SectorH
  • Introduction
  • Team
  • 🅰️Search and Submit
  • 🅱️Sectorh.sol
  • NFT Collections and Lore
    • ⭕SectorH 1337 Rings
    • ☄️SectorH Operatives
    • 🌑SectorH Unseen
    • 🏹SectorH Degen Warriors
  • Tokenomics
  • Services Offered
    • ⚔️Top 10 Items to Derug
    • 🆘Help Recover My NFTs
  • Security Tips
    • Wallet Setup
    • Discord Security
    • Handling Malicious Domains
    • Top 5 Signs of NFT Scammers
    • 5 Ways A Scammer Targets You
    • Top 5 Ways to Identify a Fake NFT
    • Steganography in NFTs
    • AI Security Prompts
  • 🔗Official Links
  • Adversary Collective
    • The Hooligan Gang
      • Rugged Project Evidence
      • Discord Evidence
      • Twitter Evidence
      • Wallet Evidence
    • Ghost Ape Degen - In Draft
      • Scam Evidence
      • Discord Evidence
      • Scam NFTs
      • Wallet Evidence
  • Security Terminology
    • Durable Nonce Attack
    • Oracle Manipulation
    • Token Account Delegation
Powered by GitBook
On this page
  • Overview
  • How is Steganography used today?
  • Tools
  1. Security Tips

Steganography in NFTs

The practice of concealing messages or information within other nonsecret text or data.

PreviousTop 5 Ways to Identify a Fake NFTNextAI Security Prompts

Last updated 1 year ago

Overview

Steganography plays an interesting role in the NFT space since it usually involves hiding data inside files such as images, videos, and audio which are commonly used in NFTs. The first recorded use of the term Steganography was in 1499 by Johannes Trithemius in his book Steganographia, which was disguised as a book on magic. The first instance of Steganography however goes back to 440 BC where a servants head was shaved and a message was marked on his scalp and concealed later by his grown hair.

How is Steganography used today?

Today Steganography is used in many ways such as for criminal use, spying, or simply for puzzels. Some criminals and malicious hackers may use it for hiding malicious payloads in files or for simply hiding other code and messages.

Sometimes spy organizations may use it for communicating to different parties.

Sometimes communities like SectorH may use it for puzzels and games or sending messages to particular users. There have also been known attacks where a weaponized Excel document contained a PowerShell script that downloads steganographic images. The script extracts addition code from the images which was used to download a trojan. There have been other attack discussions where a hosted image was accessed from a windows command line and was used to invoke Mimikatz (A tool used to extract passwords and more).

Tools

Some common tools used to hide information in files include:

  • OpenStego - Attaches a secret message file inside BMP, GIF, JPEG, PNG and WBMP files.

  • rSteg - A java based tool that lets you hide text data inside an image.

  • Steghide - Opensource tool that lets you hide your file in an image or audio file.

  • SteganPEG - Lets you hide any image in a JPG file.

Some common tools used for analysis of Steganography files include:

  • StegCracker - Brute force utility to uncover hidden data inside files.

  • Stegextract - Detect hidden files and text in images.

  • Stegsolve - Applies various techniques to images.

  • Zsteg - PNG/BMP analysis.

References

https://en.wikipedia.org/wiki/Steganography
https://portswigger.net/daily-swig/what-is-steganography-a-complete-guide-to-the-ancient-art-of-concealing-messages
https://resources.infosecinstitute.com/topic/steganography-and-tools-to-perform-steganography/
https://github.com/peewpw/Invoke-PSImage
https://www.yeahhub.com/top-steganography-tools-ctf-challenges/
https://www.securityweek.com/attack-combines-phishing-steganography-powershell-deliver-malware
SectorH OG 1337 Ring