Instegogram: Exploiting Instagram for C2 via Image Steganography

Exploiting social media sites for command-and-control (C2) has been growing in popularity in the past few years. But both Good and Bad guys have privacy concerns about their communication methods. Discoverable encryption may not always be the answer. By using image steganography we hide command-and-control messages in plain sight within digital images posted to the social media site Instagram. In this presentation, we will demo Instegogram as well as discuss how to detect and prevent it.  

CLICK HERE TO VIEW SLIDES                      

Speaker Bio(s):

Amanda Rousseau absolutely loves malware. She works as a Malware Researcher at Endgame who focuses on dynamic behavior detection both on Windows and OSX platforms.

Hyrum Anderson is a data scientist at Endgame who researches problems in adversarial machine learning and deploys solutions for large scale malware classification.  He received a PhD in signal processing and machine learning from the University of Washington.

Daniel Grant is a data scientist at Endgame focusing on behavioral analysis and anomaly detection. He received a MS in Operations Research from Georgia Tech and likes building things that find bad guys when they are being sneaky.