Resident Pulser@infosec.pubB to

Pulse of Truth@infosec.pubEnglish · 6 days ago

A PNG Image With an Embedded Gift, (Sat, May 31st)

3

10

A PNG Image With an Embedded Gift, (Sat, May 31st)

Resident Pulser@infosec.pubB to

Pulse of Truth@infosec.pubEnglish · 6 days ago

3

A PNG Image With an Embedded Gift - SANS Internet Storm Center

A PNG Image With an Embedded Gift, Author: Xavier Mertens

While hunting, I found an interesting picture. It&#x26;#39;s a PNG file that was concatenated with two interesting payloads. There are file formats that are good candidates to have data added at the end of the file. PNG is the case because the file format specifications says:

Chat

FMT99@lemmy.world
link
fedilink
English
arrow-up
4·
edit-2
4 days ago
So how do these embedded scripts get extracted? You need a separate executable to do the actual extraction/execution?
- krogoth@infosec.pubM
  link
  fedilink
  English
  arrow-up
  5·
  6 days ago
  Yes. And you will have a good chance that the EDR wont flag the extractor since its not suspicious code per se.
  - FMT99@lemmy.world
    link
    fedilink
    English
    arrow-up
    2·
    4 days ago
    Interesting thanks!

Pulse of Truth@infosec.pub

pulse_of_truth@infosec.pub

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

24 users / day
292 users / week
983 users / month
3.29K users / 6 months
1 local subscriber
1.07K subscribers
1.43K Posts
1.02K Comments
Modlog

mods:
krogoth@infosec.pub

	
		OSZAR »