Abstract
Teaching offensive security (ethical hacking) is becoming a required component of information security curricula to develop better cybersecurity practitioners. Many academics and industry professionals believe that a good knowledge of the attacks a system can face is required to protect a system. The early detection of an attack is critical to effectively defending a system. We can't wait for threats to be discovered in the wild to begin planning our defenses. For our study, we designed and developed an offensive model that aims to remain concealed in an image until it reaches the target location. Our attack approach exploits image steganography, which involves embedding malicious code and a geolocation code into a digital image. This study aimed to discover new ways to attack computer systems and stimulate awareness of such attacks among browser developers, thus encouraging them to handle images with more care. In our experiments, both stego-image analysis and geolocation techniques are tested. Our experience has confirmed that converting indiscriminate attacks into targeted attacks is possible.