When using the least significant bit on a palette based image this often causes a large number of duplicate colors, where nearly identical colors appear twice in the palette. And these are called "color buddies." Detecting stegonography is done by steganalysis. Now the best way to detect if there's stegonography is to compare the image against the original, however that most likely is not possible, therefore a deeper look into the file is required. We might want to watch for an unusually large image. For example, anything on the Internet, any image that's placed on a webpage is usually done what's called optimization. That washes the image so it then loads faster. A large image might indicate there is a payload. If the carrier image was not dense enough, the detection could be viewed with the naked eye and this is called block artifacts. Over here on the right hand side we see Jasper. In the top picture is the original. Down below we can see what it might look like if an unusually large file were to be inserted into the image. WetStone is a company that has what's called Stego Suite. These products deal directly with Stego analysis and there is a number of different products involved in the suite. Stego Analyst is a feature rich tool that allows an investigator to search for visual clues for evidence of stegonography being used in an image or audio file. Once a suspected carrier is found, Stego Watch scans the entire file system and flags suspected files and returns the results into an interface or workbench. Now encryption has made steganalysis harder because it increases the randomness and recovery of the contents cannot be done unless you have a key. Stego Break is a tool designed to obtain the passphrase that has been used on a file found to contain stegonography. So that the contents can be revealed. The bottom line though is new steganography algorithms are being written all the time with better methods to conceal.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.