Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.security > #6150

Re: How do you guys handle PNG/JPG binary files with potential payloads for all the image viewers?

From Davide Prina <Davide.Prina@null.net>
Newsgroups linux.debian.security
Subject Re: How do you guys handle PNG/JPG binary files with potential payloads for all the image viewers?
Date 2022-06-18 11:10 +0200
Message-ID <EzCCR-5ADf-1@gated-at.bofh.it> (permalink)
References <Ez5GV-5gRU-9@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

Corey H wrote:

> how do you guys test all of the potential PNG/JPG potential malware payloads
 
to check any file for potential malware you can use:
chkrootkit
rkhunter

but you can also try with:
binwalk <- detect/extract binary data in files
string <- to detect strings in the image/audio file
exiftool, exiv2 <- to detect metadata

but in image/audio file you can hide also information with steganography[¹]
you can try with:
stegcracker
stegosuite
foremost

I have read that you can determine if an image file has hidden content or not,
but I don't know if there is a software that do only this check. Probably with
histogram analysis[²] you can find suspected altered files.
You can start read for steganalysis[³] and report here results.

Ciao
Davide

[¹] https://en.wikipedia.org/wiki/Steganography
[²] https://en.wikipedia.org/wiki/Image_histogram
[³] https://en.wikipedia.org/wiki/Steganalysis

--
My Privacy is None of Your Business
https://noyb.eu/it

Back to linux.debian.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

How do you guys handle PNG/JPG binary files with potential payloads  for all the image viewers? Corey H <user9de1d@gmail.com> - 2022-06-17 00:00 +0200
  Re: How do you guys handle PNG/JPG binary files with potential  payloads for all the image viewers? Davide Prina <Davide.Prina@null.net> - 2022-06-18 11:10 +0200
    Re: How do you guys handle PNG/JPG binary files with potential  payloads for all the image viewers? Sebastian Rose <sebastian_rose@gmx.de> - 2022-06-20 18:20 +0200
      Re: How do you guys handle PNG/JPG binary files with potential  payloads for all the image viewers? Noah Meyerhans <noahm@debian.org> - 2022-06-20 18:30 +0200
      Re: How do you guys handle PNG/JPG binary files with potential  payloads for all the image viewers? Noah Meyerhans <noahm@debian.org> - 2022-06-20 18:30 +0200
      Re: How do you guys handle PNG/JPG binary files with potential  payloads for all the image viewers? Shubo <Shubo@galbo.io> - 2022-06-20 18:50 +0200
      Re: How do you guys handle PNG/JPG binary files with potential  payloads for all the image viewers? Corey H <user9de1d@gmail.com> - 2022-06-21 04:30 +0200
  Re: How do you guys handle PNG/JPG binary files with potential payloads for all the image viewers? Samtinel <samtinel_lists@moewe.org> - 2022-06-18 14:00 +0200

csiph-web