Steganography is the practice of concealing data (which can be in the form of a message, image, or file) within another set of data so that it can be hidden from third parties.

There are many different methods that steganography can be accomplished with. One way is by appending a message to the end of the file. How this works is, when looking at the hexadecimal data, an image file has starting and ending bytes dictating the size. Anything after the terminating byte will be ignored when displaying the image. The bytes will vary depending on the file type, for example the terminating byte of a JPEG is ffd9. The best tool to use in this scenario is Hexedit.

Another way steganography is used in images is by embedding the message in the actual image and making it nearly invisible with low opacity and filters. There are a variety of internet tools for dealing with image manipulation. The audio file equivalent is creating a message through a spectogram. Sonic Visualizer is a good tool to find these messages.

In the context of a CTF, these challenges are usually presented as a simple image (or sometimes audio or video file) with no other instructions, and it is up to the competitor to run it through a hex editor to find out if it involves steganography. If you are presented with an image and no instructions, your safest bet is that is has a hidden flag after the closing tags of the image.

There are several tools available both online and from the command-line that can be used to solve steganography challenges. A few are listed below:

  • Binwalk: A tool for extracting hidden files from an image
  • Gimp: The GNU Image Manipulation Program, useful for discovering hidden bits
  • Stegsolve: A GUI tool to extract data based on bit planes to analyze images
  • strings command: Prints text strings embedded in a file. Ex: strings filename
  • Hexeditor: Allows you to view the raw bytes of a file
  • xxd command: Linux command that creates a hex dump of a given file
  • Windows Paint: More CTF stego problems than you expect can be solved simply using Paint to uncover a message

Tools: https://medium.com/@FourOctets/ctf-tidbits-part-1-steganography-ea76cc526b40

Info: https://ctfs.github.io/resources/topics/steganography/README.html

Stego Toolkit: https://github.com/DominicBreuker/stego-toolkit

Challenges: https://veteransec.com/2018/10/18/vetsec-takes-first-in-the-hacktober-ctf-summary-steganography-write-up/