Skip to main content
Hidden in the Pixels: LSB Steganography Exfil From an Infected Endpoint operation cover
COMING SOONIntermediate

Hidden in the Pixels: LSB Steganography Exfil From an Infected Endpoint

A LummaC2/Vidar-style infostealer smash-and-grab. A finance analyst was tricked by a fake CAPTCHA (ClickFix) into pasting an mshta command into the Run box, which staged hidden PowerShell, downloaded the Lumma stealer, and harvested browser credentials, cookies, and wallet artifacts. To smuggle the loot out, the operator LSB-encoded the stolen blob into an oversized PNG and uploaded it to a public image host, off the command-and-control channel. Reconstruct the chain from SIEM and perimeter firewall telemetry and classify the key ATT&CK techniques.

55m
7 tasks
50 points
Free

Launches today

Jul 3, 2026

Friday, July 3, 2026 at 9:00 AM

Create your free account

Be ready the moment it drops — free forever.

Training Tools

SIEMFirewall

What you'll investigate

7 objectives unlock when this operation goes live.

1Incident brief
2Identify the initial execution vector
3Trace the delivery host
4Recover the stealer payload hash
5Name the data-concealment technique
6Pin down the carrier file
7Separate the exfiltration from the command channel

Be first when it launches

Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.

Get Started Free

No credit card required — free forever