The project is comprised of 3 modules: The embedding Module which is written in Ruby The Execution/ exploiting stage The IMP Scanner, to scan for Images with Malicious Programs (IMP) For the embedding the following are the stages: Generate malicious program (malp.exe) using msfpayload from metasploit encode the generated program (malp.exe) using msfencode from metasploit obfuscate malp.exe using UPX or any other suitable packer like Themida to make sure it is not detected by antivirus. embed malip.exe into selected stegoimage (stegoimg.jpg) using F5 algorithm (for transform domain steganography) or Jsteg (for spatial domain steganography). the size of the image should be more than double the size of malp.exe to be safe and to ensure no distortion occurs. Deploy the image to the target machine. Many possible ways of doing this including keydrops with manipulated autorun.inf file to extract malp from stego or passive propagation via FTP shared folder and then later
infosec and all things related