STEGOSPLOIT
Presentation Material
Presentation
Video
Abstract
“A good exploit is one that is delivered with style”.
Stegosploit creates a new way to encode “drive-by” browser exploits and deliver them through image files. These payloads are undetectable using current means. This paper discusses two broad underlying techniques used for image based exploit delivery – Steganography and Polyglots. Drive-by browser exploits are steganographically encoded into JPG and PNG images. The resultant image file is fused with HTML and Javascript decoder code, turning it into an HTML+Image polyglot. The polyglot looks and feels like an image, but is decoded and triggered in a victim’s browser when loaded.
AI Generated Summary
Here is a summary of the content:
The speaker discusses two techniques for delivering exploits without controlling the web server:
- Content sniffing: Uploading an exploit to an image bucket or web server, allowing anyone who clicks on the link to be served the exploit.
- Clever caching: Using expires tags to store malicious objects in a user’s browser cache, then triggering the exploit at a later time, making it difficult for incident response teams to trace.
The speaker also mentions:
- Steganography and polyglot image formats as methods for hiding exploits
- The importance of building security into browsers at a core level, rather than relying on detection methods like file headers, MIME types, and signatures
- A simple fix for steganographic content: resizing images to strip out hidden data
The talk concludes with thanks to various individuals and a mention of the publication “POPF GTFO” which contains more information on the techniques discussed.