Skip to main content

Steganography and Steganalysis (TW1)

Instructor: John A. Ortiz

In 2010 the FBI discovered that Russian spies had been using steganography to communicate clandestinely. In 2011, a suspected Al Qaeda member was found to possess a pornographic video with 141 hidden text files containing future plans. How many adversaries using steganography remain undiscovered? Since that time, steganography has been increasingly used by malware to obfuscate communications and to covertly exfiltrate data.

This workshop introduces you to data hiding terminology, background, and concepts and then showcases steganographic and steganalytic techniques. Within each section is a sample program so that attendees can use the software to “see” it in action. How well the data is embedded and extracted, how it’s detected (or not), and how can it be destroyed. YOU can decide their effectiveness for yourself. Can you see it? Can you hear it? We shall see … or not!

Prerequisites: None.

Textbooks: None required, though I can recommend several for interested attendees.

Technical Requirements: The programs used run on Windows so to participate in the hands-on workshop portion, the attendee must have a Windows laptop, a Windows virtual machine or remote access to a Windows machine. The programs do not require installation.


(30 min) L01 - Introduction to Steganography – Terms and Definitions

(30 min) L02 - Background

(30 min) Hands-On using Analysis Tools

  • Math
  • Information Theory
  • Random Numbers
  • Cryptographic Hashing
  • Data Compression Techniques
  • Graphics and Audio Concepts

(50 min) L03 - Basic & Advanced Substitution Techniques

(40 min) Hands-On Using Advanced Steganographic Tools

  • Hiding Using Least Significant Bit (LSB)
  • Hands-on using LSB
  • Bit-Plane Complexity Segmentation (BPCS)
  • Hands-on using BPCS
  • Pixel Value Differencing (PVD)
  • Hands-on Pixel Value Differencing
  • Steganalysis of LSB Techniques
  • Hands-on Detection and Destruction

(50 min) L04 - Hiding in the Transform Domain

(40 min) Hands-On Hiding in Jpeg

  • Detailed JPEG Algorithm
  • Hiding Techniques for Jpeg Images
  • DCT Swap
  • Adaptive DCT LSB

(30 min) Jpeg Hiding/Detection Continued …

  • Hands-On Jpeg Steganalysis

(30 min) L05 - Audio Techniques for Hiding

  • Hiding in Audio
  • Hands-on Hiding in Audio
  • Hands-on Detection

(30 min) L06 – Miscellaneous Hiding Techniques

  • Hiding in Executable
  • Visual Cryptography
  • Video Considerations


John Ortiz is currently a senior computer engineering consultant for L3Harris Inc, applying his reverse engineering skills to various malicious applications. Prior to that he developed defensive tools to protect the Air Force’s internal networks and researched novel techniques to solve practical cyber security problems. Included are autonomous network traffic analysis, malware analysis, security testing and forensics. Prior to working at Harris, he spent 5 years at SRA International and 5 years at General Dynamics developing various defense related software, researching data hiding techniques, and analyzing malware.

Mr. Ortiz also teaches at the University of Texas at San Antonio for the Computer Science and Electrical and Computer Engineering Departments. He teaches a broad spectrum of courses including microcomputers, microelectronic circuits, solid state device physics, C++ and Data Structures, Computer Organization, Computer Architecture, steganography, and reverse engineering. Additionally, Mr. Ortiz specifically developed Steganography and Reverse Engineering courses for UTSA. Steganography covers a broad spectrum of data hiding techniques in both the spatial and transform domains. Additionally, Mr. Ortiz developed several steganographic programs for testing and analysis. The Reverse Engineering course covers Intel x86 and the use of tools to analyze application programs.

Prior to working in the private sector, Mr. Ortiz served in the U.S. Air Force for 12 years as a communications officer. In this role he developed and maintained database software, managed various Air Force missions, and taught a 7 week network course.

Mr. Ortiz holds two master’s degrees from the Air Force Institute of Technology, one in Electrical Engineering and one in Computer Engineering and a BSEE from Rose-Hulman Institute of Technology.