Cheatsheet

Steganography decision tree

Steganography — where to look firstnumbers = try in this order · hover for detailANY FILErun first: file · exiftool · strings · binwalkPNG / BMP1zsteg -aLSB text / files2pngcheck -vtp7fCRC / IHDR size3bit planesall channels + MSB4data after IENDcarve the trailer5palette remapindexed PNG6OpenStegorandomized LSBJPEG1steghide -p ''try empty pass2stegseek rockyoucrack passphrase3outguess / jstegjphide4stegdetectstatisticalGIF / APNG1extract framesffmpeg -vsync 02frame durationsmorse / binary3diff framesconsecutive4palette tricksAUDIO1spectrogram FIRSTAudacity / sox2waveform→ Morse3WAV LSBstegolsb wavsteg4SSTV / DTMF / FSKQSSTV / minimodem5steghideDeepSoundVIDEO1ffprobe streamscount tracks2extract framesffmpeg -vsync 03subtitle / attach-map 0:s / dump4audio track→ spectrogram5moov / trailingexiftool · binwalkTEXT1cat -A → stegsnowwhitespace2zero-widthU+200B / C / D3homoglyphsmixed alphabets4encodingsCyberChef MagicARCHIVE / DOC1unzip / 7zappended zip2binwalk -ecarve embedded3polyglot?two magic bytes4pdf / docx / apkit's a zip5fcrackzip -u -Dcrack zipPCAP / NET1tshark -qz io,phswhat's inside2--export-objectscarve HTTP/SMB3usb.capdatakeystrokes4dns.qry.nameexfil in subdomainsUNKNOWN / RAW1file / hex editoridentify2binvis.iovisualize bytes3raw importGIMP / Audacity4QR / Brailledecode blob

Hover or tap a step for the command and details · drag to pan · scroll to zoom