Steganography

The word steganography comes from the Greek words steganos (covered, concealed, impenetrable or protected) and graphy which together mean hidden writing. It is an ancient art and has evolved into a sophisticated part of cryptography, the art of secret writing.

  • plain-text: The original secret message that needs to be communicated.
  • cipher-text: Secret message is often first encrypted using traditional methods. Encrypted message is known as ciphertext.
  • cover-text: A larger and harmless looking data which is used as container for the plaintext/ciphertext. This can be a picture, sound, text, etc.
  • stego-text: The data generated after embedding the plaintext/ciphertext into the covertext.

Right-click or long press (where supported) to save! Nah, there's really nuttin in it.

  • On windows you can use NTFS streams.
  • On Linux you can use Steghide (most likely available from repository).
  • Stegosuite is a tool written in written in Java and available for multiple platforms (and available from the kali repositories).
  • OpenStego is also written in Java and can be used for data hiding and for watermarking files with an invisible signature to detect unauthorised file copying.

Steganography used to deliver payloads and hide cyber attacks is commonly referred to as Stegware.

Detection, called steganalysis, is not always an adequate defence from all Stegware. Defeating the threat can often be done by transforming the data in a way that destroys any hidden messages.