Situatie
Purpose: Detect steganographic payloads in PNG and BMP image files.
What It Is:
zsteg is a Ruby-based tool used to find LSB (Least Significant Bit)-based steganography and hidden data inside image files.
Primarily works on BMP and PNG formats, including non-standard or suspicious metadata and bit-layer anomalies.
Features
Detects:
-LSB steganography (bit-level hidden data in image color channels)
-Embedded files in metadata or unusual file structures.
-Strings, byte patterns, XOR, and Zlib compression artifacts.
-Supports pattern-based payload discovery using known signatures.
Built into Kali Linux
You can run it without installing anything
Solutie
Usage Example:
zsteg suspicious.png
To check only red LSB bits:
zsteg -E rgb1 suspicious.png
To extract hidden payload:
zsteg -E b4,bgr1,lsb,xy suspicious.png > output.bin
Real Use Cases:
CTF (Capture the Flag) challenges.
Digital forensics to uncover covert communication or hidden malware.
Pentesting scenarios where covert data channels are used.
Leave A Comment?