1
00:00:01,140 --> 00:00:02,970
Let's talk about steganography.

2
00:00:03,240 --> 00:00:11,820
So what is steganography in simple terms, hiding a data behind another data is called steganography,

3
00:00:11,940 --> 00:00:21,000
for example, hiding text behind another text or hiding image behind another image or hiding text behind

4
00:00:21,000 --> 00:00:23,720
image or the hiding image behind video.

5
00:00:24,070 --> 00:00:30,210
OK, also we can hide executable files behind image, so let's see how to do that.

6
00:00:30,660 --> 00:00:30,980
Right.

7
00:00:32,220 --> 00:00:36,900
So we will start with hiding files using NBFC stream.

8
00:00:37,440 --> 00:00:44,820
OK, and what if it is a stream consist of a data associated with the main file or directory.

9
00:00:45,390 --> 00:00:45,750
Right.

10
00:00:46,500 --> 00:00:52,630
So in this spectacle we are going to hide calculator file.

11
00:00:52,770 --> 00:00:53,220
Okay.

12
00:00:53,460 --> 00:00:59,800
Gazy executable file, which is for a calculator and we will going to hide this behind a text file.

13
00:01:00,420 --> 00:01:00,760
Right.

14
00:01:01,110 --> 00:01:07,580
So in real world you can replace a calculator by your backdoor or by Trudgen.

15
00:01:07,770 --> 00:01:08,100
Right.

16
00:01:08,400 --> 00:01:16,560
So when someone opens a text file, it won't know that behind this text file there is another Trojan

17
00:01:16,560 --> 00:01:17,220
or backdoor.

18
00:01:17,250 --> 00:01:20,620
OK, but in the background that Drosnin will execute.

19
00:01:21,230 --> 00:01:21,570
Right.

20
00:01:22,230 --> 00:01:24,320
But the user is not able to see it.

21
00:01:26,400 --> 00:01:30,850
So first of all, you have to follow these steps separated by comma.

22
00:01:31,500 --> 00:01:31,800
Right.

23
00:01:32,220 --> 00:01:34,650
So first of all, let's open command prompt.

24
00:01:35,160 --> 00:01:39,630
So could run as admin.

25
00:01:42,530 --> 00:01:46,130
Now, never get to see drive.

26
00:01:48,680 --> 00:01:51,710
So the next step is to create a folder named Magic.

27
00:01:51,740 --> 00:02:05,420
OK, so maybe magic, and now the next step is to open a notepad and create a phone call, read me and

28
00:02:05,480 --> 00:02:06,950
say hello, world in it.

29
00:02:07,790 --> 00:02:08,930
So notepad.

30
00:02:11,660 --> 00:02:13,940
I hello one.

31
00:02:20,460 --> 00:02:24,560
Right now, save this file into your magic folder.

32
00:02:26,920 --> 00:02:31,060
So I'll give it a name, README.

33
00:02:36,920 --> 00:02:37,340
No.

34
00:02:40,730 --> 00:02:51,620
Bret Baier to list all the directories, first of all, let's navigate through magic folder and now

35
00:02:51,620 --> 00:02:58,700
they I see here is the Refaeli we have recently created and its size is 13 bytes.

36
00:02:58,880 --> 00:03:00,110
Remember this size.

37
00:03:00,280 --> 00:03:08,480
OK, now the next step is to copy a calculator to magic folder.

38
00:03:08,960 --> 00:03:15,740
OK, so the executable file for calculator is Ganassi Dot Yuxi.

39
00:03:17,090 --> 00:03:19,250
So there are two ways to do this.

40
00:03:19,520 --> 00:03:23,210
Either you can use command prompt or you can never get to the C drive.

41
00:03:25,640 --> 00:03:34,250
Go to windows and search for sys 32.

42
00:03:36,590 --> 00:03:45,720
And search for Kelsey, OK, copy this, go to Sue Drive Magic folder and based here.

43
00:03:46,590 --> 00:03:51,590
OK, see the size of calculator file is 27 Gayby.

44
00:03:52,190 --> 00:03:58,150
OK, now the next step is to type this command.

45
00:03:59,630 --> 00:04:00,530
So let's do that.

46
00:04:02,950 --> 00:04:08,080
So they see Golombek backslash magic.

47
00:04:09,920 --> 00:04:10,520
Kelsey.

48
00:04:13,070 --> 00:04:25,740
Do it again, again, see Golombek slash magic, then the final name, Colin Dot E.

49
00:04:26,350 --> 00:04:31,800
OK, so we're actually hiding Kelvinator behind our next fake.

50
00:04:33,920 --> 00:04:34,250
Done.

51
00:04:35,460 --> 00:04:40,620
Now, the next step is to check the size of the fight, so the.

52
00:04:44,150 --> 00:04:49,430
Zika is the size of the 513 bites is the same as earlier.

53
00:04:50,550 --> 00:04:56,020
Instead, we help attach this calculator to find behind this text file.

54
00:04:56,420 --> 00:05:01,510
But still, the size of the fight has not yet increased.

55
00:05:02,150 --> 00:05:02,570
Right.

56
00:05:02,810 --> 00:05:06,620
So nobody knows that behind this tartine bites.

57
00:05:06,740 --> 00:05:13,190
Fine, then the 27 gabey fine attached right now.

58
00:05:14,870 --> 00:05:16,770
Let's the calculator find.

59
00:05:17,390 --> 00:05:21,110
OK, so go to magic folder and build this file.

60
00:05:24,330 --> 00:05:28,650
Now, the last command is to create a symbolic link.

61
00:05:29,080 --> 00:05:38,190
OK, so let's do that and killing, let's name it Backdoor Draft Yuxi.

62
00:05:40,540 --> 00:05:49,030
Then the name of the file rudiment or text colon cancer or 3.x, you see it's symbolically created for

63
00:05:49,030 --> 00:05:49,510
Bedau.

64
00:05:50,140 --> 00:05:55,960
Now, let's see the magic when someone opens this file.

65
00:05:56,200 --> 00:06:00,050
OK, what if someone executed this fight?

66
00:06:00,070 --> 00:06:07,180
OK, suppose I type back door dot exit, which is attached to readme text.

67
00:06:07,720 --> 00:06:14,890
OK, but in actually in the background calculator will be executed.

68
00:06:14,920 --> 00:06:20,380
OK, so if they begged altered XY we will see a calculator opening.

69
00:06:21,550 --> 00:06:23,660
OK, so let's enter.

70
00:06:30,440 --> 00:06:37,410
OK, first, let's check whether this file created or not, so, yes, metadata is scooter.

71
00:06:37,850 --> 00:06:39,820
Now let's turn back dot, dot.

72
00:06:41,010 --> 00:06:47,960
See, we have an open file backdoor, but actually calculator's open.

73
00:06:47,960 --> 00:06:52,370
So this way we can attach an executable file behind a text file.

74
00:06:52,940 --> 00:07:01,190
OK, so then your target actually runs another file that is backdoor our little file, which is hidden

75
00:07:01,490 --> 00:07:03,110
in this case it is calculator.

76
00:07:03,230 --> 00:07:04,400
So it will open.

77
00:07:05,150 --> 00:07:05,530
Right.

78
00:07:06,710 --> 00:07:12,600
So this is how we can hide data or files using NTFS stream.

79
00:07:12,660 --> 00:07:20,330
Now the next video, I will show you how to hide some data using whitespace steganography.