The Killer exploit that wasn’t or Pictures of dingos ate my PC

When i took my first digital forensics class, steganography was the one the first things i became enamored with. The idea of hiding messages within images and the new door it opened for me was exciting. Like any new toy, the excitement waned for shinier objects on the horizon. However I will always gravitate to anything newly released or researched regarding steganography.


Generally speaking, there isn’t much excitement involved beyond using it to hide secret messages a la spy vs spy. There have been a lot of research papers on how to hind data in new and creative ways, however they really don’t give that feeling of something new being encountered. That is why when Saumil Shah was getting press over Stegosploit, with bylines proclaiming that a simple image in the wild can launch an exploit, I was excited. Here is a link to the video of the presentation at Sky Scan 15 in Singapore. I thought we had reached a new and scary level of interesting development with steganography as a exploit tool.

I saw the headlines and it seemed to generate quite a bit of buzz. However we are in the day and age of needing to vet information we take in and pass along more carefully than ever.

So when I came across Christian Bundy’s great right up on why it is not anything new under the sun, I was a bit disappointed.  However the concise  the walk- through and thoughtful explanation  he provides is well worth the read. A wonderful example of taking a look to see if the world is going along with the Emperor being nude.  I am definitely going to follow Christian on Twitter, and you should also.


Jeremy Rouse – Follow me on Twitter @jeremysro


One thought on “Stegosploit

Leave a Reply to Mr WordPress Cancel reply

Your email address will not be published. Required fields are marked *