OSINT 1

The Steg Chronicles: How to Easily Send Secret Messages Using Steganography

z3я0тяυѕт

z3я0тяυѕт

Sep 24, 2020·13 min read

Image for post

But, Why Would I Need To Use Something Like This?

Doing the Secrecy Thing

  1. Select a steganography application. Choose any steganography you feel comfortable using, free, or paid. Some work with Windows or only-Linux, just read the ReadMe.txt file or the app info on the website prior to downloading. If possible, check the download file hash before installing the program against the publisher’s website if they were kind enough to provide a file hash to ensure you don’t accidentally download a malicious file that could install malware on your computer. Your anti-virus software may freak out on some of the installation files because some AV software might recognize steg app file types as malicious but that is not usually the case in my experience. If you’re confident the steganography application is legitimate and safe to download, then proceed with the installation. For the purposes of this article, I have chosen the free QuickStego steg application.

Image for post

The free QuickStego steganography application

Image for post

Sample secret message that will serve as the embedded, hidden file

Image for post

File properties of the secret message file

Image for post

The image cover file that the secret message will be embedded into

Image for post

Image for post

Image for post

Image for post

Image for post

Image for post

Image for post

Image for post

Stego file image with the secret text message embedded (*the file sometimes gets altered when copying it to a blog CMS, a phenomena that is beyond my control — but rest assured the tool works)

Image for post

Image for post

Image for post

Potential Interception & Steganalysis

There is always the possibility that someone intercepts your email and gets hold of the stego image file. Perhaps law enforcement or some spy agency somewhere… What happens then? Before that, however, let me interject to tell you that you’re probably overexaggerating your value as a high-value target (HVT) that is being actively monitored in real-time by LEOs and/or some spy agency. I hate to be the one to break it to you, but chances are that these government agencies and police detectives are busy focusing their precious few resources elsewhere to concentrate on actual threats. But hey, you never know, so let’s wargame this out a bit shall we?

Image for post

Using WinHex to analyze the image file’s hexadecimal properties for anomalies — no anomalies found using this tool method

Image for post

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.