Welcome to the first week of the third module of YoS!
This week, we're going to be dealing with Steganography. It is basically hiding a (secret) message inside something (possibly, another message). It may be physical or digital, on paper or image/audio.
So there's a difference between cryptography and steganography. Cryptography is the practice of protecting the message alone whilst steganography is concerned with concealing the fact that a secret message is being sent. The advantage of steganography over cryptography is that the secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable they are, arouse interest and may in themselves be incriminating in countries in which encryption is illegal (see https://www.gp-digital.org/world-map-of-encryption/).
One of the ways to get the password of an account/file would be to get them through victim, either directly (hey, what's your insta password?) or some clever act like social engineering. That might seemed old-fashioned relative to "newer" methods. Attempting to crack passwords by trying as many possibilities is a brute force attack. A related method, rather more efficient in most cases, is a dictionary attack. In a dictionary attack, all words in one or more dictionaries are tested. Lists of common passwords are also typically tested.
Password strength is the likelihood that a password cannot be guessed or discovered, and varies with the attack algorithm used. Cryptologists and computer scientists often refer to the strength or 'hardness' in terms of entropy(https://www.youtube.com/watch?v=3NjQ9b3pgIg and https://en.wikipedia.org/wiki/Password_strength). For brute-force attack, some password list is used, standard or maybe self-made. You can construct more powerful custom password list by 'social engineering' and guessing what might the victim put in their password (for example, it might their favourite celebrity).
Also, see https://en.wikipedia.org/wiki/RockYou#Data_breach and https://haveibeenpwned.com/Passwords.
https://esolangs.org/wiki/Main_Page
https://ctfs.github.io/resources/topics/steganography/README.html
https://ctf101.org/forensics/what-is-stegonagraphy/
https://picoctf.org/learning_guides/Book-4-Forensics.pdf
https://wiki.bi0s.in/forensics/roadmap/
https://www.youtube.com/playlist?list=PL1H1sBF1VAKV6rTEh76pxQKgeFwme5gsT
https://www.youtube.com/watch?v=TWEXCYQKyDc
We have designed 3 challenges:
- Bernhard-Riemann
- Weird
- pdf-mania
All challenges are present in different folders of this repository. All in all, you would need to solve atleast 2 challenges throughtout the module but we encourage that you solve all of these, for things are more fun that way 😊. Make sure you go through the respective README.md files before jumping into the challenge. Have fun! 😁
Discussions among mentees are encouraged and we request you to use our Discord Server for the same.
Created with ❤️ by CSec