On This Page

Escaping Oppression Using Covert Steganography

John Ortiz | July 22-23 & July 24-25


Tired of the NSA (or WikiLeaks) reading your personal emails? Want to know what makes a jpeg tick? Need to exfiltrate data covertly? Want to understand how malware has effectively used data hiding? Want to learn the effectiveness of steganographic detection techniques and what to look for on the bad guy's computer? Then this practical Steganography course is for you!

We'll explore steganography well beyond the common Least Significant Bit techniques. Want to learn about jpeg hiding? We'll hide it many ways. Want to listen to a CD with megabytes of secret data? I'll do the wave with you - Executables, video, and bitmaps too. Or just help you understand how someone can hide from you.

In this course, we'll learn concepts required for understanding steganography, concepts such as data compression, information theory, entropy, human perception, digital imaging and audializaiton, and basic least significant bit hiding/detection techniques. Then we'll explore more advanced steganographic and steganalytic techniques such as high-capacity jpeg hiding, F5, and statistical hiding in audio and video along with detectability. We'll round out the course and explore malware applications, Enterprise protection, covert communications and plausible deniability approaches and techniques. Emphasis is on practical applications and implementation rather than "theory." Scattered throughout are hands-on exercises with custom steganographic and steganalytic programs (including source code for those that want it) that demonstrate the various techniques and effectiveness of detection.

YOU can decide the effectiveness for yourself. Can you see it? Can you hear it? We shall see … or not!

Who Should Take this Course

Anyone fascinated by data hiding/detection techniques. Technical security people interested in broadening their security background and needing to comprehend exfiltration potential. Security managers needing to understand the broad implications of data hiding/detection including how malware may use steganogrpahy, mitigation approaches for Enterprise protection, and plausibly deniable covert communication.

Student Requirements

Students should bring a laptop that can run Windows programs - VM is fine. Any background in data compression, cryptogrpahy, image analysis, executable analysis, programming, and forensics is helpful, but not required to use the programs presented in class or understand the material. The course approach is a broad, practical overview with some technical details but plenty of practical knowledge anyone can learn.

What Students Should Bring

A laptop with Windows or a windows virtual machine.

What Students Will Be Provided With

Students will get a printed copy of course materials (slides) and a CD with sample programs and media.


John Ortiz is currently a senior computer engineering consultant for Harris corporation, working as a reverse exploit engineer. In this position, he analyzes vulnerabilities and develops proof of concept exploits for various software. Prior to working at Harris, he spent 5 years at SRA International and 5 years at General Dynamics developing defense related software, researching data hiding techniques, and analyzing malware. Past presentations at Black Hat, Def Con, and Cyber Crime Conferences continue to generate interest. In a second role, Mr. Ortiz developed and teaches multiple courses at the University of Texas at San Antonio (UTSA) including Steganography and a Reverse Engineering. The Stegaongraphy course covers a broad spectrum of data hiding techniques in both the spatial and transform domains including least significant bit, discrete cosine transform, echo hiding, hiding in executables, and hiding in network protocols. For the course, Mr. Ortiz developed several steganographic programs for testing and analysis which he continues to modify. The Reverse Engineering course makes heavy use of IDA Pro, WinDbg, and other custom programs, to focus on approaches and techniques for analyzing malicious software. Mr. Ortiz holds two master's degrees from the Air Force Institute of Technology, MSEE - Electrical Engineering and MSCE - Computer Engineering, and a BSEE from Rose-Hulman Institute of Technology.