Imagine scrolling through your Snapchat, X, or Facebook feed. At first glance, the picture you see looks ordinary, just another random image. But what if I told you that behind that image could be a secret no amount of staring would ever reveal?
This idea isn’t new. Long before the age of social media, images have been used as vessels for hidden messages, from espionage in wartime to covert communication between spies.
In this article, we’ll journey back in history to see how it all began, then dive into how such secrets are created and, most importantly, how they can be uncovered.
In an age where digital footprints reveal more than we realize, the art of hiding secrets has never been more relevant. While most people think of encryption when it comes to securing information, another ancient yet fascinating technique exists: steganography. Unlike encryption, which scrambles messages to make them unreadable, steganography conceals the very existence of a message, often within something as ordinary as an image.
A Historic Glimpse into Steganography
Steganography isn’t a modern invention—it has been with us for centuries. The term itself comes from the Greek words steganos (covered) and graphein (writing), meaning “covered writing.”
Ancient Greece: One of the earliest recorded examples comes from 440 BC, when Histiaeus shaved the head of a servant, tattooed a secret message on his scalp, and waited for the hair to grow back before sending him off. The message only appeared once the servant’s head was shaved again.
Invisible Ink: In the Renaissance and early modern periods, invisible ink made from lemon juice or milk was used to hide writing that could only be revealed by heat or chemicals.
World War II: Microdots became a popular technique. Messages, blueprints, or photographs were reduced to the size of a period on a typewritten page, virtually undetectable to the naked eye.
Each era adapted steganography to its available technologies. And in today’s digital world, the canvas has shifted to images, videos, and even audio files.
Steganography in the Digital Age
The principle of digital steganography is simple: small changes are made to a carrier file (such as an image) in a way that is imperceptible to human senses but carries hidden data. The most common method is Least Significant Bit (LSB) insertion.
In images, each pixel is made up of values representing colors. By changing the least significant bits of these values, secret data can be embedded without noticeably altering the image. To the naked eye, the picture looks unchanged, but hidden within, text, files, or even entire programs can reside.
For example, a vacation photo shared online could secretly contain sensitive information about financial records or communication logs, visible only to someone with the right decoding tools.
How does it work?
This is a random image. I have hidden an HTML file. Can you spot the hidden file? If you can not, then you need to read how I was able to embed information into this image.
First, you must have Kali Linux installed on your machine. I wrote a guide here on how to go about it.
[HOW TO PERFORM A REMOTE CODE EXECUTION ATTACK ON A SYSTEM](https://blog.learnhubafrica.org/2022/10/10/how-to-perform-a-remote-code-execution-attack-on-a-system/)
Run a sudo apt update and follow it up with a sudo apt upgrade
Next, we are going to install steghide, run **sudo apt install steghide**
Let's test what we can achieve with steghide, run steghide —help, here we will notice two key functions: embed and extract.
Keep these two functions, as we will revisit them soon.
Embedding Secret
First, get your image you want to embed the secret into, save it in your download folder as cover.jpg
Next, go to your download folder, right-click, and start a terminal there. Create your secret file by running touch secret.html
Next, save it, and then let's hide this inside our image. Run steghide embed ---embedfile secret.html --- coverfile cover.jpg
You will be asked to set a password. Note, when typing the password, it won't show, but type your password and reconfirm it, and then it will embed the image.
Once done, you can delete the secret.html file as we now have it embedded in our image.
Extraction
To extract an Image, you need to know that the image contains a secret, and you must have a passphrase, which most time is hidden in the write-up.
Run steghide extract --stegofile cover.jpg, then add the passphrase, and your hidden file will be extracted.
Hiding Exe Files
While traditional steganography focuses on concealing text or data within images, the same concept can be extended to executable files (.exe). The trick lies in combining the binary content of an image with that of an executable so that the picture still renders normally, but behind it exists a hidden program.
For example, an attacker might use simple command-line tools to append the contents of an .exe file to a JPEG or PNG.
To the user, the image looks harmless; open it, and you’ll see the same photo of a cat, car, or landscape. But with the right extraction or execution method, that same file can unleash the embedded program.
This works because most image viewers only read the data they need to display the picture and ignore anything appended afterward.
That blind spot allows extra code to ride along unnoticed. In practice, this technique is often combined with social engineering—sending a “funny picture” that is, in reality, a Trojan horse.
From a security standpoint, this is dangerous because it blurs the line between harmless media and executable code. A single image could, in theory, serve as both entertainment and exploitation, depending on how it is opened.
First step, let's create our payload using Metasploit
In our next article, we dive into this properly. I will be sharing how to break it all down.
If you enjoyed this story, consider joining our mailing list. We share real stories, guides, and curated insights on web development, cybersecurity, blockchain, and cloud computing, no spam, just content worth your time.
Top comments (0)