There are ways that a file [.jpg, .pdf, .png, etc..] can contain a malware using steganography. How can a file be analyze in order to verify it doesn't contain any malware?
Asked
Active
Viewed 42 times
0
-
Do you count a photo of a hex dump of malware? – user253751 Oct 28 '20 at 18:07
-
Although Schroeder doen't like it, here's my answer to a very similar question. https://security.stackexchange.com/a/238986/184559 – user10216038 Oct 28 '20 at 22:13
-
Do you know any tool to analyze this on the run? I checked this answer [link](https://security.stackexchange.com/questions/2144/detecting-steganography-in-images) but one link is broken and the I found you had to install them and run there the image. – ferpalma21.eth Oct 29 '20 at 09:39
-
There are standard tools for analyzing standard Steg. The catch is that Steg has so many variants you can't be confident of a non-detect. You have to ask yourself, *"What is your objective?"* If it's to detect, what are you going to do as a result? If the objective is to neutralize, it's more reliable to blindly neutralize everything via transcoding without ever detecting. Most importantly, what is your perceived threat? – user10216038 Oct 29 '20 at 16:28