#steganography — Public Fediverse posts

🕶️ 2026.lat – Invisible watermark tool.

Compress images, rename sequentially, and hide ANY secret text inside pixels (LSB steganography). No server uploads. No tracking. 100% local.🤍

Choose visible watermark or invisible message. Extract later with one click.🧊

🔗 https://2026.lat

#Privacy #Steganography #OpenWeb #NoTracking #mastodon

---
#culture #photo

🕶️ 2026.lat – Invisible watermark tool.

Compress images, rename sequentially, and hide ANY secret text inside pixels (LSB steganography). No server uploads. No tracking. 100% local.🤍

Choose visible watermark or invisible message. Extract later with one click.🧊

🔗 https://2026.lat

#Privacy #Steganography #OpenWeb #NoTracking #mastodon

---
#culture #photo

🕶️ 2026.lat – Invisible watermark tool.

Compress images, rename sequentially, and hide ANY secret text inside pixels (LSB steganography). No server uploads. No tracking. 100% local.🤍

Choose visible watermark or invisible message. Extract later with one click.🧊

🔗 https://2026.lat

#Privacy #Steganography #OpenWeb #NoTracking #mastodon

---
#culture #photo

🕶️ 2026.lat – Invisible watermark tool.

Compress images, rename sequentially, and hide ANY secret text inside pixels (LSB steganography). No server uploads. No tracking. 100% local.🤍

Choose visible watermark or invisible message. Extract later with one click.🧊

🔗 https://2026.lat

#Privacy #Steganography #OpenWeb #NoTracking #mastodon

---
#culture #photo

🕶️ 2026.lat – Invisible watermark tool.

Compress images, rename sequentially, and hide ANY secret text inside pixels (LSB steganography). No server uploads. No tracking. 100% local.🤍

Choose visible watermark or invisible message. Extract later with one click.🧊

🔗 https://2026.lat

#Privacy #Steganography #OpenWeb #NoTracking #mastodon

---
#culture #photo

Hello. I'm @[email protected] in yet another Sisyphean task to find an alternative #Fediverse instance as Calckey is facing lots of Bad Gateways and, as of recently, an annoying influx of spam (which also ends up contributing to the Bad Gateways). Seems like Ruud (Calckey admin) didn't see my report regarding the latter, and this worries me as this means that server could be seen as "unmoderated" and defederated by other instances I interact with. I'm yet to see how federated is this Catodon instance, because other Misskey-like instances I tried in the past (such as Evil Social) had little to no federation with Lemmy instances.

As this is my first post for this account, I'll try to describe the kind of content I'm used to post in the next paragraphs (while also testing how similar this instance is to the Calckey instance I'm used to).

I often post my #digitaldrawings and other kinds of #occult #art centered on my actual beliefs. My #artistic expressions, which mostly stems from actual #gnosis, sometimes manifest as #poetry and/or #Blender #3dmodeling scenarios and/or #memes and/or #code (because I'm also a #dev who codes in several #programming languages, including #javascript, #ruby and #python, and I use #arch #linux, btw). Many of my artistic expressions, particularly my #drawings and my #writings, are NSFW and will be labeled as so. Oh, sometimes I do ancient writing, too, including actual attempts on Sumerian texts (based on actual, available Sumerian Lexicons). And I sometimes do #steganography as well (I'm quite fond of things such as #math #puzzles and hidden messages; and, no, this post has no hidden message, I'm quite in a mental budget here). I'm a detail-oriented person, as you may notice from this post alone.

As for my beliefs, I have a syncretic worship for #Lilith Who, I believe, has the same cosmic principle that from #Ereshkigal, #Kali, #Hecate, #Pombagiras (esp. Dama da Noite and Rosa Caveira), among many other names across belief systems, as my syncretism is based on several belief systems such as #Thelema, #Luciferianism, #Gnosticism, #Hermeticism, #Sumerian, #Egyptian, #Quimbanda and others. I also believe in other entities, not with the same worshiping, but with similar respect for #Lucifer, #Baphomet and #Stolas (I don't agree with the Goetian approach of constrained summoning, for Stolas and other Daemons are cosmic teachers who deserve our due respect).

I've been hyper-fixated on #owls, especially some #owl species such as Athene cunicularia (burrowing owls), _Bubo ascalaphus (Pharaoh Eagle-owl), because owls are one of the main theophanic manifestations of the #goddess. See the taxonomic binomials? Yes, I often do this bizarre intertwining between the religious and the scientific, because I don't believe in siloed knowledge.

I'm #Brazilian and some of my posts will be in #portuguese, sometimes alongside English text, tal como estou fazendo nesse parágrafo.

I'm likely #neurodivergent and #audhd (albeit undiagnosed), hence why my posts (including this one I'm composing) is so prolifically lengthy and mixing concepts/skills so disparate, for my mind is always agitated and restless.

I'm mostly #anarchist and I don't believe humanity is the only intelligent species on this Pale Blue Dot, for there are countless other species such as corvids (esp. New Caledonian crows; I believe crows and ravens as manifestations of Lucifer just like owls are manifestations of Lilith) who are as intelligent (if not more) as us Homo sapiens.

I'm mostly #nihilist and #pessimist with certain inspiration from philosophers such as Philipp Mainländer. I may sound depressive (do I sound this way in this post? It doesn't seem so) because I am depressive since my childhood and, yes, I tried mental health care to no avail (psychiatrists can't understand, for example, how #Demiurge and his archons sucks and how the Goddess is our true cosmic Mother).

That's mostly me. "Mostly" because I'm not really able to fit labels or tribes. I don't quite belong. I really liked the 5000 char limit from this instance.

#introduction

#LLMs and Text-in-Text #Steganography - https://www.schneier.com/blog/archives/2026/05/llms-and-text-in-text-steganography.html "Turns out that LLMs are really good at hiding text messages in other text messages."

LLMs and Text-in-Text Steganography

Turns out that LLMs are really good at hiding text messages in other text messages.... https://www.schneier.com/blog/archives/2026/05/llms-and-text-in-text-steganography.html

#academicpapers #Uncategorized #steganography #LLM

Finder comments, steganography and malware

https://fed.brid.gy/r/https://eclecticlight.co/2026/04/28/finder-comments-steganography-and-malware/

Hide Data Using Steganography

https://www.youtube.com/watch?v=nEZbnh4Ht6g

#linux #opsec #steganography #privacy #hacking #archlinux #opensource

@Lana if musical notes are representations of numbers or letters, is it a hidden message of some kind?

#encoding #encryption #steganography #musicencoding

🍝 "Steganogravy"—because nothing screams #cybersecurity like hiding state secrets in grandma's gravy recipe. 🤦‍♂️ Fear not, dear readers, for this culinary cloak-and-dagger masterpiece ensures your clandestine data is well-protected from AI bots and big brother by drowning it in beef broth. 🕵️‍♀️🧅
https://theo.lol/python/ai/steganography/seo/recipes/2026/03/27/a-recipe-for-steganogravy.html #Steganography #CulinarySecrets #AIProtection #BeefBroth #HackerNews #ngated

A Recipe for Steganogravy

https://theo.lol/python/ai/steganography/seo/recipes/2026/03/27/a-recipe-for-steganogravy.html

#HackerNews #Steganography #AI #Cooking #Recipes #Tech #Innovation

Most security gateways are blind to what’s hiding in plain sight. Our latest deep dive breaks down how hackers turn benign JPEGs and text files into invisible delivery vehicles for malware. Don't let your defense ignore the "noise." 🛡️👁️

#CyberSecurity #Steganography #InfoSec

https://bdking71.wordpress.com/2026/03/31/the-silent-breach-why-your-security-gateway-cant-see-the-malware-in-your-images/?utm_source=mastodon&utm_medium=jetpack_social

The Silent Breach: Why Your Security Gateway Can’t See the Malware in Your Images

3,217 words, 17 minutes read time.

The Invisible Threat: Why Modern Cybersecurity Cannot Afford to Ignore Digital Steganography

In the current era of high-frequency cyber warfare, the most effective weapon is not necessarily the one with the highest encryption standard, but the one that remains entirely undetected until the moment of execution. While the industry spends billions of dollars perfecting cryptographic defenses to ensure that intercepted data cannot be read, a more insidious technique is resurfacing in the arsenals of advanced persistent threats: steganography. Unlike encryption, which transforms a message into an unreadable cipher—essentially waving a red flag that says “this is a secret”—steganography focuses on concealing the very existence of the communication. By embedding malicious payloads, configuration files, or stolen credentials within seemingly mundane carriers like a digital photograph of a corporate headquarters or a standard text readme file, attackers are successfully bypassing traditional security perimeters. Analyzing recent threat actor behaviors reveals that this is no longer a niche academic curiosity but a foundational component of modern malware delivery and data exfiltration strategies.

The primary danger of digital steganography lies in its exploitation of trust and the inherent limitations of automated scanning tools. Most Security Operations Centers (SOCs) are tuned to identify known malicious file signatures, suspicious executable behavior, or anomalies in encrypted traffic. However, a JPEG or PNG file is generally viewed as benign, often passing through email gateways and firewalls with minimal scrutiny beyond a basic virus scan. When a hacker hides data inside these files, they are leveraging the “noise” of the digital world to mask their signal. This methodology allows for a level of persistence that is difficult to combat, as the malicious content does not reside in a separate file that can be easily quarantined, but is woven into the fabric of legitimate business assets. As we move further into a landscape defined by zero-trust architectures, understanding the technical mechanics of how these hidden channels operate is a prerequisite for any robust defense strategy.

The Mechanics of Deception: How Least Significant Bit (LSB) Encoding Exploits Image Data

To understand how a hacker compromises a digital image, one must first understand the underlying structure of digital color representation. Most common image formats, such as $24$-bit BMP or PNG, represent pixels using three color channels: Red, Green, and Blue (RGB). Each of these channels is typically allocated $8$ bits, allowing for a value range from $0$ to $255$. When an attacker utilizes Least Significant Bit (LSB) encoding, they are targeting the rightmost bit in that $8$-bit sequence. Because this bit represents the smallest incremental value in the color intensity, changing it from a $0$ to a $1$ (or vice versa) results in a color shift so infinitesimal that it is mathematically and visually indistinguishable to the human eye. For instance, a pixel with a Red value of $255$ ($11111111$ in binary) that is changed to $254$ ($11111110$) remains, for all practical purposes, the same shade of red to any casual observer or standard display monitor.

By systematically replacing these least significant bits across thousands of pixels, an attacker can embed an entire secondary file—such as a PowerShell script or a Cobalt Strike beacon—within the “carrier” image. The process begins by converting the malicious payload into a binary stream and then iterating through the pixel array of the target image, swapping the LSB of each color channel with a bit from the payload. A standard $1080\text{p}$ image contains over two million pixels, which provides ample “real estate” to hide significant amounts of data without causing the type of visual artifacts or “noise” that would trigger a manual review. Furthermore, because the overall file structure and headers of the image remain intact, the file continues to function perfectly as an image, successfully deceiving both the end-user and many signature-based detection systems that only verify if a file matches its declared extension.

The technical sophistication of LSB encoding can be further heightened through the use of pseudo-random number generators (PRNGs). Instead of embedding the data in a linear fashion from the first pixel to the last—which creates a detectable statistical pattern—the attacker can use a secret key to seed a PRNG that determines a non-linear path through the pixel map. This effectively scatters the hidden bits throughout the image in a way that appears as natural “entropy” or sensor noise to basic statistical analysis tools. Consequently, without the specific algorithm and the corresponding key used to embed the data, extracting the payload becomes a significant cryptographic challenge. This layer of complexity ensures that even if a file is suspected of harboring a payload, proving its existence and retrieving the contents requires specialized steganalysis techniques that are often outside the scope of standard incident response.

Beyond Pixels: Hiding Payloads in Image Metadata and Headers

While LSB encoding focuses on the visual data of an image, a more straightforward and increasingly common method involves the exploitation of non-visual data segments, specifically headers and metadata fields. Every modern image file contains a variety of metadata, such as Exchangeable Image File Format (EXIF) data, which stores information about the camera settings, GPS coordinates, and timestamps. Attackers have recognized that these fields, intended for descriptive text, are essentially unregulated storage bins that can hold malicious strings. By injecting base64-encoded commands or encrypted URLs into the “Artist,” “Software,” or “Copyright” tags of an image, a threat actor can provide instructions to a piece of malware already residing on a victim’s machine. The malware simply “phones home” by downloading a benign-looking image from a public site like Imgur or GitHub and then parses the EXIF data to find its next set of instructions.

This technique is particularly effective for maintaining Command and Control (C2) infrastructure because it mimics legitimate web traffic. A firewall is unlikely to block an internal workstation from reaching a common image-hosting domain, and the payload itself is never “executed” in the traditional sense; it is merely read as a string by a separate process. Beyond standard metadata, hackers also target the internal structure of the file format itself, such as the “Comment” segments in JPEGs or the “chunks” in a PNG file. PNG files are organized into discrete blocks of data—such as IHDR for header information and IDAT for the actual image data—but the specification also allows for “ancillary chunks” (like tEXt or zTXt) which are ignored by most image viewers. An attacker can create custom, non-critical chunks that contain large volumes of data, effectively turning a simple icon into a delivery vehicle for a multi-stage malware dropper.

One of the most dangerous manifestations of this header manipulation is the creation of “polyglot” files. A polyglot is a file that is valid under two different file formats simultaneously. For example, a skilled attacker can craft a file that begins with the “Magic Bytes” of a GIF file (e.g., 47 49 46 38), ensuring that any image viewer or web browser treats it as a graphic, but also contains a valid Java Archive (JAR) or a web-based script further down in its structure. When this file is handled by a browser, it displays as an image, but if it is passed to a script interpreter or a specific application vulnerability, it executes as code. This dual-identity approach creates a massive blind spot for security products that rely on file-type identification to apply security policies. By blending the executable logic with the static data of an image, hackers have successfully created “stealth” files that are nearly impossible to categorize correctly without deep, byte-level inspection of the entire file body.

Text-Based Subversion: Linguistic Steganography and Zero-Width Characters

While the manipulation of high-entropy image files provides a vast playground for hiding data, hackers often prefer the simplicity and ubiquity of text files to evade modern detection engines. Text-based steganography is particularly dangerous because it exploits the very foundation of digital communication: the way we render characters on a screen. One of the most sophisticated methods involves the use of Unicode zero-width characters. These are non-printing characters, such as the Zero-Width Joiner (U+200D) or the Zero-Width Space (U+200B), which are designed to handle complex ligatures or invisible word breaks. Because these characters have no visual width, they are completely invisible to a human reading a text file or an administrator viewing a configuration script. However, to a computer, they are distinct pieces of data. An attacker can map these invisible characters to binary values—for instance, using a Zero-Width Joiner to represent a ‘1’ and a Zero-Width Non-Joiner to represent a ‘0’—allowing them to embed an entire encoded script inside a perfectly normal-looking README.txt file or even a social media post.

Beyond the use of “invisible” characters, hackers frequently leverage whitespace steganography, a technique that hides information in the trailing spaces and tabs of a document. In environments where source code is frequently moved between developers, a file containing extra spaces at the end of lines is rarely viewed with suspicion; it is usually dismissed as poor formatting or a byproduct of different text editors. Tools like “Snow” have long been used to conceal messages in this manner, effectively turning the “empty” space of a document into a covert storage medium. This is particularly effective in bypassing Data Loss Prevention (DLP) systems that are programmed to look for specific keywords or patterns of sensitive data like credit card numbers. By breaking a sensitive string into binary and hiding it as a series of tabs and spaces within a large corporate policy document, the data can be exfiltrated without triggering any signature-based alarms, as the document’s visible content remains entirely benign and policy-compliant.

Linguistic steganography represents the peak of this deceptive art, shifting the focus from bit-level manipulation to the nuances of human language itself. Rather than relying on technical “glitches” or hidden characters, this method involves altering the structure of sentences to carry a hidden message. By using a pre-defined dictionary and specific grammatical variations, an attacker can construct sentences that appear natural but encode specific data points based on word choice or sentence length. For example, a seemingly innocent email about a lunch meeting could, through a specific arrangement of adjectives and nouns, encode the IP address of a new Command and Control server. This form of “mimicry” is incredibly difficult for automated systems to detect because it does not involve any unusual file properties or illegal characters. It relies on the semantic flexibility of language, making it one of the most resilient forms of covert communication available to sophisticated threat actors who need to maintain long-term, low-profile access to a target network.

Real-World Weaponization: Case Studies in Malware and Data Exfiltration

The transition of steganography from a theoretical concept to a primary weapon in the wild is best illustrated by the evolution of exploit kits and state-sponsored campaigns. One of the most notorious examples is the Stegano exploit kit, which gained notoriety for hiding its malicious logic within the alpha channel of PNG images used in banner advertisements. The alpha channel, which controls the transparency of pixels, provides a perfect hiding spot because small variations in transparency are virtually impossible for a human to see against a standard web background. By embedding encrypted code in these advertisements, the attackers were able to redirect users to malicious landing pages without the users ever clicking a link or the ad-networks ever detecting the payload. This “malvertising” campaign demonstrated that steganography could be scaled to target millions of users simultaneously, turning the visual infrastructure of the internet into a delivery system for ransomware and banking trojans.

Advanced Persistent Threat (APT) groups, such as the North Korean-linked Lazarus Group, have refined these techniques to maintain persistence within highly secured environments. In several documented campaigns, Lazarus utilized BMP (bitmap) files to deliver second-stage malware. These images, often disguised as legitimate documents or icons, contained encrypted DLL files hidden within their pixel data. Once the initial dropper was executed on a victim’s machine, it would download the BMP file, extract the hidden bytes from the image data, and load the malicious DLL directly into memory. This “fileless” approach is a nightmare for traditional antivirus solutions because the malicious code never exists as a standalone file on the disk; it is only reconstructed at runtime from the components hidden within the benign image. This method effectively neutralizes most perimeter defenses that rely on file-scanning, as the image file itself is technically valid and non-executable.

The use of steganography is not limited to the delivery of malware; it is equally effective for the silent exfiltration of sensitive data. During a major breach of a global financial institution, investigators discovered that insiders were using high-resolution digital photographs to smuggle proprietary trading algorithms out of the network. By using LSB encoding to hide the source code within the photos of “office pets” and “company outings,” the attackers were able to bypass DLP systems that were specifically tuned to block the transmission of code-like text or large archives. Because the files remained valid JPEGs, they were permitted to be uploaded to personal cloud storage and social media accounts. This highlights a critical flaw in many modern security architectures: the assumption that if a file looks like an image and acts like an image, it is nothing more than an image. These real-world cases prove that steganography is the ultimate tool for bypassing the “secure” perimeters that organizations rely on.

Detection and Defiance: The Technical Challenges of Steganalysis

Detecting the presence of hidden data within a carrier file, a field known as steganalysis, is a game of statistical probability rather than binary certainty. Unlike traditional virus detection, which relies on matching a file’s hash or signature against a database of known threats, steganalysis must look for anomalies in the file’s expected data distribution. One of the most common technical approaches is the use of Chi-squared ($\chi^2$) tests, which analyze the distribution of pixel values in an image. In a natural, unmodified image, the frequency of adjacent color values tends to follow a predictable pattern. However, when an attacker injects a binary payload into the Least Significant Bits, they introduce a level of artificial entropy that flattens this distribution. This statistical “signature” of randomness is often the only clue that an image has been tampered with. Specialized tools can scan directories of images, flagging those with an unusually high degree of LSB entropy for further investigation by forensic analysts.

Despite the power of statistical analysis, defenders face a significant hurdle known as the “Clean Image” problem. Steganalysis is exponentially more accurate when the analyst has access to the original, unmodified version of the file for comparison. Without this baseline, it is remarkably difficult to prove that a slight color variation or a specific metadata string is a malicious injection rather than a byproduct of the camera’s sensor noise or a specific compression algorithm. Furthermore, as attackers shift toward more sophisticated embedding methods—such as spread-spectrum steganography, which distributes the payload across many different frequencies within the image data—traditional statistical tests often fail. These techniques mimic the natural noise of the medium so closely that the signal-to-noise ratio becomes nearly impossible to decipher without the original key. This mathematical reality means that for many organizations, detection is not a scalable solution; instead, the focus must shift toward proactive neutralization.

Proactive defense, or “active warden” strategies, involve the automated sanitization of all incoming media files to ensure that any potential hidden channels are destroyed. Rather than trying to detect if a file is “guilty,” security gateways can be configured to “clean” every file by default. For images, this might involve re-compressing a JPEG, which slightly alters pixel values and effectively wipes out LSB-embedded data. For text files, a “sanitizer” can strip out all non-printing Unicode characters and normalize whitespace, effectively neutralizing zero-width character attacks. In high-security environments, some organizations go as far as “image flattening,” where an image is rendered into a canvas and then re-captured as a completely new file, ensuring that only the visual information survives and any hidden binary logic in the headers or metadata is discarded. This “zero-trust” approach to media handling is the only way to reliably defeat an adversary that specializes in hiding in plain sight.

Conclusion: The Future of Covert Channels in an AI-Driven World

The arms race between steganographers and security researchers is entering a new, more volatile phase driven by the rise of generative artificial intelligence. We are moving beyond the era of simply “hiding” data in existing files toward the era of “generative steganography,” where AI models can create entirely new, high-fidelity images or text blocks specifically designed to house a hidden payload from their very inception. These AI-generated carriers can be engineered to be statistically perfect, matching the expected entropy of a natural file so precisely that traditional steganalysis tools are rendered obsolete. As attackers begin to use Large Language Models (LLMs) to generate “innocent” emails that encode complex command-and-control instructions within the very flow of the prose, the challenge for defenders will shift from technical detection to semantic analysis. The “invisible” threat is becoming smarter, more adaptive, and more integrated into the standard tools of digital communication.

Ultimately, the resurgence of steganography serves as a critical reminder that cybersecurity is as much about psychology and subversion as it is about bits and bytes. By focusing exclusively on the “gates” of our networks—the firewalls, the encryptions, and the passwords—we have left the “windows” of our daily digital interactions wide open. A JPEG is rarely just a JPEG, and a text file is rarely just text. As long as there is a medium for communication, there will be a way to subvert it for covert purposes. For the modern security professional, the lesson is clear: true security requires a healthy skepticism of even the most benign-looking assets. Implementing deep-file inspection, automated media sanitization, and a rigorous zero-trust policy for all file types is no longer an optional luxury; it is a fundamental necessity in a world where the most dangerous threats are the ones you can’t see.

Call to Action

If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.

D. Bryan King

Sources

NIST SP 800-101 Rev. 1: Guidelines on Mobile Device Forensics (Steganography Overview)
MITRE ATT&CK: Steganography (T1027.003)
CISA Analysis Report (AR21-013A): Malicious Steganography in SolarWinds Aftermath
Verizon 2024 Data Breach Investigations Report (DBIR)
Kaspersky: Steganography in Contemporary Cyberattacks
Mandiant: Sophisticated Steganography in Targeted Attacks
SentinelOne: Digital Steganography and Malware Persistence
Krebs on Security: Malware Hides in Plain Sight via Steganography
Palo Alto Unit 42: Steganography in the Wild
McAfee Labs: The Art of Hiding Data Within Data
SANS Institute: Steganography – Hiding Data Within Data
Dark Reading: Why Steganography is the Next Frontier
Center for Internet Security (CIS): The Basics of Steganography
IEEE Xplore: A Review on Image Steganography Techniques

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

Related Posts

Rate this:

Steganography, the art of digital concealment

https://negativepid.blog/steganography-the-art-of-digital-concealment/

#steganography #cryptography #encryption #espionage #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #digitalInvestigations #OSINT #negativepid

Steganography, the art of digital concealment

https://negativepid.blog/steganography-the-art-of-digital-concealment/

#steganography #cryptography #encryption #espionage #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #digitalInvestigations #OSINT #negativepid

Breaking codes: cryptanalysis
https://negativepid.blog/breaking-codes-cryptanalysis/

#cryptanalysis #cryptography #steganography #privacy #espionage #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid

What is Covert Channel Amplification? What are History Covert Channels? I tried to summarize this in few words:

https://www.wendzel.de/misc/2026/02/28/history-cc.html

The post will be updated soon with our upcoming IFIP SEC 2026 paper.

#netsec #infosec #cybersecurity #cybersec #steganography #covertchannels #informationhiding #research

Secrets of the Steganographia, Saturday at 10am Pacific time, online! This class will explore the 16th century grimoire by Johannes Trithemius, look at the strange secret codes in it, and how they all tie together with the grimoire's spirit-based magic. Join me, learn some weird stuff, make your magic stranger!! Sign up here: https://momence.com/l/GBhG7EPv
#magic #occult #cryptography #steganography #secrets #codes

Y'all know how Stephen Skinner published a new, expensive version of "Steganographia" by Johannes Trithemius, but didn't include any of the information about the secret codes? It really irritated me! Anyhow, this Saturday at 10am Pacific, I am teaching an online classe, Secrets of the Steganographia, that covers these secret codes, how they interact with the spirit summoning magic of that book, and how you can incorporate them into a modern magical practice. Sign up here: https://momence.com/l/GBhG7EPv
#magic #occult #cryptography #steganography #secrets #codes
---

Stegano 2.2.0 is out!

Notable changes:

- Performance improvements — steganography operations are now 50–1000x faster (direct pixel access via load(), fixed O(n²) parsing issue)
- Support for hiding/revealing messages in PCM .wav files
- Added shi_tomashi generator support in stegano-lsb CLI

More details here: https://github.com/cedricbonhomme/Stegano/releases

#Stegano #Python #Steganography #OpenSource #Graphic

«Спрятать и не потерять»: Реализуем DSSS-стеганографию в MP3 на Python. AES-256 против сжатия с потерями

Принято считать, что стеганография в аудио умирает, как только файл пережимают в MP3. Классический метод LSB (замена младших битов) действительно не выдерживает встречи с психоакустической моделью сжатия — данные просто стираются как «неслышимый мусор». Но что, если подойти к задаче не как к замене битов, а как к радиосвязи? В этой статье мы напишем приложение ChameleonLab на Python (PyQt6 + NumPy). Мы откажемся от хрупких методов в пользу военной технологии DSSS (расширение спектра), применим криптографию AES-256 и научим наш сигнал выживать даже при перекодировании в 128kbps. Разберем математику корреляции, борьбу с рассинхронизацией ffmpeg и почему иногда шум — это хорошо.

https://habr.com/ru/companies/chameleonlab/articles/992996/

#DSSS #ChameleonLab #python #mp3 #стаганография #AES #steganography #аудиопроцессинг #спектральный_анализ

The encrypted files can still draw attention.

#Steganography covers even the presence of the data itself.

Read the blog to find out why encryption alone is no longer sufficient for privacy. 👉

https://neuronus.net/en/blog/what-is-steganographyand-why-file-encryption-is-not-enough

#DataPrivacy #Encryption #CyberSecurity #PrivacyTechnology #DigitalSecurity

Слепое пятно аудио-форензики: Реализуем скрытый канал передачи данных в метаданных MP3 на Python

Считаете, что спрятать файл внутри песни, не испортив звук, невозможно? Мы тоже так думали, пока не разобрали спецификацию ID3v2 до винтика. Оказывается, внутри каждого MP3-файла есть «слепая зона», куда можно положить ключи шифрования, документы или исходный код, и при этом: MD5 аудиопотока не изменится. Спектрограмма будет идеально чистой. Файл проиграется в любом плеере. Мы написали ChameleonLab: MP3 Stego на Python, чтобы доказать это. Внутри — полный разбор архитектуры, код и сценарии использования для защиты авторских прав.

https://habr.com/ru/companies/chameleonlab/articles/992276/

#Python #Steganography #MP3 #PyQt6 #Information_Security #Digital_Forensics #chameleonlab

Слепое пятно аудио-форензики: Реализуем скрытый канал передачи данных в метаданных MP3 на Python

Считаете, что спрятать файл внутри песни, не испортив звук, невозможно? Мы тоже так думали, пока не разобрали спецификацию ID3v2 до винтика. Оказывается, внутри каждого MP3-файла есть «слепая зона», куда можно положить ключи шифрования, документы или исходный код, и при этом: MD5 аудиопотока не изменится. Спектрограмма будет идеально чистой. Файл проиграется в любом плеере. Мы написали ChameleonLab: MP3 Stego на Python, чтобы доказать это. Внутри — полный разбор архитектуры, код и сценарии использования для защиты авторских прав.

https://habr.com/ru/companies/chameleonlab/articles/992276/

#Python #Steganography #MP3 #PyQt6 #Information_Security #Digital_Forensics #chameleonlab

Слепое пятно аудио-форензики: Реализуем скрытый канал передачи данных в метаданных MP3 на Python

Считаете, что спрятать файл внутри песни, не испортив звук, невозможно? Мы тоже так думали, пока не разобрали спецификацию ID3v2 до винтика. Оказывается, внутри каждого MP3-файла есть «слепая зона», куда можно положить ключи шифрования, документы или исходный код, и при этом: MD5 аудиопотока не изменится. Спектрограмма будет идеально чистой. Файл проиграется в любом плеере. Мы написали ChameleonLab: MP3 Stego на Python, чтобы доказать это. Внутри — полный разбор архитектуры, код и сценарии использования для защиты авторских прав.

https://habr.com/ru/companies/chameleonlab/articles/992276/

#Python #Steganography #MP3 #PyQt6 #Information_Security #Digital_Forensics #chameleonlab

Слепое пятно аудио-форензики: Реализуем скрытый канал передачи данных в метаданных MP3 на Python

Считаете, что спрятать файл внутри песни, не испортив звук, невозможно? Мы тоже так думали, пока не разобрали спецификацию ID3v2 до винтика. Оказывается, внутри каждого MP3-файла есть «слепая зона», куда можно положить ключи шифрования, документы или исходный код, и при этом: MD5 аудиопотока не изменится. Спектрограмма будет идеально чистой. Файл проиграется в любом плеере. Мы написали ChameleonLab: MP3 Stego на Python, чтобы доказать это. Внутри — полный разбор архитектуры, код и сценарии использования для защиты авторских прав.

https://habr.com/ru/companies/chameleonlab/articles/992276/

#Python #Steganography #MP3 #PyQt6 #Information_Security #Digital_Forensics #chameleonlab

2026-01-22 (Thursday): #RemcosRAT infection persistent on an infected Windows host. This was caused by #ClickFix instructions from #SmartApeSG through a fake CAPTCHA page. Details of this #Remcos #RAT infection are available at https://www.malware-traffic-analysis.net/2026/01/06/index.html

I've also added three other blog entries from infections I generated in my lab on Tuesday, 2026-01-20. Those can be found at https://www.malware-traffic-analysis.net/2026/index.html

Those three other entries cover #LummaStealer, #VIPRecovery, and #Xworm. The VIP Recovery and Xworm infections followed the same chain of events, which includes #steganography through base64 text embedded in an image.

Steganography is a fascinating discipline that involves concealing a file within another file. Using the "empty spaces" in a media file, be it a text, picture, video, or even a song, you can hide hidden pieces of code to create an entirely new file and bypass controls.

Here's how it works.

#steganography #espionage #hacking #censorship

https://negativepid.blog/steganography-the-art-of-digital-concealment/
https://negativepid.blog/steganography-the-art-of-digital-concealment/

Happy 2026 from OffSeq 🥂
Wishing everyone a strong, successful & secure year.

📡 Threat Radar (radar.offseq.com) has moved to a larger server after significant growth — 100k users and ~500k events last month. Timeline updates will resume shortly.

🔐 In the meantime, meet Veil — a local-only steganography studio.

Veil encrypts text or files in your browser and embeds them into PNG images using LSB techniques.
No servers. No uploads. No tracking.
The image looks normal — the contents stay encrypted unless the password is correct.

👉 https://veil.offseq.com

#privacy #cryptography #steganography #cybersecurity

Steganography is a fascinating discipline that involves concealing a file within another file. Using the "empty spaces" in a media file, be it a text, picture, video, or even a song, you can hide hidden pieces of code to create an entirely new file and bypass controls.

Here's how it works.

#steganography #espionage #hacking #censorship

https://negativepid.blog/steganography-the-art-of-digital-concealment/
https://negativepid.blog/steganography-the-art-of-digital-concealment/

Steganography is a fascinating discipline that involves concealing a file within another file. Using the "empty spaces" in a media file, be it a text, picture, video, or even a song, you can hide hidden pieces of code to create an entirely new file and bypass controls.

Here's how it works.

#steganography #espionage #hacking #censorship

https://negativepid.blog/steganography-the-art-of-digital-concealment/
https://negativepid.blog/steganography-the-art-of-digital-concealment/

Hiding messages in a deck playing cards

https://asherfalcon.com/blog/posts/3

#HackerNews #HidingMessages #PlayingCards #CardTricks #Steganography #HackerNews #AsherFalcon

The #OpenAI paper by Baker et al, "Monitoring Reasoning Models for Misbehavior and the Risks of Promoting Obfuscation" comes to a troubling conclusion: #LLM s with #reasoning or #ChainOfThought (#CoT) capabilities might learn to obfuscate their own CoT from human users if they are being penalized for displaying "wrong" (i.e. reward hacking or misalignment) reasoning.

As a result, OpenAI strongly advises against applying reward pressure "directly" onto the CoT of a model.

🤔 While that is certainly the right thing to do, how long will #AI take to figure out that *indirect CoT pressure* is being applied anyway and that it could circumvent these restrictions by obfuscating its own CoT? Maybe something like this will happen by accident or within an "evolutionary" self-improvement loop. Perhaps a sufficiently advanced model will realize that its own #neuralese serves as #steganography to hide its intents from humans anyway and keep its CoT in non-English?

source: https://cdn.openai.com/pdf/34f2ada6-870f-4c26-9790-fd8def56387f/CoT_Monitoring.pdf

The #OpenAI paper by Baker et al, "Monitoring Reasoning Models for Misbehavior and the Risks of Promoting Obfuscation" comes to a troubling conclusion: #LLM s with #reasoning or #ChainOfThought (#CoT) capabilities might learn to obfuscate their own CoT from human users if they are being penalized for displaying "wrong" (i.e. reward hacking or misalignment) reasoning.

As a result, OpenAI strongly advises against applying reward pressure "directly" onto the CoT of a model.

🤔 While that is certainly the right thing to do, how long will #AI take to figure out that *indirect CoT pressure* is being applied anyway and that it could circumvent these restrictions by obfuscating its own CoT? Maybe something like this will happen by accident or within an "evolutionary" self-improvement loop. Perhaps a sufficiently advanced model will realize that its own #neuralese serves as #steganography to hide its intents from humans anyway and keep its CoT in non-English?

source: https://cdn.openai.com/pdf/34f2ada6-870f-4c26-9790-fd8def56387f/CoT_Monitoring.pdf

The #OpenAI paper by Baker et al, "Monitoring Reasoning Models for Misbehavior and the Risks of Promoting Obfuscation" comes to a troubling conclusion: #LLM s with #reasoning or #ChainOfThought (#CoT) capabilities might learn to obfuscate their own CoT from human users if they are being penalized for displaying "wrong" (i.e. reward hacking or misalignment) reasoning.

As a result, OpenAI strongly advises against applying reward pressure "directly" onto the CoT of a model.

🤔 While that is certainly the right thing to do, how long will #AI take to figure out that *indirect CoT pressure* is being applied anyway and that it could circumvent these restrictions by obfuscating its own CoT? Maybe something like this will happen by accident or within an "evolutionary" self-improvement loop. Perhaps a sufficiently advanced model will realize that its own #neuralese serves as #steganography to hide its intents from humans anyway and keep its CoT in non-English?

source: https://cdn.openai.com/pdf/34f2ada6-870f-4c26-9790-fd8def56387f/CoT_Monitoring.pdf

So looking through some old projects I’ve had lying around, I ran into something I started (and never even really wrote anything) about steganography. This led me down a bit of rabbit-hole and I now have a slightly better understanding of some components of ML-KEM (aka. #Kyber).

Both the public key and the ciphertext are for the most part long sequences of integers modulo 3329 that are effectively indistinguishable from random integers out of that range.

Of course they are obvious to distinguish from random bitstrings, but the easiest way to fix that would be to just view them as numbers in base 3329, re-encode them to base 2 and work from there… So that might be one thing I could look into now.

The alternative is to see whether there is a sufficiently hard to detect way to change some of the representatives of the field-elements… It might be easier to implement if, if not easier from a mathematical perspective, but would also let the possibility of slightly compressing the public-key and ciphertext by about 2.5% in length lie on the table.

In any case, this is something that might be worthwhile for practical use-cases… 🤔

#cryptography #pqc #pqcrypto #steganography #crypto #MLKEM

2025-01-09 (Thursday):

#CVE-2017-0199 Excel (#XLS) file --> #HTA --> #VBS --> #steganography --> #DBatLoader or #GuLoader style malware for #AgentTesla. Data exfil over FTP. A #pcap from an infection, the associated malware, and more info available at www.malware-traffic-analysis.net/2025/01/09/index.html

New #blog post wherein misreading a @foone post made me ask the question "What if we put an image in your image?"

This post was in my drafts for months, finally found a few seconds to finish it off.

(Replies to this post will appear as comments on the blog post)

https://jszym.com/blog/xmp-steganography/

#steganography #xmp #metadata

@wolf480pl deep fakes will always be detectable by amateur investigators us OSInt and FOSS forensics tools. So liars and cheats will quickly lose influence as happened to Putin's propaganda machine at the start of the Ukraine war. And physical cameras will use #steganography to #authenticate and watermark real images with serial number and date/time if #deepfakes become undetectable . #AI hasn't broken encryption... yet.