Instegogram: Exploiting Instagram for C2 via Image Steganography

DEF CON 24

Presented by: Hyrum Anderson, Daniel Grant, Amanda Rousseau
Date: Friday August 05, 2016
Time: 15:00 - 15:30
Location: Crypto and Privacy Village

Exploiting social media sites for command-and-control (C2) has been growing in popularity in the past few years. But both Good and Bad guys have privacy concerns about their communication methods. Discoverable encryption may not always be the answer. By using image stenography we hide command-and-control messages in plain sight within digital images posted to the social media site Instagram. In this presentation, we will demo Instegogram as well as discuss how to detect and prevent it.

Amanda Rousseau

Amanda absolutely loves malware. She works as a Malware Researcher at Endgame who focuses on dynamic behavior detection both on Windows and OSX platforms. @_Amanda_33

Hyrum Anderson

Hyrum Anderson is a data scientist at Endgame who researches problems in adversarial machine learning and deploys solutions for large scale malware classification. He received a PhD in signal processing and machine learning from the University of Washington. @drhyrum

Daniel Grant

Daniel Grant is a data scientist at Endgame focusing on behavioral analysis and anomaly detection. He received a MS in Operations Research from Georgia Tech and likes building things that find bad guys when they are being sneaky.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats