Stegosaurus: A Steganography Tool

Stegosaurus is a steganography tool that is used for embedding payloads within Python byte code. The process does not modify the runtime performance or file size of the carrier file and typically results in a low encoding density. The payload is isolated throughout the byte code so tools like strings will not show the real payload. Python’s dis module will return the same results for byte code before and after Stegosaurus is used to embed a payload.

Payloads, delivery and receipt methods are exclusively up to the user. Stegosaurus only provides the sources to embed and extract payloads from a given Python byte code file. Due to the need to leave file size intact, a comparatively few number of bytes can be used to deliver the payload. This may involve spreading larger payloads across multiple byte code files, which have some advantages such as:

Delivering a payload in pieces over time.
Portions of the payload can be spread over multiple locations and joined when needed.
A single portion being compromised does not divulge the whole payload.
Thwarting detection of the entire payload by spreading it across multiple seemingly unrelated files.

Previously, no prior work or detection methods were known for this type of payload delivery.

Download Now

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...