Resident Pulser@infosec.pubB to

Pulse of Truth@infosec.pubEnglish · 6 days ago

A PNG Image With an Embedded Gift, (Sat, May 31st)

3

10

A PNG Image With an Embedded Gift, (Sat, May 31st)

Resident Pulser@infosec.pubB to

Pulse of Truth@infosec.pubEnglish · 6 days ago

3

A PNG Image With an Embedded Gift - SANS Internet Storm Center

A PNG Image With an Embedded Gift, Author: Xavier Mertens

While hunting, I found an interesting picture. It&#x26;#39;s a PNG file that was concatenated with two interesting payloads. There are file formats that are good candidates to have data added at the end of the file. PNG is the case because the file format specifications says:

You must log in or register to comment.

Chat

FMT99@lemmy.world
link
fedilink
English
arrow-up
4·
edit-2
4 days ago
So how do these embedded scripts get extracted? You need a separate executable to do the actual extraction/execution?
- krogoth@infosec.pubM
  link
  fedilink
  English
  arrow-up
  5·
  6 days ago
  Yes. And you will have a good chance that the EDR wont flag the extractor since its not suspicious code per se.
  - FMT99@lemmy.world
    link
    fedilink
    English
    arrow-up
    2·
    4 days ago
    Interesting thanks!

Pulse of Truth@infosec.pub

pulse_of_truth@infosec.pub

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !pulse_of_truth@infosec.pub

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

24 users / day
291 users / week
743 users / month
751 users / 6 months
2 local subscribers
1.08K subscribers
214 Posts
118 Comments
Modlog

mods:
krogoth@infosec.pub