1597148040
Beginners CTF Guide: Finding Hidden Data in Images
Jeopardy-style capture the flag events are centered around challenges that participants must solve to retrieve the ‘flag’. The flag is a hidden string that must be provided to earn points. The more challenges you solve, the more flags you obtain, and the more points you receive. The participant or team with the highest score wins the event.
Challenges incorporate several hacking skills such as web exploitation, reverse engineering, cryptography, and steganography. These skills must be applied to the challenges to solve for the correct answer.
In this article, we will focus on finding hidden data in images and introduce commands and tools that you can use to help you find the flag.
Note: This is an introduction to a few useful commands and tools. The challenges you encounter may not be as straight forward as the examples in this article. Please do not expect to find every flag using these methods.
There will be images associated with each command and tool. The images will be stored at this GIT repository if you’d like to download them and try the commands and tools for yourself.
Prerequisites
- Linux system
- Internet connection
- Command-line knowledge
- Patience
File
The file command is used to determine the file type of a file. There may be times when you are given a file that does not have an extension or the incorrect extension has been applied to add confusion and misdirection.
We’ll cover 2 examples of the file command.
Example 1:
You are given a file named rubiks.jpg.
Running the file command reveals the following information.
mrkmety@kali:~$ file rubiks.jpg
rubiks.jpg: PNG image data, 609 x 640, 8-bit/color RGBA, non-interlaced
The file command shows that this is a PNG file and not a JPG.
Example 2:
You are given a file named solitaire.exe.
Running the file command reveals the following:
mrkmety@kali:~$ file solitaire.exe
solitaire.exe: PNG image data, 640 x 449, 8-bit/color RGBA, non-interlaced
The file command show this is a PNG file and not an executable file. Changing the extension to .png will allow you to further interact with the file.
Exiftool
Exiftool allows you to read and write meta information in files. Flags may be hidden in the meta information and can easily be read by running exiftool.
You may need to install exiftool on your system. Run the following command to install exiftool.
mrkmety@kali:~ $ sudo apt install libimage-exiftool-perl -y
Example 1:
You are provided an image named ocean.jpg.
Running the exiftool command reveals the following information.
mrkmety@kali:~ $ exiftool ocean.jpg
ExifTool Version Number : 11.16
File Name : ocean.jpg
Directory : .
File Size : 42 kB
File Modification Date/Time : 2020:07:05 14:56:03-05:00
File Access Date/Time : 2020:07:05 14:56:03-05:00
File Inode Change Date/Time : 2020:07:05 14:56:03-05:00
File Permissions : rw-r--r--
File Type : JPEG
File Type Extension : jpg
MIME Type : image/jpeg
JFIF Version : 1.01
Resolution Unit : inches
X Resolution : 72
Y Resolution : 72
Profile CMM Type : Little CMS
Profile Version : 2.1.0
Profile Class : Display Device Profile
Color Space Data : RGB
Profile Connection Space : XYZ
Profile Date Time : 2012:01:25 03:41:57
Profile File Signature : acsp
Primary Platform : Apple Computer Inc.
CMM Flags : Not Embedded, Independent
Device Manufacturer :
Device Model :
Device Attributes : Reflective, Glossy, Positive, Color
Rendering Intent : Perceptual
Connection Space Illuminant : 0.9642 1 0.82491
Profile Creator : Little CMS
Profile ID : 0
Profile Description : c2
Profile Copyright : IX
Media White Point : 0.9642 1 0.82491
Media Black Point : 0.01205 0.0125 0.01031
Red Matrix Column : 0.43607 0.22249 0.01392
Green Matrix Column : 0.38515 0.71687 0.09708
Blue Matrix Column : 0.14307 0.06061 0.7141
Red Tone Reproduction Curve : (Binary data 64 bytes, use -b option to extract)
Green Tone Reproduction Curve : (Binary data 64 bytes, use -b option to extract)
Blue Tone Reproduction Curve : (Binary data 64 bytes, use -b option to extract)
Comment : THIS IS THE HIDDEN FLAG
Image Width : 640
Image Height : 425
Encoding Process : Progressive DCT, Huffman coding
Bits Per Sample : 8
Color Components : 3
Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2)
Image Size : 640x425
Megapixels : 0.272
Hidden in the meta-information is a field named ‘Comment’. The value is where the flag can be hidden.
Additional meta-information within files may be useful depending on the challenge.
#ctf #capture-the-flag #kali-linux #hacking #steganography #linux
What is GEEK
Buddha Community
1620466520
Your Data Architecture: Simple Best Practices for Your Data Strategy
If you accumulate data on which you base your decision-making as an organization, you should probably think about your data architecture and possible best practices.
If you accumulate data on which you base your decision-making as an organization, you most probably need to think about your data architecture and consider possible best practices. Gaining a competitive edge, remaining customer-centric to the greatest extent possible, and streamlining processes to get on-the-button outcomes can all be traced back to an organization’s capacity to build a future-ready data architecture.
In what follows, we offer a short overview of the overarching capabilities of data architecture. These include user-centricity, elasticity, robustness, and the capacity to ensure the seamless flow of data at all times. Added to these are automation enablement, plus security and data governance considerations. These points from our checklist for what we perceive to be an anticipatory analytics ecosystem.
#big data #data science #big data analytics #data analysis #data architecture #data transformation #data platform #data strategy #cloud data platform #data acquisition
1620629020
Getting Started With Data Lakes
Frameworks for Efficient Enterprise Analytics
The opportunities big data offers also come with very real challenges that many organizations are facing today. Often, it’s finding the most cost-effective, scalable way to store and process boundless volumes of data in multiple formats that come from a growing number of sources. Then organizations need the analytical capabilities and flexibility to turn this data into insights that can meet their specific business objectives.
This Refcard dives into how a data lake helps tackle these challenges at both ends — from its enhanced architecture that’s designed for efficient data ingestion, storage, and management to its advanced analytics functionality and performance flexibility. You’ll also explore key benefits and common use cases.
Introduction
As technology continues to evolve with new data sources, such as IoT sensors and social media churning out large volumes of data, there has never been a better time to discuss the possibilities and challenges of managing such data for varying analytical insights. In this Refcard, we dig deep into how data lakes solve the problem of storing and processing enormous amounts of data. While doing so, we also explore the benefits of data lakes, their use cases, and how they differ from data warehouses (DWHs).
This is a preview of the Getting Started With Data Lakes Refcard. To read the entire Refcard, please download the PDF from the link above.
#big data #data analytics #data analysis #business analytics #data warehouse #data storage #data lake #data lake architecture #data lake governance #data lake management
1618039260
How Has COVID-19 Impacted Data Science?
The COVID-19 pandemic disrupted supply chains and brought economies around the world to a standstill. In turn, businesses need access to accurate, timely data more than ever before. As a result, the demand for data analytics is skyrocketing as businesses try to navigate an uncertain future. However, the sudden surge in demand comes with its own set of challenges.
Here is how the COVID-19 pandemic is affecting the data industry and how enterprises can prepare for the data challenges to come in 2021 and beyond.
#big data #data #data analysis #data security #data integration #etl #data warehouse #data breach #elt
1597579680
Applications Of Data Science On 3D Imagery Data
CVDC 2020, the Computer Vision conference of the year, is scheduled for 13th and 14th of August to bring together the leading experts on Computer Vision from around the world. Organised by the Association of Data Scientists (ADaSCi), the premier global professional body of data science and machine learning professionals, it is a first-of-its-kind virtual conference on Computer Vision.
The second day of the conference started with quite an informative talk on the current pandemic situation. Speaking of talks, the second session “Application of Data Science Algorithms on 3D Imagery Data” was presented by Ramana M, who is the Principal Data Scientist in Analytics at Cyient Ltd.
Ramana talked about one of the most important assets of organisations, data and how the digital world is moving from using 2D data to 3D data for highly accurate information along with realistic user experiences.
The agenda of the talk included an introduction to 3D data, its applications and case studies, 3D data alignment, 3D data for object detection and two general case studies, which are-
- Industrial metrology for quality assurance.
- 3d object detection and its volumetric analysis.
This talk discussed the recent advances in 3D data processing, feature extraction methods, object type detection, object segmentation, and object measurements in different body cross-sections. It also covered the 3D imagery concepts, the various algorithms for faster data processing on the GPU environment, and the application of deep learning techniques for object detection and segmentation.
#developers corner #3d data #3d data alignment #applications of data science on 3d imagery data #computer vision #cvdc 2020 #deep learning techniques for 3d data #mesh data #point cloud data #uav data
1618457700
What Is ETLT? Merging the Best of ETL and ELT Into a Single ETLT Data Integration Strategy
Data integration solutions typically advocate that one approach – either ETL or ELT – is better than the other. In reality, both ETL (extract, transform, load) and ELT (extract, load, transform) serve indispensable roles in the data integration space:
- ETL is valuable when it comes to data quality, data security, and data compliance. It can also save money on data warehousing costs. However, ETL is slow when ingesting unstructured data, and it can lack flexibility.
- ELT is fast when ingesting large amounts of raw, unstructured data. It also brings flexibility to your data integration and data analytics strategies. However, ELT sacrifices data quality, security, and compliance in many cases.
Because ETL and ELT present different strengths and weaknesses, many organizations are using a hybrid “ETLT” approach to get the best of both worlds. In this guide, we’ll help you understand the “why, what, and how” of ETLT, so you can determine if it’s right for your use-case.
#data science #data #data security #data integration #etl #data warehouse #data breach #elt #bid data