SlideShare a Scribd company logo

Steganography: Hiding your secrets with PHP

Raul Fraile
Raul Fraile

Steganography consists of hiding a secret message within another message. Unlike cryptography, steganography tries to achieve security through obscurity, hiding the very presence of the message. Ideally, the steganographic message will look identically to a normal message. This talk examines different techniques to hide messages using steganography from the perspective of a PHP developer. From more classical techniques such as hiding an image within another image using the least significant bits of each pixel, to more advanced ones like using TCP/IP packets.

Technology
1 of 76
Download to read offline
Raúl Fraile#PHPDS15 Steganography Hiding your secrets with PHP
E U Q W E X S A O S L Z U L R T Z S R P V I Y E P N H A F H G Z I P L M F I E G U R I C E R T I F I E D B L A A Q N T E T O R T T E K I M A D H S G N O 💩 A P O L Y G L O T A Y E S U A J E W H I T E S P A C E O B R F S A C I L I A P Y S T E G A N O G R A P H Y R A M C Y T I R W C P P A About me
Introduction to Steganography
https://leanpub.com/symfony-selfstudy
Steganography is the science of concealing a hidden message in plain sight in order to avoid detection. Introduction
Introduction steganos graphein στựữửνός ữράφựư̆ν covered, concealed, protected writing
Terminology Embedding (E) Extracting (D) Cover (C) Message (M) Stego-Object (S) Key (K)
• Steganography: Hide the data from a third party.
 • Cryptography: Make data unreadable by a third party. Steganography / Cryptography
Prisoners’ problem
• Esoteric programming language with only three lexical tokens: Space (ASCII 32), Tab (ASCII 9) and Line Feed (ASCII 10). • Stack based language with support for I/O, flow control and arithmetic operations. Motivation Source: http://youtu.be/u_kqM0gn63M
Motivation Source: http://uk.businessinsider.com/david-cameron-encryption-apple-pgp-2015-1?r=US
• Protection of data alteration (digital watermarking). • Secretly communicate information. • Anti-forensics mechanism. Applications
Techniques
Classical Steganography
Bacon’s Bilateral Cipher A AAAAA B AAAAB C AAABA D AAABB E AABAA F AABAB G AABBA H AABBB I/J ABAAA K ABAAB L ABABA M ABABB N ABBAA O ABBAB P ABBBA Q ABBBB R BAAAA S BAAAB T BAABA U/V BAABB W BABAA X BABAB Y BABBA Z BABBB Take the red pill BAABA AAAAA ABAAB AABAA BAABA AABBB AABAA BAAAA AABAA AAABB ABBBA ABAAA ABABA ABABA Steganography is the art or practice of concealing messages within other messages S t e g a n o g r a p h y i s t h e a r t o r p r a c t i c e o f c o n c e a l i n g m e s s a g e s w i t h i n o t h e r m e s s a g e s 70
• Backmasking is a technique in which a sound or message is recorded backward onto a track that is meant to be played forward. • It is a deliberate process, whereas a message found through phonetic reversal may be unintentional. Backmasking
Backmasking If there's a bustle in your hedgerow, don't be alarmed now, it's just a spring clean for the May queen. Yes there are two paths you can go by, but in the long run there's still time to change the road you're on. Oh here's to my sweet Satan. The one whose little path would make me sad, whose power is satan. He'll give those with him 666, there was a little toolshed where he made us suffer, sad Satan.
• Some brand color laser printers add tiny yellow dots to each page, that contain encoded printer serial numbers and timestamps. • Monochrome printers and copiers from major manufacturers also include the markings. • Most printers' codes have not been decoded. Printer steganography
Printer steganography Source: https://w2.eff.org/Privacy/printers/docucolor/
Morse code
Morse code T O R T U R E Source: http://youtu.be/BgelmcOdS38
Digital Steganography
Digital Steganography LSB IN IMAGES 144 141 81 10010000 10001101 01010001 Hidden message: 101001… 145 140 81 10010001 10001100 01010001 146 142 81 10010010 10001110 01010001
Piet is a programming language in which programs look like abstract paintings. Piet Composition with Red, Yellow and Blue. 1921, Piet Mondrian Source: http://www.dangermouse.net/esoteric/piet.html
525 Piet Darkness change Hue change None 1 2 None push pop 1 step add substract multiply 2 steps divide mod not 3 steps greater pointer switch 4 steps duplicate roll in(number) 5 steps in(char) out(number) out(char) DP right CC left $ npiet example1.png ? 5 25 5
Piet
• We already have filesystems with support for encryption, so they only can be read with the password. But… the attacker may obtain it illegally or torture the user to give it up. • The steganographic filesystem goes one step further: it does not even show the existence of sensitive information (even when raw sectors of the hard disc are accessed). Steganographic filesystem
Steganographic filesystem 0 1 2 3 4 5 6 7 8 1.txt 2 2.txt 5 3.txt 7 3 4 EOF EOF EOF6 8 Boot FATFilesystem Boot FATFilesystem-level encryption PartitionSteganographic filesystem
• Network steganography uses communication protocols and are harder to detect. • Techniques: • Steganophony: Delayed or corrupted packets that would normally be ignored by the receiver. • WLAN Steganography: Transmission of steganograms in Wireless Local Area Networks Network Steganography
• Custom HTTP headers to include geeky messages or as a recruiting tool. • For example, booking.com: • X-Recruiting: Like HTTP headers? C o m e w r i t e o u r s : h t t p s : / / workingatbooking.com HTTP headers
SkyDe (Skype Hide) Source: http://arxiv.org/pdf/1301.3632.pdf
• St e ga n o g r a p h i c m e t h o d fo r t h e BitTorrent P2P file transfer service. • It is based on modifying the order of data packets in the peer-peer data exchange protocol. • Steganographic bandwidth of up to 270 b/s while introducing little transmission distortion and providing difficult detectability. StegTorrent
StegTorrent Source: http://www.computer.org/csdl/proceedings/spw/2013/5017/00/5017a151-abs.html 0 1 … 4 5 2 6 3 7 1100 10
• Spammimic embeds a message into spam. • There is tons of spam. Also, real spam is usually dumb, so it's sometimes hard to tell if it was written by a human or a machine. Spammimic
Spammimic Dear Professional , Your email address has been submitted to us indicating your interest in our newsletter ! This is a one time mailing there is no need to request removal if you won't want any more ! This mail is being sent in compliance with Senate bill 2516 , Title 9 , Section 303 . Do NOT confuse us with Internet scam artists . Why work for somebody else when you can become rich in 16 days . Have you ever noticed most everyone has a cellphone and nearly every commercial on television has a .com on in it ! Well, now is your chance to capitalize on this ! We will help you decrease perceived waiting time by 190% and deliver goods right to the customer's doorstep ! The best thing about our system is that it is absolutely risk free for you ! But don't believe us . Mrs Simpson of Maryland tried us and says "I was skeptical but it worked for me" . We assure you that we operate within all applicable laws ! We implore you - act now ! Sign up a friend and you get half off . Thanks . Message: attack Source: http://www.spammimic.com Disappearing Cryptography. Information Hiding: Steganography & Watermarking
Steganalysis
• Steganalysis is the study of detecting messages hidden using steganography. • The goal of steganalysis is to identify suspected packages, determine whether or not they have a payload encoded into them, and, if possible, recover that payload. • The problem is generally handled with statistical analysis. Steganalysis
Steganalysis 144 141 81 10010000 10001101 01010001 Random 0 0,2 0,4 0,6 0,8 0 1
What about PHP?
Binary strings • In PHP, strings are just a sequence of bytes (C char type). • PHP stores the length of strings explicitly. Unlike C it does not need a zero termination to find the end of a string.
5 l l oh e*val len Binary strings typedef union _zvalue_value { long lval; double dval; struct { char *val; int len; } str; HashTable *ht; zend_object_value obj; } zvalue_value; 6 091 21314 0123 88 $str[5] Big endian: 14 - 0 Little endian: 0 - 14 strlen()
pack()/unpack() • pack() packs data into a binary string according to a given format. • unpack() unpacks from a binary string into an array according to a given format.
pack()/unpack() $now = new DateTime(); $id1 = 0x1f; $id2 = 0x8b; $cm = 0x08; $flags = 0x00; $mtime = $now->getTimestamp(); //0x54c13374 /* * Format: * - C4: 4 bytes. * - V: Unsigned long, 32 bit, little endian byte order */ $binStr = pack('C4V', $id1, $id2, $cm, $flags, $mtime); file_put_contents(__DIR__ . '/test.gz', $binStr); 74 3308 001f 8b c1 54
pack()/unpack() $gzip = file_get_contents(__DIR__ . '/test.gz'); /* * Format: * - C2: 2 bytes (id1, id2). * - C1: 1 byte (cm), 1 byte (flags). * - V: Unsigned long, 32 bit, little endian byte order */ list($id1, $id2, $cm, $flags, $mtime) = array_values( unpack('C2id/C1cm/C1flags/Vmtime', $gzip) ); var_dump( dechex($id1), // 1f dechex($id2), // 8b dechex($cm), // 8 dechex($flags), // 0 dechex($mtime) // 54c13374 );
Bitwise operators • Bitwise operators allow evaluation and manipulation of specific bits within an integer. • PHP provides 6 bitwise operators: &, |, ^, ~, << and >>.
Bitwise operators 1 0 11 0 00 1 0 0 00 0 11 1 & 0 0 00 0 00 1 101 0x65 0145 0b01100101 200 0xc8 0310 0b11001000 64 0x40 0100 0b01000000
Bitwise operators 1 0 11 0 00 1 0 0 00 0 11 1 | 1 0 11 0 11 1 101 0x65 0145 0b01100101 200 0xc8 0310 0b11001000 237 0xed 0355 0b11101101
Bitwise operators 1 0 11 0 00 1 0 0 00 0 11 1 ^ 1 0 11 0 11 0 101 0x65 0145 0b01100101 200 0xc8 0310 0b11001000 173 0xad 0255 0b10101101
Bitwise operators 1 0 11 0 00 1 2<< 101 0x65 0145 0b01100101 404 0x194 0624 0b1010110100 1 0 11 0 11 0 0 0 x << y == x * pow(2, y)
Bitwise operators 1 0 11 0 00 1 2>> 101 0x65 0145 0b01100101 25 0x19 031 0b00011001 1 1 00 0 0 0 1 x << y == x / pow(2, y)
Bitwise operators 1 0 11 0 00 1 ~ 101 0x65 0145 0b01100101 154 0x9a 0232 0b10011010 1 1 01 0 0 1 0
Bitwise operators 0X14 $flag & 0x04Read flag Set flag Unset flag $flag | 0x04 $flag & ~0x04 0 0 0 1 0 1 0 0 0 0 0 0 0 1 0 0 & 0 0 0 0 0 1 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 1 0 0 | 0 0 0 1 0 1 0 0 0 0 0 1 0 1 0 0 1 1 1 1 1 0 1 1 & 0 0 0 1 0 0 0 0 0 0 0 1 0 1 0 0
Demo #1: Hiding messages in GZIP file headers
GZIP file format CM FLGID1 ID2 MTIME XFL OS CRC32 ISIZE COMPRESSED STREAM FTEXT FHCRC FEXTRA FNAME FCOMMENT 0FILE NAME Source: https://tools.ietf.org/html/rfc1952
Demo #1.1 Embedding messages into GZIP FNAME header /demos/demo1/demo1_1 raulfraile/steganography_talk
Demo #1: GZIP
Demo #2: Hiding data into images
• PHP extension to use the • It provides high level function to deal directly with pixels (they will be used to encode data), such as imagecolorat() and imagesetpixel(). GD extension Source: http://libgd.bitbucket.org/
Demo #2.1 Embedding text data into images (+ steganalysis) /demos/demo2/demo2_1 raulfraile/steganography_talk
Demo #2.2 Embedding images into images (+ steganalysis) /demos/demo2/demo2_2 raulfraile/steganography_talk
Hiding code into code Demo #3
• A polyglot is a program written in a valid form of multiple programming languages. • Generally are written in a combination of C (which allows redefinition of tokens with a preprocessor) and a scripting language. Polyglot programs
polyglot.pl.php.py.rb.cpp Polyglot programs #/*<?php eval('echo "PHP Coden";'); __halt_compiler();?> */ #include <stdio.h> /* print ((("b" + "0" == 0) and eval('"Perl Coden"')) or (0 and "Ruby Coden" or "Python Code")); __DATA__ = 1 """"" __END__ ===== . ===== */ #ifdef __cplusplus char msg[9] = {'C','+','+',' ','C','o','d','e', 'n'}; #else char msg[7] = {'C',' ','C','o','d','e', 'n'}; #endif int main() { int i; for(i = 0; i < 9; ++i) putchar(msg[i]); return 0;} Source: https://gist.github.com/SaswatPadhi/2872457
Demo #3.1 Embedding PHP code using __halt_compiler() /demos/demo3/demo3_1 raulfraile/steganography_talk
__halt_compiler() • Halts the execution of the compiler. • The byte position of the data start is given by the __COMPILER_HALT_OFFSET__ constant. • PHAR files make use of this function to separate the stub (loader functionality) and the rest of the file (manifest, files and signature).
__halt_compiler() 23 21 2f 75 73 72 2f 62 69 6e 2f 65 6e 76 20 70 |#!/usr/bin/env p| 68 70 0a 3c 3f 70 68 70 0a 0a 50 68 61 72 3a 3a |hp.<?php..Phar::| 6d 61 70 50 68 61 72 28 27 74 65 73 74 2e 70 68 |mapPhar('test.ph| 61 72 27 29 3b 0a 65 63 68 6f 20 27 68 65 6c 6c |ar');.echo 'hell| 6f 20 77 6f 72 6c 64 21 27 3b 0a 0a 5f 5f 48 41 |o world!';..__HA| 4c 54 5f 43 4f 4d 50 49 4c 45 52 28 29 3b 20 3f |LT_COMPILER(); ?| 3e 0d 0a 33 00 00 00 01 00 00 00 11 00 00 00 01 |>..3............| 00 00 00 00 00 00 00 00 00 05 00 00 00 31 2e 74 |.............1.t| 78 74 10 00 00 00 d2 1e 50 53 10 00 00 00 26 fb |xt......PS....&.| a7 61 b6 01 00 00 00 00 00 00 53 6f 6d 65 20 72 |.a........Some r| 61 6e 64 6f 6d 20 74 65 78 74 23 b5 11 ce 2c 41 |andom text#...,A| e0 d4 3a db 21 ee cc ec c2 8c f6 3f 93 e2 02 00 |..:.!……?....| 00 00 47 42 4d 42 |..GBMB| Source: http://www.slideshare.net/raulfraile/kernelinfect-creating-a-cryptovirus-for-symfony2-apps
Demo #3.2 Hiding messages using whitespace characters /demos/demo3/demo3_2 raulfraile/steganography_talk
Demo #3.3 Hiding code using whitespace characters /demos/demo3/demo3_3 raulfraile/steganography_talk
Demo #3.4 Embedding Whitespace code in empty lines of Docblocks /demos/demo3/demo3_4 raulfraile/steganography_talk
Whitespace • Esoteric programming language with only three lexical tokens: Space (ASCII 32), Tab (ASCII 9) and Line Feed (ASCII 10). • Stack based language with support for I/O, flow control and arithmetic operations.
hello_world.ws Whitespace Source: http://compsoc.dur.ac.uk/whitespace/
nikic/php-parser • A PHP parser written in PHP. • Useful for static code analysis, manipulation and generation. • Converts PHP code into an AST (Abstract Syntax Tree). • Uses a PHP 5.6 compliant grammar (backwards compatible with PHP 5.2+). Also, emulates tokens from different versions of the one running (for example, parse 5.6 code from 5.3). Source: https://github.com/nikic/PHP-Parser
nikic/php-parser Assignment Variable Lnumber If Equal Statements Echo condition Name: test Value: 1 Lnumber Value: 1 Variable Name: test left right String Value: ok $test = 1; if (1 == $test) { echo 'ok'; }
hello_world.ws nikic/php-parser $code = <<<CODE <?php $test = 1; if (1 == $test) { echo 'ok'; } CODE; $parser = new PhpParserParser( new PhpParserLexerEmulative ); $ast = $parser->parse($code);
nikic/php-parser • The parser provides two main components: • NodeTraverser: For traversing and visiting the node tree. • PrettyPrinter: To compile the AST back to PHP code.
Questions? raulfraile raulfraile@gmail.com Credits: https://www.flickr.com/photos/ignotus/16132533706 https://www.flickr.com/photos/sporkqueen/2525132547
 https://www.flickr.com/photos/kjarrett/15428375607 https://www.iconfinder.com/iconsets/hawcons

Recommended

Compiler design lab programs
Compiler design lab programs Compiler design lab programs
Compiler design lab programs Guru Janbheshver University, Hisar
 
B tree
B treeB tree
B treeRajendran
 
Literature review of Digital Signature
Literature review of Digital SignatureLiterature review of Digital Signature
Literature review of Digital SignatureAsim Neupane
 
Sorting Algorithms
Sorting AlgorithmsSorting Algorithms
Sorting Algorithmsmultimedia9
 
TOC 3 | Different Operations on DFA
TOC 3 | Different Operations on DFATOC 3 | Different Operations on DFA
TOC 3 | Different Operations on DFAMohammad Imam Hossain
 
Lec 17 heap data structure
Lec 17 heap data structureLec 17 heap data structure
Lec 17 heap data structureSajid Marwat
 
Backtracking
BacktrackingBacktracking
BacktrackingPranay Meshram
 
Cryptography using artificial neural network
Cryptography using artificial neural networkCryptography using artificial neural network
Cryptography using artificial neural networkMahira Banu
 

Recommended

Compiler design lab programs
Compiler design lab programs Compiler design lab programs
Compiler design lab programs Guru Janbheshver University, Hisar
 
B tree
B treeB tree
B treeRajendran
 
Literature review of Digital Signature
Literature review of Digital SignatureLiterature review of Digital Signature
Literature review of Digital SignatureAsim Neupane
 
Sorting Algorithms
Sorting AlgorithmsSorting Algorithms
Sorting Algorithmsmultimedia9
 
TOC 3 | Different Operations on DFA
TOC 3 | Different Operations on DFATOC 3 | Different Operations on DFA
TOC 3 | Different Operations on DFAMohammad Imam Hossain
 
Lec 17 heap data structure
Lec 17 heap data structureLec 17 heap data structure
Lec 17 heap data structureSajid Marwat
 
Backtracking
BacktrackingBacktracking
BacktrackingPranay Meshram
 
Cryptography using artificial neural network
Cryptography using artificial neural networkCryptography using artificial neural network
Cryptography using artificial neural networkMahira Banu
 
Sortingnetworks
SortingnetworksSortingnetworks
Sortingnetworksvikram singh
 
Longest Common Subsequence
Longest Common SubsequenceLongest Common Subsequence
Longest Common SubsequenceSwati Swati
 
Merge sort
Merge sortMerge sort
Merge sortSoumen Santra
 
Boyre Moore Algorithm | Computer Science
Boyre Moore Algorithm | Computer ScienceBoyre Moore Algorithm | Computer Science
Boyre Moore Algorithm | Computer ScienceTransweb Global Inc
 
Codes Correcteurs d’Erreurs.pptx
Codes Correcteurs d’Erreurs.pptxCodes Correcteurs d’Erreurs.pptx
Codes Correcteurs d’Erreurs.pptxHajar Bouchriha
 
Karnaugh Graph or K-Map
Karnaugh Graph or K-MapKarnaugh Graph or K-Map
Karnaugh Graph or K-MapB.Sc in CSE, United International University - UIU, Dhaka
 
final presentation of sudoku solver project
final presentation of sudoku solver projectfinal presentation of sudoku solver project
final presentation of sudoku solver projectArafat Bin Reza
 
Alpha beta pruning
Alpha beta pruningAlpha beta pruning
Alpha beta pruningmaliksiddique1
 
Rabin karp string matching algorithm
Rabin karp string matching algorithmRabin karp string matching algorithm
Rabin karp string matching algorithmGajanand Sharma
 
Image Steganography using LSB
Image Steganography using LSBImage Steganography using LSB
Image Steganography using LSBSreelekshmi Sree
 
Satisfiability
SatisfiabilitySatisfiability
SatisfiabilityJim Kukula
 
DAA Unit 1.pdf
DAA Unit 1.pdfDAA Unit 1.pdf
DAA Unit 1.pdfNirmalavenkatachalam
 
Audio Steganography java project
Audio Steganography java projectAudio Steganography java project
Audio Steganography java projectTutorial Learners
 
knapsack problem
knapsack problemknapsack problem
knapsack problemAdnan Malak
 
Longest common subsequences in Algorithm Analysis
Longest common subsequences in Algorithm AnalysisLongest common subsequences in Algorithm Analysis
Longest common subsequences in Algorithm AnalysisRajendran
 
Items liberados pisa-matematica-secundaria-5-6
Items liberados pisa-matematica-secundaria-5-6Items liberados pisa-matematica-secundaria-5-6
Items liberados pisa-matematica-secundaria-5-6Laura Navarro
 
What is merkle tree
What is merkle treeWhat is merkle tree
What is merkle treeCeline George
 
Huffman Coding Algorithm Presentation
Huffman Coding Algorithm PresentationHuffman Coding Algorithm Presentation
Huffman Coding Algorithm PresentationAkm Monir
 
Huffman coding
Huffman coding Huffman coding
Huffman coding Nazmul Hyder
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and AuthenticityHardik Manocha
 
ELK Presentation Final V1
ELK Presentation Final V1ELK Presentation Final V1
ELK Presentation Final V1Jon Hammant
 
DOXLON November 2016 - ELK Stack and Beats
DOXLON November 2016 - ELK Stack and Beats DOXLON November 2016 - ELK Stack and Beats
DOXLON November 2016 - ELK Stack and Beats Outlyer
 

More Related Content

What's hot

Longest Common Subsequence
Longest Common SubsequenceLongest Common Subsequence
Longest Common SubsequenceSwati Swati
 
Boyre Moore Algorithm | Computer Science
Boyre Moore Algorithm | Computer ScienceBoyre Moore Algorithm | Computer Science
Boyre Moore Algorithm | Computer ScienceTransweb Global Inc
 
Codes Correcteurs d’Erreurs.pptx
Codes Correcteurs d’Erreurs.pptxCodes Correcteurs d’Erreurs.pptx
Codes Correcteurs d’Erreurs.pptxHajar Bouchriha
 
final presentation of sudoku solver project
final presentation of sudoku solver projectfinal presentation of sudoku solver project
final presentation of sudoku solver projectArafat Bin Reza
 
Rabin karp string matching algorithm
Rabin karp string matching algorithmRabin karp string matching algorithm
Rabin karp string matching algorithmGajanand Sharma
 
Image Steganography using LSB
Image Steganography using LSBImage Steganography using LSB
Image Steganography using LSBSreelekshmi Sree
 
Satisfiability
SatisfiabilitySatisfiability
SatisfiabilityJim Kukula
 
Audio Steganography java project
Audio Steganography java projectAudio Steganography java project
Audio Steganography java projectTutorial Learners
 
knapsack problem
knapsack problemknapsack problem
knapsack problemAdnan Malak
 
Longest common subsequences in Algorithm Analysis
Longest common subsequences in Algorithm AnalysisLongest common subsequences in Algorithm Analysis
Longest common subsequences in Algorithm AnalysisRajendran
 
Items liberados pisa-matematica-secundaria-5-6
Items liberados pisa-matematica-secundaria-5-6Items liberados pisa-matematica-secundaria-5-6
Items liberados pisa-matematica-secundaria-5-6Laura Navarro
 
Huffman Coding Algorithm Presentation
Huffman Coding Algorithm PresentationHuffman Coding Algorithm Presentation
Huffman Coding Algorithm PresentationAkm Monir
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and AuthenticityHardik Manocha
 

What's hot (20)

Sortingnetworks
SortingnetworksSortingnetworks
Sortingnetworks
 
Longest Common Subsequence
Longest Common SubsequenceLongest Common Subsequence
Longest Common Subsequence
 
Merge sort
Merge sortMerge sort
Merge sort
 
Boyre Moore Algorithm | Computer Science
Boyre Moore Algorithm | Computer ScienceBoyre Moore Algorithm | Computer Science
Boyre Moore Algorithm | Computer Science
 
Codes Correcteurs d’Erreurs.pptx
Codes Correcteurs d’Erreurs.pptxCodes Correcteurs d’Erreurs.pptx
Codes Correcteurs d’Erreurs.pptx
 
Karnaugh Graph or K-Map
Karnaugh Graph or K-MapKarnaugh Graph or K-Map
Karnaugh Graph or K-Map
 
final presentation of sudoku solver project
final presentation of sudoku solver projectfinal presentation of sudoku solver project
final presentation of sudoku solver project
 
Alpha beta pruning
Alpha beta pruningAlpha beta pruning
Alpha beta pruning
 
Rabin karp string matching algorithm
Rabin karp string matching algorithmRabin karp string matching algorithm
Rabin karp string matching algorithm
 
Image Steganography using LSB
Image Steganography using LSBImage Steganography using LSB
Image Steganography using LSB
 
Satisfiability
SatisfiabilitySatisfiability
Satisfiability
 
DAA Unit 1.pdf
DAA Unit 1.pdfDAA Unit 1.pdf
DAA Unit 1.pdf
 
Audio Steganography java project
Audio Steganography java projectAudio Steganography java project
Audio Steganography java project
 
knapsack problem
knapsack problemknapsack problem
knapsack problem
 
Longest common subsequences in Algorithm Analysis
Longest common subsequences in Algorithm AnalysisLongest common subsequences in Algorithm Analysis
Longest common subsequences in Algorithm Analysis
 
Items liberados pisa-matematica-secundaria-5-6
Items liberados pisa-matematica-secundaria-5-6Items liberados pisa-matematica-secundaria-5-6
Items liberados pisa-matematica-secundaria-5-6
 
What is merkle tree
What is merkle treeWhat is merkle tree
What is merkle tree
 
Huffman Coding Algorithm Presentation
Huffman Coding Algorithm PresentationHuffman Coding Algorithm Presentation
Huffman Coding Algorithm Presentation
 
Huffman coding
Huffman coding Huffman coding
Huffman coding
 
Seminar on Encryption and Authenticity
Seminar on Encryption and AuthenticitySeminar on Encryption and Authenticity
Seminar on Encryption and Authenticity
 

Similar to Steganography: Hiding your secrets with PHP

ELK Presentation Final V1
ELK Presentation Final V1ELK Presentation Final V1
ELK Presentation Final V1Jon Hammant
 
DOXLON November 2016 - ELK Stack and Beats
DOXLON November 2016 - ELK Stack and Beats DOXLON November 2016 - ELK Stack and Beats
DOXLON November 2016 - ELK Stack and Beats Outlyer
 
Web bugs prez
Web bugs prezWeb bugs prez
Web bugs prezGroupM
 
Create an IoT Gateway and Establish a Data Pipeline to AWS IoT with Intel - I...
Create an IoT Gateway and Establish a Data Pipeline to AWS IoT with Intel - I...Create an IoT Gateway and Establish a Data Pipeline to AWS IoT with Intel - I...
Create an IoT Gateway and Establish a Data Pipeline to AWS IoT with Intel - I...Amazon Web Services
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksMehrdad Jingoism
 
5. php bangla tutorial php basic
5. php bangla tutorial php basic5. php bangla tutorial php basic
5. php bangla tutorial php basicSamimKhan19
 
Ceh v8 labs module 08 sniffers
Ceh v8 labs module 08 sniffersCeh v8 labs module 08 sniffers
Ceh v8 labs module 08 sniffersMehrdad Jingoism
 
Ceh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingCeh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingAsep Sopyan
 
Ceh v8 labs module 05 system hacking
Ceh v8 labs module 05 system hackingCeh v8 labs module 05 system hacking
Ceh v8 labs module 05 system hackingMehrdad Jingoism
 
Poison Pixels—Combatting Image Steganography in Cybercrime
Poison Pixels—Combatting Image Steganography in CybercrimePoison Pixels—Combatting Image Steganography in Cybercrime
Poison Pixels—Combatting Image Steganography in CybercrimePriyanka Aash
 
4Developers 2015: Measure to fail - Tomasz Kowalczewski
4Developers 2015: Measure to fail - Tomasz Kowalczewski4Developers 2015: Measure to fail - Tomasz Kowalczewski
4Developers 2015: Measure to fail - Tomasz KowalczewskiPROIDEA
 
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus44CON
 
Stegnography final
Stegnography finalStegnography final
Stegnography finalHeena Bohra
 
Encryption is a process of converting a message, image, or any other .pdf
Encryption is a process of converting a message, image, or any other .pdf Encryption is a process of converting a message, image, or any other .pdf
Encryption is a process of converting a message, image, or any other .pdfrachanaprade
 
Ceh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of serviceCeh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of serviceAsep Sopyan
 
Pre-Quiz Symantec Endpoint Encryption
Pre-Quiz Symantec Endpoint EncryptionPre-Quiz Symantec Endpoint Encryption
Pre-Quiz Symantec Endpoint EncryptionMatt Dawdy
 

Similar to Steganography: Hiding your secrets with PHP (20)

ELK Presentation Final V1
ELK Presentation Final V1ELK Presentation Final V1
ELK Presentation Final V1
 
DOXLON November 2016 - ELK Stack and Beats
DOXLON November 2016 - ELK Stack and Beats DOXLON November 2016 - ELK Stack and Beats
DOXLON November 2016 - ELK Stack and Beats
 
Web bugs prez
Web bugs prezWeb bugs prez
Web bugs prez
 
Create an IoT Gateway and Establish a Data Pipeline to AWS IoT with Intel - I...
Create an IoT Gateway and Establish a Data Pipeline to AWS IoT with Intel - I...Create an IoT Gateway and Establish a Data Pipeline to AWS IoT with Intel - I...
Create an IoT Gateway and Establish a Data Pipeline to AWS IoT with Intel - I...
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
LOGGING FOR FUN, AND PROFIT
LOGGING FOR FUN, AND PROFITLOGGING FOR FUN, AND PROFIT
LOGGING FOR FUN, AND PROFIT
 
5. php bangla tutorial php basic
5. php bangla tutorial php basic5. php bangla tutorial php basic
5. php bangla tutorial php basic
 
Ceh v8 labs module 08 sniffers
Ceh v8 labs module 08 sniffersCeh v8 labs module 08 sniffers
Ceh v8 labs module 08 sniffers
 
Ceh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijackingCeh v8 labs module 11 session hijacking
Ceh v8 labs module 11 session hijacking
 
Everybody Lies
Everybody LiesEverybody Lies
Everybody Lies
 
Ceh v8 labs module 05 system hacking
Ceh v8 labs module 05 system hackingCeh v8 labs module 05 system hacking
Ceh v8 labs module 05 system hacking
 
Poison Pixels—Combatting Image Steganography in Cybercrime
Poison Pixels—Combatting Image Steganography in CybercrimePoison Pixels—Combatting Image Steganography in Cybercrime
Poison Pixels—Combatting Image Steganography in Cybercrime
 
4Developers 2015: Measure to fail - Tomasz Kowalczewski
4Developers 2015: Measure to fail - Tomasz Kowalczewski4Developers 2015: Measure to fail - Tomasz Kowalczewski
4Developers 2015: Measure to fail - Tomasz Kowalczewski
 
Measure to fail
Measure to failMeasure to fail
Measure to fail
 
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
44CON 2014 - Switches Get Stitches, Eireann Leverett & Matt Erasmus
 
Stegnography final
Stegnography finalStegnography final
Stegnography final
 
Encryption is a process of converting a message, image, or any other .pdf
Encryption is a process of converting a message, image, or any other .pdf Encryption is a process of converting a message, image, or any other .pdf
Encryption is a process of converting a message, image, or any other .pdf
 
Ceh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of serviceCeh v8 labs module 10 denial of service
Ceh v8 labs module 10 denial of service
 
Pre-Quiz Symantec Endpoint Encryption
Pre-Quiz Symantec Endpoint EncryptionPre-Quiz Symantec Endpoint Encryption
Pre-Quiz Symantec Endpoint Encryption
 
Cryptography using python
Cryptography using pythonCryptography using python
Cryptography using python
 

More from Raul Fraile

Aplicaciones CLI profesionales con Symfony
Aplicaciones CLI profesionales con SymfonyAplicaciones CLI profesionales con Symfony
Aplicaciones CLI profesionales con SymfonyRaul Fraile
 
How GZIP compression works - JS Conf EU 2014
How GZIP compression works - JS Conf EU 2014How GZIP compression works - JS Conf EU 2014
How GZIP compression works - JS Conf EU 2014Raul Fraile
 
How GZIP works... in 10 minutes
How GZIP works... in 10 minutesHow GZIP works... in 10 minutes
How GZIP works... in 10 minutesRaul Fraile
 
Symfony en Drupal 8 - DrupalCamp Spain
Symfony en Drupal 8 - DrupalCamp Spain Symfony en Drupal 8 - DrupalCamp Spain
Symfony en Drupal 8 - DrupalCamp Spain Raul Fraile
 
$kernel->infect(): Creating a cryptovirus for Symfony2 apps
$kernel->infect(): Creating a cryptovirus for Symfony2 apps$kernel->infect(): Creating a cryptovirus for Symfony2 apps
$kernel->infect(): Creating a cryptovirus for Symfony2 appsRaul Fraile
 
Materiales del curso de Symfony2
Materiales del curso de Symfony2Materiales del curso de Symfony2
Materiales del curso de Symfony2Raul Fraile
 
Sistemas de ficheros para dispositivos embebidos
Sistemas de ficheros para dispositivos embebidosSistemas de ficheros para dispositivos embebidos
Sistemas de ficheros para dispositivos embebidosRaul Fraile
 
Refactoring PHP/Symfony2 apps
Refactoring PHP/Symfony2 appsRefactoring PHP/Symfony2 apps
Refactoring PHP/Symfony2 appsRaul Fraile
 
Refactorización de aplicaciones PHP/Symfony2
Refactorización de aplicaciones PHP/Symfony2Refactorización de aplicaciones PHP/Symfony2
Refactorización de aplicaciones PHP/Symfony2Raul Fraile
 
MidwestPHP Symfony2 Internals
MidwestPHP Symfony2 InternalsMidwestPHP Symfony2 Internals
MidwestPHP Symfony2 InternalsRaul Fraile
 
Symfony internals [english]
Symfony internals [english]Symfony internals [english]
Symfony internals [english]Raul Fraile
 
DeSymfony 2012: Symfony internals
DeSymfony 2012: Symfony internalsDeSymfony 2012: Symfony internals
DeSymfony 2012: Symfony internalsRaul Fraile
 
Symfony2: Interacción con CSS, JS y HTML5
Symfony2: Interacción con CSS, JS y HTML5Symfony2: Interacción con CSS, JS y HTML5
Symfony2: Interacción con CSS, JS y HTML5Raul Fraile
 
Symfony2: Optimización y rendimiento
Symfony2: Optimización y rendimientoSymfony2: Optimización y rendimiento
Symfony2: Optimización y rendimientoRaul Fraile
 
Symfony2: Framework para PHP5
Symfony2: Framework para PHP5Symfony2: Framework para PHP5
Symfony2: Framework para PHP5Raul Fraile
 
Symfony2: Framework para PHP5
Symfony2: Framework para PHP5Symfony2: Framework para PHP5
Symfony2: Framework para PHP5Raul Fraile
 
Presentacion Symfony2
Presentacion Symfony2Presentacion Symfony2
Presentacion Symfony2Raul Fraile
 

More from Raul Fraile (17)

Aplicaciones CLI profesionales con Symfony
Aplicaciones CLI profesionales con SymfonyAplicaciones CLI profesionales con Symfony
Aplicaciones CLI profesionales con Symfony
 
How GZIP compression works - JS Conf EU 2014
How GZIP compression works - JS Conf EU 2014How GZIP compression works - JS Conf EU 2014
How GZIP compression works - JS Conf EU 2014
 
How GZIP works... in 10 minutes
How GZIP works... in 10 minutesHow GZIP works... in 10 minutes
How GZIP works... in 10 minutes
 
Symfony en Drupal 8 - DrupalCamp Spain
Symfony en Drupal 8 - DrupalCamp Spain Symfony en Drupal 8 - DrupalCamp Spain
Symfony en Drupal 8 - DrupalCamp Spain
 
$kernel->infect(): Creating a cryptovirus for Symfony2 apps
$kernel->infect(): Creating a cryptovirus for Symfony2 apps$kernel->infect(): Creating a cryptovirus for Symfony2 apps
$kernel->infect(): Creating a cryptovirus for Symfony2 apps
 
Materiales del curso de Symfony2
Materiales del curso de Symfony2Materiales del curso de Symfony2
Materiales del curso de Symfony2
 
Sistemas de ficheros para dispositivos embebidos
Sistemas de ficheros para dispositivos embebidosSistemas de ficheros para dispositivos embebidos
Sistemas de ficheros para dispositivos embebidos
 
Refactoring PHP/Symfony2 apps
Refactoring PHP/Symfony2 appsRefactoring PHP/Symfony2 apps
Refactoring PHP/Symfony2 apps
 
Refactorización de aplicaciones PHP/Symfony2
Refactorización de aplicaciones PHP/Symfony2Refactorización de aplicaciones PHP/Symfony2
Refactorización de aplicaciones PHP/Symfony2
 
MidwestPHP Symfony2 Internals
MidwestPHP Symfony2 InternalsMidwestPHP Symfony2 Internals
MidwestPHP Symfony2 Internals
 
Symfony internals [english]
Symfony internals [english]Symfony internals [english]
Symfony internals [english]
 
DeSymfony 2012: Symfony internals
DeSymfony 2012: Symfony internalsDeSymfony 2012: Symfony internals
DeSymfony 2012: Symfony internals
 
Symfony2: Interacción con CSS, JS y HTML5
Symfony2: Interacción con CSS, JS y HTML5Symfony2: Interacción con CSS, JS y HTML5
Symfony2: Interacción con CSS, JS y HTML5
 
Symfony2: Optimización y rendimiento
Symfony2: Optimización y rendimientoSymfony2: Optimización y rendimiento
Symfony2: Optimización y rendimiento
 
Symfony2: Framework para PHP5
Symfony2: Framework para PHP5Symfony2: Framework para PHP5
Symfony2: Framework para PHP5
 
Symfony2: Framework para PHP5
Symfony2: Framework para PHP5Symfony2: Framework para PHP5
Symfony2: Framework para PHP5
 
Presentacion Symfony2
Presentacion Symfony2Presentacion Symfony2
Presentacion Symfony2
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

Steganography: Hiding your secrets with PHP

  • 2. E U Q W E X S A O S L Z U L R T Z S R P V I Y E P N H A F H G Z I P L M F I E G U R I C E R T I F I E D B L A A Q N T E T O R T T E K I M A D H S G N O 💩 A P O L Y G L O T A Y E S U A J E W H I T E S P A C E O B R F S A C I L I A P Y S T E G A N O G R A P H Y R A M C Y T I R W C P P A About me
  • 5. Steganography is the science of concealing a hidden message in plain sight in order to avoid detection. Introduction
  • 7. Terminology Embedding (E) Extracting (D) Cover (C) Message (M) Stego-Object (S) Key (K)
  • 8. • Steganography: Hide the data from a third party.
 • Cryptography: Make data unreadable by a third party. Steganography / Cryptography
  • 10. • Esoteric programming language with only three lexical tokens: Space (ASCII 32), Tab (ASCII 9) and Line Feed (ASCII 10). • Stack based language with support for I/O, flow control and arithmetic operations. Motivation Source: http://youtu.be/u_kqM0gn63M
  • 12. • Protection of data alteration (digital watermarking). • Secretly communicate information. • Anti-forensics mechanism. Applications
  • 15. Bacon’s Bilateral Cipher A AAAAA B AAAAB C AAABA D AAABB E AABAA F AABAB G AABBA H AABBB I/J ABAAA K ABAAB L ABABA M ABABB N ABBAA O ABBAB P ABBBA Q ABBBB R BAAAA S BAAAB T BAABA U/V BAABB W BABAA X BABAB Y BABBA Z BABBB Take the red pill BAABA AAAAA ABAAB AABAA BAABA AABBB AABAA BAAAA AABAA AAABB ABBBA ABAAA ABABA ABABA Steganography is the art or practice of concealing messages within other messages S t e g a n o g r a p h y i s t h e a r t o r p r a c t i c e o f c o n c e a l i n g m e s s a g e s w i t h i n o t h e r m e s s a g e s 70
  • 16. • Backmasking is a technique in which a sound or message is recorded backward onto a track that is meant to be played forward. • It is a deliberate process, whereas a message found through phonetic reversal may be unintentional. Backmasking
  • 17. Backmasking If there's a bustle in your hedgerow, don't be alarmed now, it's just a spring clean for the May queen. Yes there are two paths you can go by, but in the long run there's still time to change the road you're on. Oh here's to my sweet Satan. The one whose little path would make me sad, whose power is satan. He'll give those with him 666, there was a little toolshed where he made us suffer, sad Satan.
  • 18. • Some brand color laser printers add tiny yellow dots to each page, that contain encoded printer serial numbers and timestamps. • Monochrome printers and copiers from major manufacturers also include the markings. • Most printers' codes have not been decoded. Printer steganography
  • 21. Morse code T O R T U R E Source: http://youtu.be/BgelmcOdS38
  • 23. Digital Steganography LSB IN IMAGES 144 141 81 10010000 10001101 01010001 Hidden message: 101001… 145 140 81 10010001 10001100 01010001 146 142 81 10010010 10001110 01010001
  • 24. Piet is a programming language in which programs look like abstract paintings. Piet Composition with Red, Yellow and Blue. 1921, Piet Mondrian Source: http://www.dangermouse.net/esoteric/piet.html
  • 25. 525 Piet Darkness change Hue change None 1 2 None push pop 1 step add substract multiply 2 steps divide mod not 3 steps greater pointer switch 4 steps duplicate roll in(number) 5 steps in(char) out(number) out(char) DP right CC left $ npiet example1.png ? 5 25 5
  • 26. Piet
  • 27. • We already have filesystems with support for encryption, so they only can be read with the password. But… the attacker may obtain it illegally or torture the user to give it up. • The steganographic filesystem goes one step further: it does not even show the existence of sensitive information (even when raw sectors of the hard disc are accessed). Steganographic filesystem
  • 28. Steganographic filesystem 0 1 2 3 4 5 6 7 8 1.txt 2 2.txt 5 3.txt 7 3 4 EOF EOF EOF6 8 Boot FATFilesystem Boot FATFilesystem-level encryption PartitionSteganographic filesystem
  • 29. • Network steganography uses communication protocols and are harder to detect. • Techniques: • Steganophony: Delayed or corrupted packets that would normally be ignored by the receiver. • WLAN Steganography: Transmission of steganograms in Wireless Local Area Networks Network Steganography
  • 30. • Custom HTTP headers to include geeky messages or as a recruiting tool. • For example, booking.com: • X-Recruiting: Like HTTP headers? C o m e w r i t e o u r s : h t t p s : / / workingatbooking.com HTTP headers
  • 31. SkyDe (Skype Hide) Source: http://arxiv.org/pdf/1301.3632.pdf
  • 32. • St e ga n o g r a p h i c m e t h o d fo r t h e BitTorrent P2P file transfer service. • It is based on modifying the order of data packets in the peer-peer data exchange protocol. • Steganographic bandwidth of up to 270 b/s while introducing little transmission distortion and providing difficult detectability. StegTorrent
  • 34. • Spammimic embeds a message into spam. • There is tons of spam. Also, real spam is usually dumb, so it's sometimes hard to tell if it was written by a human or a machine. Spammimic
  • 35. Spammimic Dear Professional , Your email address has been submitted to us indicating your interest in our newsletter ! This is a one time mailing there is no need to request removal if you won't want any more ! This mail is being sent in compliance with Senate bill 2516 , Title 9 , Section 303 . Do NOT confuse us with Internet scam artists . Why work for somebody else when you can become rich in 16 days . Have you ever noticed most everyone has a cellphone and nearly every commercial on television has a .com on in it ! Well, now is your chance to capitalize on this ! We will help you decrease perceived waiting time by 190% and deliver goods right to the customer's doorstep ! The best thing about our system is that it is absolutely risk free for you ! But don't believe us . Mrs Simpson of Maryland tried us and says "I was skeptical but it worked for me" . We assure you that we operate within all applicable laws ! We implore you - act now ! Sign up a friend and you get half off . Thanks . Message: attack Source: http://www.spammimic.com Disappearing Cryptography. Information Hiding: Steganography & Watermarking
  • 37. • Steganalysis is the study of detecting messages hidden using steganography. • The goal of steganalysis is to identify suspected packages, determine whether or not they have a payload encoded into them, and, if possible, recover that payload. • The problem is generally handled with statistical analysis. Steganalysis
  • 38. Steganalysis 144 141 81 10010000 10001101 01010001 Random 0 0,2 0,4 0,6 0,8 0 1
  • 40. Binary strings • In PHP, strings are just a sequence of bytes (C char type). • PHP stores the length of strings explicitly. Unlike C it does not need a zero termination to find the end of a string.
  • 41. 5 l l oh e*val len Binary strings typedef union _zvalue_value { long lval; double dval; struct { char *val; int len; } str; HashTable *ht; zend_object_value obj; } zvalue_value; 6 091 21314 0123 88 $str[5] Big endian: 14 - 0 Little endian: 0 - 14 strlen()
  • 42. pack()/unpack() • pack() packs data into a binary string according to a given format. • unpack() unpacks from a binary string into an array according to a given format.
  • 43. pack()/unpack() $now = new DateTime(); $id1 = 0x1f; $id2 = 0x8b; $cm = 0x08; $flags = 0x00; $mtime = $now->getTimestamp(); //0x54c13374 /* * Format: * - C4: 4 bytes. * - V: Unsigned long, 32 bit, little endian byte order */ $binStr = pack('C4V', $id1, $id2, $cm, $flags, $mtime); file_put_contents(__DIR__ . '/test.gz', $binStr); 74 3308 001f 8b c1 54
  • 44. pack()/unpack() $gzip = file_get_contents(__DIR__ . '/test.gz'); /* * Format: * - C2: 2 bytes (id1, id2). * - C1: 1 byte (cm), 1 byte (flags). * - V: Unsigned long, 32 bit, little endian byte order */ list($id1, $id2, $cm, $flags, $mtime) = array_values( unpack('C2id/C1cm/C1flags/Vmtime', $gzip) ); var_dump( dechex($id1), // 1f dechex($id2), // 8b dechex($cm), // 8 dechex($flags), // 0 dechex($mtime) // 54c13374 );
  • 45. Bitwise operators • Bitwise operators allow evaluation and manipulation of specific bits within an integer. • PHP provides 6 bitwise operators: &, |, ^, ~, << and >>.
  • 46. Bitwise operators 1 0 11 0 00 1 0 0 00 0 11 1 & 0 0 00 0 00 1 101 0x65 0145 0b01100101 200 0xc8 0310 0b11001000 64 0x40 0100 0b01000000
  • 47. Bitwise operators 1 0 11 0 00 1 0 0 00 0 11 1 | 1 0 11 0 11 1 101 0x65 0145 0b01100101 200 0xc8 0310 0b11001000 237 0xed 0355 0b11101101
  • 48. Bitwise operators 1 0 11 0 00 1 0 0 00 0 11 1 ^ 1 0 11 0 11 0 101 0x65 0145 0b01100101 200 0xc8 0310 0b11001000 173 0xad 0255 0b10101101
  • 49. Bitwise operators 1 0 11 0 00 1 2<< 101 0x65 0145 0b01100101 404 0x194 0624 0b1010110100 1 0 11 0 11 0 0 0 x << y == x * pow(2, y)
  • 50. Bitwise operators 1 0 11 0 00 1 2>> 101 0x65 0145 0b01100101 25 0x19 031 0b00011001 1 1 00 0 0 0 1 x << y == x / pow(2, y)
  • 51. Bitwise operators 1 0 11 0 00 1 ~ 101 0x65 0145 0b01100101 154 0x9a 0232 0b10011010 1 1 01 0 0 1 0
  • 52. Bitwise operators 0X14 $flag & 0x04Read flag Set flag Unset flag $flag | 0x04 $flag & ~0x04 0 0 0 1 0 1 0 0 0 0 0 0 0 1 0 0 & 0 0 0 0 0 1 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 1 0 0 | 0 0 0 1 0 1 0 0 0 0 0 1 0 1 0 0 1 1 1 1 1 0 1 1 & 0 0 0 1 0 0 0 0 0 0 0 1 0 1 0 0
  • 53. Demo #1: Hiding messages in GZIP file headers
  • 54. GZIP file format CM FLGID1 ID2 MTIME XFL OS CRC32 ISIZE COMPRESSED STREAM FTEXT FHCRC FEXTRA FNAME FCOMMENT 0FILE NAME Source: https://tools.ietf.org/html/rfc1952
  • 55. Demo #1.1 Embedding messages into GZIP FNAME header /demos/demo1/demo1_1 raulfraile/steganography_talk
  • 57. Demo #2: Hiding data into images
  • 58. • PHP extension to use the • It provides high level function to deal directly with pixels (they will be used to encode data), such as imagecolorat() and imagesetpixel(). GD extension Source: http://libgd.bitbucket.org/
  • 59. Demo #2.1 Embedding text data into images (+ steganalysis) /demos/demo2/demo2_1 raulfraile/steganography_talk
  • 60. Demo #2.2 Embedding images into images (+ steganalysis) /demos/demo2/demo2_2 raulfraile/steganography_talk
  • 61. Hiding code into code Demo #3
  • 62. • A polyglot is a program written in a valid form of multiple programming languages. • Generally are written in a combination of C (which allows redefinition of tokens with a preprocessor) and a scripting language. Polyglot programs
  • 63. polyglot.pl.php.py.rb.cpp Polyglot programs #/*<?php eval('echo "PHP Coden";'); __halt_compiler();?> */ #include <stdio.h> /* print ((("b" + "0" == 0) and eval('"Perl Coden"')) or (0 and "Ruby Coden" or "Python Code")); __DATA__ = 1 """"" __END__ ===== . ===== */ #ifdef __cplusplus char msg[9] = {'C','+','+',' ','C','o','d','e', 'n'}; #else char msg[7] = {'C',' ','C','o','d','e', 'n'}; #endif int main() { int i; for(i = 0; i < 9; ++i) putchar(msg[i]); return 0;} Source: https://gist.github.com/SaswatPadhi/2872457
  • 64. Demo #3.1 Embedding PHP code using __halt_compiler() /demos/demo3/demo3_1 raulfraile/steganography_talk
  • 65. __halt_compiler() • Halts the execution of the compiler. • The byte position of the data start is given by the __COMPILER_HALT_OFFSET__ constant. • PHAR files make use of this function to separate the stub (loader functionality) and the rest of the file (manifest, files and signature).
  • 66. __halt_compiler() 23 21 2f 75 73 72 2f 62 69 6e 2f 65 6e 76 20 70 |#!/usr/bin/env p| 68 70 0a 3c 3f 70 68 70 0a 0a 50 68 61 72 3a 3a |hp.<?php..Phar::| 6d 61 70 50 68 61 72 28 27 74 65 73 74 2e 70 68 |mapPhar('test.ph| 61 72 27 29 3b 0a 65 63 68 6f 20 27 68 65 6c 6c |ar');.echo 'hell| 6f 20 77 6f 72 6c 64 21 27 3b 0a 0a 5f 5f 48 41 |o world!';..__HA| 4c 54 5f 43 4f 4d 50 49 4c 45 52 28 29 3b 20 3f |LT_COMPILER(); ?| 3e 0d 0a 33 00 00 00 01 00 00 00 11 00 00 00 01 |>..3............| 00 00 00 00 00 00 00 00 00 05 00 00 00 31 2e 74 |.............1.t| 78 74 10 00 00 00 d2 1e 50 53 10 00 00 00 26 fb |xt......PS....&.| a7 61 b6 01 00 00 00 00 00 00 53 6f 6d 65 20 72 |.a........Some r| 61 6e 64 6f 6d 20 74 65 78 74 23 b5 11 ce 2c 41 |andom text#...,A| e0 d4 3a db 21 ee cc ec c2 8c f6 3f 93 e2 02 00 |..:.!……?....| 00 00 47 42 4d 42 |..GBMB| Source: http://www.slideshare.net/raulfraile/kernelinfect-creating-a-cryptovirus-for-symfony2-apps
  • 67. Demo #3.2 Hiding messages using whitespace characters /demos/demo3/demo3_2 raulfraile/steganography_talk
  • 68. Demo #3.3 Hiding code using whitespace characters /demos/demo3/demo3_3 raulfraile/steganography_talk
  • 69. Demo #3.4 Embedding Whitespace code in empty lines of Docblocks /demos/demo3/demo3_4 raulfraile/steganography_talk
  • 70. Whitespace • Esoteric programming language with only three lexical tokens: Space (ASCII 32), Tab (ASCII 9) and Line Feed (ASCII 10). • Stack based language with support for I/O, flow control and arithmetic operations.
  • 72. nikic/php-parser • A PHP parser written in PHP. • Useful for static code analysis, manipulation and generation. • Converts PHP code into an AST (Abstract Syntax Tree). • Uses a PHP 5.6 compliant grammar (backwards compatible with PHP 5.2+). Also, emulates tokens from different versions of the one running (for example, parse 5.6 code from 5.3). Source: https://github.com/nikic/PHP-Parser
  • 73. nikic/php-parser Assignment Variable Lnumber If Equal Statements Echo condition Name: test Value: 1 Lnumber Value: 1 Variable Name: test left right String Value: ok $test = 1; if (1 == $test) { echo 'ok'; }
  • 74. hello_world.ws nikic/php-parser $code = <<<CODE <?php $test = 1; if (1 == $test) { echo 'ok'; } CODE; $parser = new PhpParserParser( new PhpParserLexerEmulative ); $ast = $parser->parse($code);
  • 75. nikic/php-parser • The parser provides two main components: • NodeTraverser: For traversing and visiting the node tree. • PrettyPrinter: To compile the AST back to PHP code.