Stego-Drop: Hiding Shellcode in PNG Images with LSB Steganography
Steganography is the practice of hiding data inside something that looks completely normal. Unlike encryption, which makes data unreadable, steganography makes data invisible. On a red team engagement, that distinction matters. Encrypted traffic gets flagged. A PNG image of a cat sitting on a keyboard? Nobody looks twice. I built stego-drop to explore this concept hands-on: a Python tool that embeds binary payloads (shellcode, scripts, whatever you want) into PNG images using Least Significant Bit encoding. In this post I’ll walk through how LSB steganography works, how I built the tool, and how to use it. ...