As inspiring cyber security professionals, we are always trying to increase our capacity in detecting and preventing harm. Steganography, hiding sensitive files inside of images, is a threat becoming ever more refined in the hands of those looking to subvert the rule of law. Because most correspondence among enemies can be overheard or decrypted, the best alternative is to hide your communication inside of something non-threatening. This cold drop, which doesn't need to involve the sender and receiver to meet or even know one another, causes a grave threat to the security of public and private ventures.
You can find us at Table 44
What it does
Pulling from a folder, this command line analyzes images, posting metadata, carving appended or hidden files, translating files that are encoded with hex, and transforming audio files into spectograms. These outputs are put in a SQL data set where the contents can be further logged and tested. Ideally, this system can be fed through API that harvests images from social media sites involving suspected malicious actors, communicating to their followers or co-conspirators through cold-drops like this.
How we built it
Code. Lots of code. And Red Bull. Lots of Red Bull. We found a suite of digital forensics tools that are used in the field to solve these problems, and put those commands in one script, to access and run on each image in a folder. The outputs retrieved from this are put into ____
Challenges we ran into
There are a lot of ways to hide files. It is difficult to find the right code that works for a variety of file formats to effectively scan a large number of images.
Accomplishments that we're proud of
Compiling multiple commands into a single script, automating the exchange of the output of this script into a SQL data set.
What's next for StegBuster
We want to keep adding options to it. With more time, Hydra can be added to break passwords, another layer of security in steganography, that are found in the image files. While hex translation is possible, we will work to automate this process, so the encrypted text that is carved out from the image file can be immediately moved into plaintext.