Realistic data embedding limitations

[exaybachay-ak]

While PowerSteg can and will embed as much data as an image will hold, it gets prohibitively slow to do so after about 15kb.

In my testing, adding a 15kb file took 93 minutes, or an hour and a half to complete.

I also tested with files ranging from 1kb to 15kb in 1kb increments, and the time it took to finish was exponentially slower each step up in size. My guess is that a 20kb file would take close to 6 hours to complete.

At this point I need to either figure out a way to dramatically improve performance (like collapsing 3 loops into just one loop?) or consider this application useful only for command and control applications, and work on a separate program for data exfiltration.

[exaybachay-ak]

Just retooled a loop that improved performance by 20%.

I would argue that it is still not fast enough to expect exfiltration of normal amounts of data (100kb spreadsheets for example).

I still believe that there either needs to be a different loop structure (collapse 3 loops into 1) to make this perform adequately. If doing this does not improve performance substantially, I will close this issue and work towards a different exfiltration method, leaving PowerSteg to only handle command and control.

[exaybachay-ak]

Found a different way to improve performance (got about 800% faster).

Changed arrays from using the PowerShell method ( @() ) to using the .NET method (System.Collections.Generic.List or System.Collections.ArrayList).

Performance is about as good as it will get. Realistic limitations are about 1MB of data - after that it will take hours and days to fully ensteg files, which IMO is not realistic.

400KB of data takes about 3 hours. 1MB will likely take 1 day to ensteg into a file.

Will ask around and determine whether or not this is a realistic method for exfiltrating data out of networks. It seems like it could be useful in limited instances, but it also seems like it could be a limiting factor that would get in the way of success on an engagement.