Discussion
Did you know that you can passively download malicious payloads onto target systems?
Lots of software caches images locally to save bandwidth, often without stripping metadata.
You can leverage this functionality to download payloads.
Simply store your payload inside a valid image, then just have the target's web browser or email client download it for you.
No more web requests to obtain follow-up payloads!
Who knew that tracking pixels could be 64KB in size?
You would not notice just by looking at them.
"To my surprise, the size limit of the Exif header was much larger than expected. An entire 64-KB worth of metadata can be stored in the image. But better yet, a single Exif field can use up the entire 64-KB of space."
@malwaretech Instead of using EXIF in JPEG, how about using tEXt chunk in a PNG? It can be much larger (up to 2 GB IIRC), and a conveniently-placed nul byte will similarly hide the content from normal viewers.
@jernej__s Gonna look into this, thanks
@malwaretech @jernej__s RIFF used by webp also looks like it should be easy to stuff in large chunks that will be ignored by standard conforming viewers/browsers https://developers.google.com/speed/webp/docs/riff_container
@malwaretech thank you, malwaretech from infosec dot exchange
A space for Bonfire maintainers and contributors to communicate
