Stegarmory: Offensive Cyber Security Software for Embedding Shellcode in Images
Abstract The paper introduces StegArmory, a new open source software package with practical applications for offensive cyber security operators. StegArmory uses steganography techniques to embed machine code, or shellcode, in images. Shellcode is typically flagged as malicious by antivirus software due to the payloads they often contain, but detection becomes more difficult when shellcode is embedded in a common image file. Using steganography to embed shellcode within portable network graphic (PNG) images, StegArmory provides a new way to avoid detection of potentially malicious payloads while ensuring reliable transmission. In this paper, the StegArmory software development process is described, performance benchmarks are established and detection metrics are measured using sample cover images. Two image-based steganography techniques are utilized, least significant bit (LSB) and pixel value differencing (PVD). Test results indicate the software effectively produces PNG image files, using both LSBand PVD approaches, with embedded shellcode capable of avoiding malicious payload detection. The LSB method is faster but the PVD method handles larger payloads and image modifications are more difficult to detect.