this post was submitted on 31 May 2025
10 points (100.0% liked)

Pulse of Truth

1091 readers
10 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago
MODERATORS
krogoth
10
A PNG Image With an Embedded Gift, (Sat, May 31st) (isc.sans.edu)
submitted 1 week ago by lemmydev2 to c/pulse_of_truth
3 comments fedilink hide all child comments
 

While hunting, I found an interesting picture. It's a PNG file that was concatenated with two interesting payloads. There are file formats that are good candidates to have data added at the end of the file. PNG is the case because the file format specifications says:

top 3 comments
sorted by: hot top controversial new old
[–] FMT99@lemmy.world 4 points 1 week ago* (last edited 5 days ago) (1 children)

So how do these embedded scripts get extracted? You need a separate executable to do the actual extraction/execution?

[–] krogoth 5 points 6 days ago (1 children)

Yes. And you will have a good chance that the EDR wont flag the extractor since its not suspicious code per se.

[–] FMT99@lemmy.world 2 points 5 days ago

Interesting thanks!