What: Detecting Steganography for the Absolute Beginner
When: 19:00 - 21:00, Friday Oct 26, 2012
There are several different ways to hide data in files. This class will cover some basic tools used to understand files and analyze file formats giving students the building blocks for exploring more advanced steganalysis.
What to have: Attendees should have a Linux system or Linux VM. Tools covered will be foremost, steghide, the hachoir toolkit (hachoir-urwid, hachoir-subfile), imagemagick, and may touch on python magic.
What to expect: The class will start with a brief introduction to what stego is and basic tools used to analyse images. A challenge file will be provided. Using the information provided during the class it should be possible to work through this challenge and get the key. Expected time to finish the challenge could range from hours to days depending on experience, I will be available to assist for the first few hours.
This class is focused on helping people understand basic stego/forensics challenges as found in CTFs like the DefCon Qualifications and CSAW, but understanding of file formats can be helpful in other things such as recovering deleted files.