Steganography : Transfer Secrets Secretly
Sending data secretly has been improved greatly. From ftp to ssh, http to https, every mode has been secured and being more securer improving the present version shh to ssh2, tls to tls 1.3. But still people can see some data is sent. So what’s the way do transfer them without being seen by someone ?
Thanks to Johannese Trithemius for using the term in his Steganographia, a treatise on cryptography and steganography.
Steganography is an art of hiding information behind another object. The word Steganography comes from the Greek word Steganographia, combing the words Steganos (means covered or concealed) and Graphia (means writing).
Those days message were hidden on papers using secret inks, morse code being stitched in clothes, photographically produced microdots, morse code by the blink in eyes.
At the digital world messages are being shared between different parts of the world and though being secured it is still visible that some message is being passed. At the present world steganography is done in electronic form
The advantage is that in steganography is that the information shared does not attract attention as it is embedded into the object seen as whole, whereas in the cryptographic form it provides a huge string of characters.
Types of Steganography:
Text steganography
Image steganography
Video steganography
Audio steganography
Network steganography

The above image explains the working of process of steganography.
Basic steps involved in steganography:
The cover file is selected
The information is embedded into the cover file with an encryption key
The output of the above process is called the stego-file
This file is shared and it reaches the receiver
The receiver extracts the stego-file with the decryption key and extracts the secret information.

Data is hidden in pixels of the image
There are many tools available for this purpose. Some are:
Steghide
Stegosuite
Zsteg
Sonic Visualizer
OpenPuff
Xiao Steganography
In this blog I would showcase 2 of them. One for a jpeg/jpg file and a wav audio file. I would be using linux to showcase. Many tools are also available for Windows and Mac
Steghide
Steghide is a tool for hiding data in images, specially for jpeg/jpg.

Short manual page of steghide

hide is file to be hidden

Image before hiding data

Image after hiding data

Extracting the hidden message
Sonic Visualizer
Sonic Visualizer is tool for analysing the spectrogram(hidden data) of an audio.

Sonic Visulaizer

-Click File -> Open and select the audio

Click Layer -> Add Spectrogram
The hidden message in this .wav file is “Google”.
Many other tools perform steganography with different capabilities. Steganography was developed for secure communication. However, criminals and terrorist organizations are using for their own purposes. Understanding how steganography works can be very helpful in attack as well as defense.
POST BY
Daadreyaa
Bluefire Redteam Intern
Follow Daadreyaa on:
https://www.linkedin.com/in/daadreyaa-d-67a9191b9
Instagram: daadreyaa