 Hey guys, John Hammond here still looking to pkctf 2017. So this challenge coming up next is called little school bus It says can you help me find the data in this little school bus dot BMP? So bitmap the nod here and kind of the the hint and guidance is that this is little school bus or L SB so that acronym you will hear a lot in forensics and kind of the umbrella of that or underneath that is Stegonography trying to hide data and other data trying to mask and Obscure things that you want to keep secret. So even that checking out the hints here that LSB means least Significant bits or trying to hide other data in the very very last bit of every single byte of something So this happens a lot in music or in images where you build tweak just the very very last bit or like the zero or the one at the end of every every every byte in a picture and Put all together all of those bits the very last one in a line or something that will have a special message or a special thing So you can do a whole lot of research on this if you want to look up least significant bits to iconography It's all over the internet It explains it a lot for one thing, but you want an interesting thing steganography Is you're trying to figure out? Okay, how can I actually get this? These bits out and how do I how do I actually? Uncover the data that people are trying to hide in here. So There are tools that allow you to do this a Lot of things are different because they may be trying to hide something in the image for one thing They may be trying to hide text etc. So some of the online tools may just give you an Online image thing that they're trying to detect So let me go ahead and copy this we can I can show it to you in action rather than just trying to talk about it Make directory little school bus W get this guy cool Let's upload him try and unhide or something in here that should be Uploaded now so even if we were checking out with this tool, there's nothing that we're gonna particularly get out of this It's not showing us at least significant bit wise for for text or something that we're trying to get out of it So this tool doesn't help us we may be able to find other tools and stuff for that But one that I've seen that works exceptionally well is called z-steg and that's to find hidden images or hidden information Hidden data in specifically PNG portable network graphics or bitmap Images so it requires Ruby. It's written in Ruby. So you need to use gem to install it So pseudo app install gem if you don't have that Ruby package manager kind of like pip from Python You can gem install z-steg and then there are some options you can give it But it will go ahead and like rip out any text that it finds if it finds text written or pieced together in the File that you give it so I haven't installed already I won't showcase going to install it, but I can if you need to it I think does trip up some people when you're trying to go ahead and get gem ready But it's well worth it if we once you get z-steg set up So you can run it and it will just crank through the entire like picture and it will rip out the flag Just like that z-steg is awesome when you have an LSB your least significant bit challenge. So let's keep that in mind as a flag So that is honestly all I kind of wanted to showcase for that challenge I would point you towards your own research if you want to learn more about least significant bit But I would advocate that that z-steg tool is awesome for when you see that challenge It will just kind of parse out any text or whatever it can find in just those bits that are defined as okay Something that may be manipulated to hide data, but it's one cool trick So now I want to give a shout out to the people that support me on patreon So all of these individuals you are the best. Thank you so much for being Awesome and being willing to do what you do. I appreciate all your support one dollar a month on patreon We'll give you a special shout at the end of every video just like this $5 a month will give you early access to everything I create on YouTube before it gets released Because I tend to record in bulk or in mass and then I'll gradually have YouTube just release it day by day Whatever the case may be so hey if you did like this video, please do leave me a like You may be comment maybe subscribe if you're willing and if you want to support me check me out on patreon or my website www.johnhamman.org thanks You