Obfuscation is often easy to recognize when it is being used; but not so easy when it pretends to be part of a binary's embedded data and used to communicate secrets back and forth.
Introduction
This article covers a handful of fun ways to play with executable binary files instead of just running them like everyone else. We will cover binary files using C, and tools using Python3, which automates our workflow and processes with shell scripts, and running this in a Linux environment, using Linux tooling.
We'll be playing with obfuscating data and injecting them in a somewhat stealth fashion into the binaries so that it remains in the binary, where most things won't care what it is because it isn't being called directly. As a result, we do not have to route to test this data in a sandbox; and since the data is obfuscated or even encrypted with strong crypto, it won't appear obvious that something is hiding there.
This is useful when data moves from one area to another, which needs to be monitored to determine what type of data, or data content passed between entities.
Blue teams might become aware of this, and therefore not just whitelist the activity as we have seen many teams do; mostly because of alert fatigue.
Let's begin our journey in hiding in plain sight.
What you will learn:
To hide and manipulate data in a binary file for various purposes such as infiltration and exfiltration.
What....>
Author
Latest Articles
- OfficialAugust 26, 2024Getting Started in Cyber Security Forensics with AI and ChatGPT
- NewOctober 3, 2023Hunting Hackers Using Autopsy on a macOS Image
- OfficialSeptember 26, 2023Hunting for macOS Ransomware Using VirusTotal Enterprise
- OfficialSeptember 10, 2023VirusTotal’s Code Insight Versus ChatGPT Analysis