Hiding PII and Malware with Stegware - GeekcampSG 2020

Published on: Wednesday, 30 September 2020

Skip to talk at 0:52 • Q&A in the description

Learn what is steganography, how it can be used to hide PII data and even send malware and C&C IPs on pictures and audio files.

Juan Araya is a certified pentester and cybersecurity specialist. He is from Costa Rica and relocated to Spain in 2019. He has multiple cybersecurity certifications and also a master degree in Cybersecurity. He works for Tata Consultancy Services Spain as a Cloud Security Lead. He participated as speaker in multiple cybersecurity conferences around the world such as Navaja Negra 2019 (Spain), Bsides 2020 (Panama), DojoConf 2020 (Panama) and SyberXchange (Canada).

Slides at: https://drive.google.com/drive/folders/1Z0vrTQpsOwFbvQHmQgDmcJFHfip28XGZ?usp=sharing

Q: I am just curious, say there are memes out that have malware embedded in them, how can it actually cause harm? you still have to extract them out and execute them for them to be harmful right?
A: Yes, memes could contain embedded malware. So, with social engineering techniques, you can upload memes pictures into a website. If you have a BeEF(Browser exploitation framework) with a hook.js that will enable the attacker to communicate with the victim's browser, a picture that contains a malware, access to the victim's browser, the attacker could extract the payload and execute it in memory

With BeEF you can even interact using metasploit. Here you will find a demo that I shared a few months ago about how to use BeEF to perform social engineering attacks. https://www.youtube.com/watch?v=t44yGNg-UtI. It is in spanish, however you will be able to see how you can control the victim's browser. and do many interesting things, such as sending files, creating backdoors, redirections

Q: Can BeEf directly exploit the browser? why need to go such a big round?
A: To get under the radar. If you just sent the payload/malware via email. It could be easily detected

Q: Is there anyway we can protect ourself against that?
A: In the slide 32 I mentioned some actions that you can perform to protect your company and friends against stegware attacks: continuous cybersecurity awareness, endpoint security and HIPS, stegware detection systems

Visit https://geekcamp.sg for more information about GeekcampSG