OpenPuff – Professional Steganography Tool

Outsmart Malicious Hackers


OpenPuff is a professional steganography tool, with unique features you won’t find among any other free or commercial software. OpenPuff is 100% free and suitable for highly sensitive data covert transmission.

OpenPuff - Professional Steganography Tool


The tool contains deniable steganography, carrier chains, unique layers of security and obfuscation, multiple carrier formats, is portable and is freeware (ad-free).

Features of OpenPuff Steganography Tool

  • Carrier chains – Data is split among many carriers. Only the correct carrier sequence enables unhiding. Moreover, up to 256Mb can be hidden, if you have enough carriers at disposal. Last carrier will be filled with random bits in order to make it undistinguishable from others.
  • Supported formats – Images, audios, videos, flash, adobe.
  • Layers of security – Data, before carrier injection, is encrypted (1), scrambled (2), whitened (3) and encoded (4).
  • Extra security (Deniable steganography) – Top secret data can be protected using less secret data as a decoy.
  • Source code – This program relies on the libObfuscate system-independent open-source library.

Details of OpenPuff Steganography Tool

  • HW seeded random number generator (CSPRNG)
  • Deniable steganography
  • Carrier chains (up to 256Mb of hidden data)
  • Carrier bits selection level
  • Modern multi-cryptography (16 algorithms)
  • Multi-layered data obfuscation (3 passwords)
  • X-squared steganalysis resistance
  • 256bit+256bit symmetric-key cryptography (with KDF4 password extension)
  • 256bit symmetric-key data scrambling (CSPRNG-based shuffling)
  • 256bit symmetric-key data whitening (CSPRNG-based noise mixing)
  • Adaptive non-linear carrier bit encoding
  • Images (BMP, JPG, PCX, PNG, TGA)
  • Audio support (AIFF, MP3, NEXT/SUN, WAV)
  • Video support (3GP, MP4, MPG, VOB)
  • Flash-Adobe support (FLV, SWF, PDF)
  • Native portable structure (no installation, registry keys, .ini files)
  • Runs in user mode with DEP on
  • Multithread support (up to 16 CPUs) = Faster processing
  • Spyware/adware-free
  • Fully redistributable
  • OpenSource core crypto-library (libObfuscate)

You could also check out more Steganography related tools here:

spectrology – Basic Audio Steganography Tool
StegExpose – Steganalysis Tool For Detecting Steganography In Images

You can download OpenPuff here:

OpenPuff.zip

Or read more here.

Learn about Cryptography



Posted in: Cryptography

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.


8 Responses to Time Warner Hacked – AWS Config Exposes 4M Subscribers

  1. engineer September 7, 2017 at 9:36 pm #

    By default S3 buckets are not public.

    • Darknet September 7, 2017 at 9:59 pm #

      They used to be IIRC, but I could be wrong, well I guess more accurately the easiest way to get access to it programmatically is just to set it to public.

    • Engineer S September 10, 2017 at 10:09 pm #

      Yes, it had to be configured to be open to the web.  This story is not really about AWS.  It’s about bad IT controls and careless engineering.

      I wouldn’t even call this a hack, if it’s left open to the public.

  2. Alan M September 8, 2017 at 8:15 am #

    Broadsoft was responsible for exposing the Time Warner Cable (TWC) data. Time Warner (TC) is an entirely separate entity (TC does NOT = TWC).

    • Darknet September 8, 2017 at 3:48 pm #

      Hey thanks for that clarification Alan.

  3. Tracie September 8, 2017 at 8:17 pm #

    Also time Warner cable is no longer TWC . it is now spectrum.

  4. Ryan Dymek September 8, 2017 at 8:29 pm #

    Buckets have zero access beyond the creator. “Easiest way to grant access is to make it public”… that same statement applies to a cisco firewall in an onprem enterprise. And allow any rule is simple but terribly wrong. IAM or bucket policies are no more complex than any enterprise grade firewall. Lets not excuse the behavior of the admin due to ignorance.

    • Darknet September 8, 2017 at 9:22 pm #

      Not excusing it, just saying it happens that way, same reason by MongoDB worked out of the box with no auth and listening on every interface. Not ideal, but a lot of things are done in the name of ease and speed of deployment rather than looking at it with an eye on risk and the repercussions.

Leave a Reply