{"id":14202,"date":"2021-07-07T21:24:22","date_gmt":"2021-07-07T15:54:22","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=14202"},"modified":"2021-07-07T21:24:22","modified_gmt":"2021-07-07T15:54:22","slug":"forblaze","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/forblaze\/","title":{"rendered":"Forblaze : A Python Mac Steganography Payload Generator"},"content":{"rendered":"\n<p><strong>Forblaze<\/strong> is a project designed to provide steganography capabilities to Mac OS payloads. Using python3, it will build an Obj-C file for you which will be compiled to pull desired encrypted URLs out of the stego file, fetch payloads over https, and execute them directly into memory. It utilizes custom encryption &#8211; it is not cryptographically secure, but purely to thwart analysis by AV engines. It is a slight deviation on my previously built custom encryption for Windows, called Rubicon, and is more simple in practice. Forblaze utilizes header and footer bytes to identify where in the stego file your encrypted bytes are, and then decrypts them with a hard-coded key in compile_forblaze.m. This key can be saved and re-used, with the effect that a different URL could be used to fetch a different payload, and the same compiled forblaze should still be able to execute and process it (provided the header and footer bytes aren&#8217;t changed, and the new stego file is uploaded to the correct location.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Requirements<\/strong><\/p>\n\n\n\n<p>Python3 (only tested with Python3.9+), and some associated Python libraries &#8211; pip3 should take care of any python dependencies you need. In addition, clang will be used for compilation, and forblaze should be run on a mac so that forblaze can be correctly compiled.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Usage<\/strong><\/p>\n\n\n\n<p>usage: forblaze_url.py [-h] [-innocent_path PATH] [-o OUTPUT] [-len_key LENGTH_OF_KEY] [-compile_file COMPILE_FILE] [-url_to_encrypt URL] [-supply_key SUPPLIED_KEY] [-stego_location STEGO_LOCATION] [-compiled_binary COMPILED_BINARY]<\/p>\n\n\n\n<p>Generate stego for implants.<\/p>\n\n\n\n<p>optional arguments:<\/p>\n\n\n\n<p>-h, &#8211;help show this help message and exit<\/p>\n\n\n\n<p>-innocent_path PATH Provide the full path to the innocent file to be used.<\/p>\n\n\n\n<p>-o OUTPUT Provide the path where you want your stego file to be placed.<\/p>\n\n\n\n<p>-len_key LENGTH_OF_KEY Provide a positive integer that will be the length of the key in bytes. Default is 16. Must be between 10 and 150 bytes. You can change this yourself, just be wary that larger key sizes will add bloat to your payload and are not necessarily going to make your encryption stronger<\/p>\n\n\n\n<p>-compile_file COMPILE_FILE Provide the path to the C++ file you want to edit.<\/p>\n\n\n\n<p>-url_to_encrypt URL Provide the URL you want to stick inside the compile file.<\/p>\n\n\n\n<p>-supply_key SUPPLIED_KEY If you wish to use a specific key, provide it here. It must be in the format: -supply_key &#8220;\\x6e\\x60\\x&#8230;&#8221; &#8211; aka two double slashes are needed between each byte, or else it WILL NOT WORK.<\/p>\n\n\n\n<p>-stego_location STEGO_LOCATION You must provide a location on target where the stego file will reside. It is wise to follow strict full paths: \/Users\/&lt;&gt;\/Documents\/file.jpg for example.<\/p>\n\n\n\n<p>-compiled_binary COMPILED_BINARY Give the name of the compiled binary to extract the URL and run code in memory from the stego file. The default is forblaze.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Opsec Concerns<\/strong><\/p>\n\n\n\n<p>Honestly, not too many. Mac OS detections are still pretty poor, especially for in-memory activity. However, as a warning, this method (based almost entirely on&nbsp;<a href=\"https:\/\/blogs.blackberry.com\/en\/2017\/02\/running-executables-on-macos-from-memory\">https:\/\/blogs.blackberry.com\/en\/2017\/02\/running-executables-on-macos-from-memory<\/a>) will NOT WORK FOR GO COMPILED MACHOS. Every other macho I&#8217;ve tested works fine, so if you really want to use Go C2s such as Mythic, I recommend crafting a custom macho which can function similar to osascript, and call a jxa payload in memory directly. As an exercise for the reader, you could also call payload bytes directly vs a URL with some slight modifications to this code.<\/p>\n\n\n\n<p>I would recommend changing this like the number of random bytes generated from the default, and changing the default header and footer bytes that forblaze uses to find the payload in the stego file (as well as the length of those header and footer bytes to perhaps be more inconspicious).<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Detection\/Prevention<\/strong><\/p>\n\n\n\n<p>Steganography is pretty difficult to detect. If you know where the stego file is, you can begin to extract the suspect bytes after the end of the normal file EOF (so after &#8220;FFD9&#8221; for jpegs for example). These suspect bytes will still include the actual encrypted payload and nonsense random bytes, which would be hard to distinguish from each other unless you possess the header and trailing bytes specified by Forblaze. You could look through these bytes and look for patterns of repeating bytes, since this is how the header and footer bytes with forblaze tend to work, but a skilled operator could make that more difficult to find than the default. If a payload is caught you could obviously RE the binary and try to locate the stego file, and then try to use the hard-coded key and headers\/footers to reverse the URL being called (or other bytes). But that all assumes you found the binary by some other means.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Testing<\/strong><\/p>\n\n\n\n<p>This tool has been tested on various versions of Mac OS, including Big Sur and Catalina (x64 systems). Please let me know if you have problems.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Technical Nitty Gritty<\/strong><\/p>\n\n\n\n<p>The custom encryption is a basic Caesar cipher, where different bytes of the key are used to shift the bytes of your plaintext bytes. This is why larger keys aren&#8217;t NECESSARILY better for your encryption &#8211; it depends on the length of your plaintext. If your plaintext is 50 bytes, and you use a 150 byte key, only the first 50 bytes of your key will be used. If your plaintext is &gt; 150 bytes however, the longer keys would be more secure.<\/p>\n\n\n\n<p>The steganography is quite simple: the bytes of your original innocent file are kept the same, and random bytes (along with your encrypted payload bytes) are appended after these bytes. These random bytes are by default anywhere between 2 and 2000 in length (this should likely be changed to fit your plaintext size -&gt; larger plaintexts should mean more random bytes are generated).<\/p>\n\n\n\n<p>The in-memory execution piece is exactly following&nbsp;<a href=\"https:\/\/blogs.blackberry.com\/en\/2017\/02\/running-executables-on-macos-from-memory\">https:\/\/blogs.blackberry.com\/en\/2017\/02\/running-executables-on-macos-from-memory<\/a>, with the simple change that instead of reading payload bytes from an on-disk file, they are read over http\/https. Later I may add a technique which would allow you to execute Go compiled binaries (there are other sources out there which can also help with this), but for this default version Go compiled binaries will not work. This is because for some strange reason Go compiled machos do not utilize LC_MAIN like most machos do in the load commands of the image (if someone knows why, I am all ears).<\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\" href=\"https:\/\/github.com\/asaurusrex\/Forblaze\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Forblaze is a project designed to provide steganography capabilities to Mac OS payloads. Using python3, it will build an Obj-C file for you which will be compiled to pull desired encrypted URLs out of the stego file, fetch payloads over https, and execute them directly into memory. It utilizes custom encryption &#8211; it is not [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16938,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-YNksFyGJMZc\/YOXPc6U2vZI\/AAAAAAAAJ6A\/foQW4uiAC9IldWQgsXD0-2wL-kEyqudpACLcBGAsYHQ\/s728\/Forblaze%25281%2529.png","fifu_image_alt":"Forblaze : A Python Mac Steganography Payload Generator","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[1238,1961,2442,2676],"class_list":["post-14202","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-forblaze","tag-mac-steganography","tag-payload-generator","tag-python"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Forblaze : A Python Mac Steganography Payload Generator<\/title>\n<meta name=\"description\" content=\"Forblaze is a project designed to provide steganography capabilities to Mac OS payloads. Using python3, it will build an Obj-C file.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/forblaze\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Forblaze : A Python Mac Steganography Payload Generator\" \/>\n<meta property=\"og:description\" content=\"Forblaze is a project designed to provide steganography capabilities to Mac OS payloads. Using python3, it will build an Obj-C file.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/forblaze\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-07T15:54:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-YNksFyGJMZc\/YOXPc6U2vZI\/AAAAAAAAJ6A\/foQW4uiAC9IldWQgsXD0-2wL-kEyqudpACLcBGAsYHQ\/s728\/Forblaze%25281%2529.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-YNksFyGJMZc\/YOXPc6U2vZI\/AAAAAAAAJ6A\/foQW4uiAC9IldWQgsXD0-2wL-kEyqudpACLcBGAsYHQ\/s728\/Forblaze%25281%2529.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/forblaze\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/forblaze\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"Forblaze : A Python Mac Steganography Payload Generator\",\"datePublished\":\"2021-07-07T15:54:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/forblaze\/\"},\"wordCount\":1087,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/forblaze\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-YNksFyGJMZc\/YOXPc6U2vZI\/AAAAAAAAJ6A\/foQW4uiAC9IldWQgsXD0-2wL-kEyqudpACLcBGAsYHQ\/s728\/Forblaze%25281%2529.png\",\"keywords\":[\"Forblaze\",\"Mac Steganography\",\"Payload Generator\",\"Python\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/forblaze\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/forblaze\/\",\"name\":\"Forblaze : A Python Mac Steganography Payload Generator\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/forblaze\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/forblaze\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-YNksFyGJMZc\/YOXPc6U2vZI\/AAAAAAAAJ6A\/foQW4uiAC9IldWQgsXD0-2wL-kEyqudpACLcBGAsYHQ\/s728\/Forblaze%25281%2529.png\",\"datePublished\":\"2021-07-07T15:54:22+00:00\",\"description\":\"Forblaze is a project designed to provide steganography capabilities to Mac OS payloads. Using python3, it will build an Obj-C file.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/forblaze\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/forblaze\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-YNksFyGJMZc\/YOXPc6U2vZI\/AAAAAAAAJ6A\/foQW4uiAC9IldWQgsXD0-2wL-kEyqudpACLcBGAsYHQ\/s728\/Forblaze%25281%2529.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-YNksFyGJMZc\/YOXPc6U2vZI\/AAAAAAAAJ6A\/foQW4uiAC9IldWQgsXD0-2wL-kEyqudpACLcBGAsYHQ\/s728\/Forblaze%25281%2529.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Forblaze : A Python Mac Steganography Payload Generator","description":"Forblaze is a project designed to provide steganography capabilities to Mac OS payloads. Using python3, it will build an Obj-C file.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/forblaze\/","og_locale":"en_US","og_type":"article","og_title":"Forblaze : A Python Mac Steganography Payload Generator","og_description":"Forblaze is a project designed to provide steganography capabilities to Mac OS payloads. Using python3, it will build an Obj-C file.","og_url":"https:\/\/kalilinuxtutorials.com\/forblaze\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2021-07-07T15:54:22+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-YNksFyGJMZc\/YOXPc6U2vZI\/AAAAAAAAJ6A\/foQW4uiAC9IldWQgsXD0-2wL-kEyqudpACLcBGAsYHQ\/s728\/Forblaze%25281%2529.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-YNksFyGJMZc\/YOXPc6U2vZI\/AAAAAAAAJ6A\/foQW4uiAC9IldWQgsXD0-2wL-kEyqudpACLcBGAsYHQ\/s728\/Forblaze%25281%2529.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/forblaze\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/forblaze\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"Forblaze : A Python Mac Steganography Payload Generator","datePublished":"2021-07-07T15:54:22+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/forblaze\/"},"wordCount":1087,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/forblaze\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-YNksFyGJMZc\/YOXPc6U2vZI\/AAAAAAAAJ6A\/foQW4uiAC9IldWQgsXD0-2wL-kEyqudpACLcBGAsYHQ\/s728\/Forblaze%25281%2529.png","keywords":["Forblaze","Mac Steganography","Payload Generator","Python"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/forblaze\/","url":"https:\/\/kalilinuxtutorials.com\/forblaze\/","name":"Forblaze : A Python Mac Steganography Payload Generator","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/forblaze\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/forblaze\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-YNksFyGJMZc\/YOXPc6U2vZI\/AAAAAAAAJ6A\/foQW4uiAC9IldWQgsXD0-2wL-kEyqudpACLcBGAsYHQ\/s728\/Forblaze%25281%2529.png","datePublished":"2021-07-07T15:54:22+00:00","description":"Forblaze is a project designed to provide steganography capabilities to Mac OS payloads. Using python3, it will build an Obj-C file.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/forblaze\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/forblaze\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-YNksFyGJMZc\/YOXPc6U2vZI\/AAAAAAAAJ6A\/foQW4uiAC9IldWQgsXD0-2wL-kEyqudpACLcBGAsYHQ\/s728\/Forblaze%25281%2529.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-YNksFyGJMZc\/YOXPc6U2vZI\/AAAAAAAAJ6A\/foQW4uiAC9IldWQgsXD0-2wL-kEyqudpACLcBGAsYHQ\/s728\/Forblaze%25281%2529.png"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-YNksFyGJMZc\/YOXPc6U2vZI\/AAAAAAAAJ6A\/foQW4uiAC9IldWQgsXD0-2wL-kEyqudpACLcBGAsYHQ\/s728\/Forblaze%25281%2529.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":27675,"url":"https:\/\/kalilinuxtutorials.com\/stegowiper\/","url_meta":{"origin":14202,"position":0},"title":"Stegowiper : A Powerful And Flexible Tool To Apply Active Attacks For Disrupting Stegomalware","author":"R K","date":"November 23, 2022","format":false,"excerpt":"Over the last 10 years, many threat groups have employed stegomalware or other steganography-based techniques to attack organizations from all sectors and in all regions of the world. Some examples are: APT15\/Vixen Panda, APT23\/Tropic Trooper, APT29\/Cozy Bear, APT32\/OceanLotus, APT34\/OilRig, APT37\/ScarCruft, APT38\/Lazarus Group, Duqu Group, Turla, Vawtrack, Powload, Lokibot, Ursnif, IceID,\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIbyoK-3JDMkYJSeNGix4hWCCwL2fN7NJRVJLWH850sZu8LE9JhvMivxP8-PuATSuMpS2FaLd38UfKHVdoLwU8e2HQO3tv_onbTRoPfIycdFj3UWZPQFgG7h2K9dX8rhqN2MACqrFXWvuQltvyRPHAUD5mRym7bTR2CJZndMVMIDPepc2EkQuL553z\/s728\/Stegowiper.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIbyoK-3JDMkYJSeNGix4hWCCwL2fN7NJRVJLWH850sZu8LE9JhvMivxP8-PuATSuMpS2FaLd38UfKHVdoLwU8e2HQO3tv_onbTRoPfIycdFj3UWZPQFgG7h2K9dX8rhqN2MACqrFXWvuQltvyRPHAUD5mRym7bTR2CJZndMVMIDPepc2EkQuL553z\/s728\/Stegowiper.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIbyoK-3JDMkYJSeNGix4hWCCwL2fN7NJRVJLWH850sZu8LE9JhvMivxP8-PuATSuMpS2FaLd38UfKHVdoLwU8e2HQO3tv_onbTRoPfIycdFj3UWZPQFgG7h2K9dX8rhqN2MACqrFXWvuQltvyRPHAUD5mRym7bTR2CJZndMVMIDPepc2EkQuL553z\/s728\/Stegowiper.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiIbyoK-3JDMkYJSeNGix4hWCCwL2fN7NJRVJLWH850sZu8LE9JhvMivxP8-PuATSuMpS2FaLd38UfKHVdoLwU8e2HQO3tv_onbTRoPfIycdFj3UWZPQFgG7h2K9dX8rhqN2MACqrFXWvuQltvyRPHAUD5mRym7bTR2CJZndMVMIDPepc2EkQuL553z\/s728\/Stegowiper.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":35259,"url":"https:\/\/kalilinuxtutorials.com\/embedpayloadinpng\/","url_meta":{"origin":14202,"position":1},"title":"EmbedPayloadInPng : A Guide To Embedding And Extracting Encrypted Payloads In PNG Files","author":"Varshini","date":"November 21, 2024","format":false,"excerpt":"Embed a payload within a PNG file by splitting the payload across multiple IDAT sections. Each section is encrypted individually using its own 16-byte key with the RC4 encryption algorithm. Implementation This repository consists of two implementations: EmbedPayloadInPng.py - Python script to embed an input payload to a specified PNG\u2026","rel":"","context":"In &quot;Malware&quot;","block_context":{"text":"Malware","link":"https:\/\/kalilinuxtutorials.com\/category\/malware\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj8BX3AA9oxsLN7Cgg14sPInJ-JgacnJ7_Bl2jtMu5sNQ7Wi4CSRjii8dpIZ0Fnr-sS5lvRjyHomrx-d8xXw5zWO0oIJf29axUlu0yQSyDLrYiW2hEnycst4eMKqxJSJsTyx0ar_Ns09jOoTYC7hpBLTGuGEtPfNGiy6xR_GKxz_9Pyi478yR0PsQqg-pbz\/s1600\/EmbedPayloadInPng.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj8BX3AA9oxsLN7Cgg14sPInJ-JgacnJ7_Bl2jtMu5sNQ7Wi4CSRjii8dpIZ0Fnr-sS5lvRjyHomrx-d8xXw5zWO0oIJf29axUlu0yQSyDLrYiW2hEnycst4eMKqxJSJsTyx0ar_Ns09jOoTYC7hpBLTGuGEtPfNGiy6xR_GKxz_9Pyi478yR0PsQqg-pbz\/s1600\/EmbedPayloadInPng.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj8BX3AA9oxsLN7Cgg14sPInJ-JgacnJ7_Bl2jtMu5sNQ7Wi4CSRjii8dpIZ0Fnr-sS5lvRjyHomrx-d8xXw5zWO0oIJf29axUlu0yQSyDLrYiW2hEnycst4eMKqxJSJsTyx0ar_Ns09jOoTYC7hpBLTGuGEtPfNGiy6xR_GKxz_9Pyi478yR0PsQqg-pbz\/s1600\/EmbedPayloadInPng.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj8BX3AA9oxsLN7Cgg14sPInJ-JgacnJ7_Bl2jtMu5sNQ7Wi4CSRjii8dpIZ0Fnr-sS5lvRjyHomrx-d8xXw5zWO0oIJf29axUlu0yQSyDLrYiW2hEnycst4eMKqxJSJsTyx0ar_Ns09jOoTYC7hpBLTGuGEtPfNGiy6xR_GKxz_9Pyi478yR0PsQqg-pbz\/s1600\/EmbedPayloadInPng.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj8BX3AA9oxsLN7Cgg14sPInJ-JgacnJ7_Bl2jtMu5sNQ7Wi4CSRjii8dpIZ0Fnr-sS5lvRjyHomrx-d8xXw5zWO0oIJf29axUlu0yQSyDLrYiW2hEnycst4eMKqxJSJsTyx0ar_Ns09jOoTYC7hpBLTGuGEtPfNGiy6xR_GKxz_9Pyi478yR0PsQqg-pbz\/s1600\/EmbedPayloadInPng.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj8BX3AA9oxsLN7Cgg14sPInJ-JgacnJ7_Bl2jtMu5sNQ7Wi4CSRjii8dpIZ0Fnr-sS5lvRjyHomrx-d8xXw5zWO0oIJf29axUlu0yQSyDLrYiW2hEnycst4eMKqxJSJsTyx0ar_Ns09jOoTYC7hpBLTGuGEtPfNGiy6xR_GKxz_9Pyi478yR0PsQqg-pbz\/s1600\/EmbedPayloadInPng.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":17479,"url":"https:\/\/kalilinuxtutorials.com\/bantam\/","url_meta":{"origin":14202,"position":2},"title":"Bantam : A PHP Backdoor Management And Generation tool\/C2 Featuring End To End Encrypted Payload Streaming Designed To Bypass WAF, IDS, SIEM Systems","author":"R K","date":"August 19, 2021","format":false,"excerpt":"Bantam is an advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation tool. Features end to end encryption with request unique encryption keys, and payload streaming designed to bypass WAF, IDS, SIEM systems. It incorporates several payload randomization and obfuscation\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1056,"url":"https:\/\/kalilinuxtutorials.com\/stitch-a-cross-python-rat\/","url_meta":{"origin":14202,"position":3},"title":"Stitch A Cross Platform Python Remote Administration Tool","author":"Linumonk","date":"April 27, 2018","format":false,"excerpt":"This is a cross-platform python framework that permits you to create custom payloads for Windows, Mac OSX, and UNIX moreover. you're ready to choose whether or not the payload binds to a selected scientific discipline and port, listens for an association on a port, the choice to send associate degree\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/76fdb962-d37c-11e6-9284-093ad065aeca.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/76fdb962-d37c-11e6-9284-093ad065aeca.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/76fdb962-d37c-11e6-9284-093ad065aeca.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/76fdb962-d37c-11e6-9284-093ad065aeca.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":1769,"url":"https:\/\/kalilinuxtutorials.com\/ctf-scripts-security-tools\/","url_meta":{"origin":14202,"position":4},"title":"CTF &#8211; Some Setup Scripts For Security Research Tools","author":"R K","date":"June 28, 2018","format":false,"excerpt":"CTF is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a hard problem, but it's really nice to have them in one place that's easily deployable to new machines and so forth. The install-scripts for these tools are checked regularly.\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2018\/04\/button_download.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":28246,"url":"https:\/\/kalilinuxtutorials.com\/villain\/","url_meta":{"origin":14202,"position":5},"title":"Villain : Windows And Linux Backdoor Generator And Multi-Session Handler","author":"R K","date":"January 30, 2023","format":false,"excerpt":"Villain is a Windows & Linux backdoor generator and multi-session handler that allows users to connect with sibling servers (other machines running Villain) and share their backdoor sessions, handy for working as a team. The main idea behind the payloads generated by this tool is inherited from HoaxShell. One could\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhJLlxDl9TvXjKKo3h3uSGxhKeTpuEEa9gnUmCO_MbL65UHOCctumnTPcFt24j4B_u9Qdf9Yp_6n_H0NZODXwGl-5o3DJio_y3TEoA5EDCzV6d38-rfmoa0GsW-uuqOh8cEIR2fb2ak3e0mlG6ZgpjMOO35-KfqYKVmKLafc1qlF26da84D5ec7UUdG\/s721\/Villan%281%29.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhJLlxDl9TvXjKKo3h3uSGxhKeTpuEEa9gnUmCO_MbL65UHOCctumnTPcFt24j4B_u9Qdf9Yp_6n_H0NZODXwGl-5o3DJio_y3TEoA5EDCzV6d38-rfmoa0GsW-uuqOh8cEIR2fb2ak3e0mlG6ZgpjMOO35-KfqYKVmKLafc1qlF26da84D5ec7UUdG\/s721\/Villan%281%29.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhJLlxDl9TvXjKKo3h3uSGxhKeTpuEEa9gnUmCO_MbL65UHOCctumnTPcFt24j4B_u9Qdf9Yp_6n_H0NZODXwGl-5o3DJio_y3TEoA5EDCzV6d38-rfmoa0GsW-uuqOh8cEIR2fb2ak3e0mlG6ZgpjMOO35-KfqYKVmKLafc1qlF26da84D5ec7UUdG\/s721\/Villan%281%29.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhJLlxDl9TvXjKKo3h3uSGxhKeTpuEEa9gnUmCO_MbL65UHOCctumnTPcFt24j4B_u9Qdf9Yp_6n_H0NZODXwGl-5o3DJio_y3TEoA5EDCzV6d38-rfmoa0GsW-uuqOh8cEIR2fb2ak3e0mlG6ZgpjMOO35-KfqYKVmKLafc1qlF26da84D5ec7UUdG\/s721\/Villan%281%29.png?resize=700%2C400&ssl=1 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/14202","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=14202"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/14202\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16938"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=14202"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=14202"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=14202"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}