signalblur/exifsmugglingpoc: A Proof-of-Concept using Cache Smuggling + Exif data to passively download a second stage payload · GitHub

signalblur/exifsmugglingpoc: A Proof-of-Concept using Cache Smuggling + Exif data to passively download a second stage payload · GitHub

Posted on By safdargal12 No Comments on signalblur/exifsmugglingpoc: A Proof-of-Concept using Cache Smuggling + Exif data to passively download a second stage payload · GitHub
Blog


A Proof-of-Concept evolution of Cache Smuggling. This attack conceals an executable payload inside a JPG’s Exif data. As a result, image caching (such as that of a Web Browser) can be used to passively download the payload.

As a result, the example loader (chrome_poc.ps1) does not need to make any internet requests to fetch the second stage payload.
Instead, it simply extracts it from the Chrome browser’s cache.

For full details see: https://malwaretech.com/2025/10/exif-smuggling

Convert PowerShell Loader to ClickFix Command

python3 build_clickfix_cmd.py --input-file chrome_poc.ps1 --output-file encoded_command.txt --fake-path "C:testdoc.txt"

Embed payload dll inside arbitrary JPG

python3 exif_smuggling.py --input-file image.jpg --output-file payload.jpg --payload hello_world.dll

www/index.html



Source link

Post Views: 6

You may also like

kernalix7/winpodx: Windows pod system for Linux · GitHub
Blog
kernalix7/winpodx: Windows pod system for Linux · GitHub
May 1, 2026
Visa Wants to Let You Give ChatGPT Your Credit Card. What Could Go Wrong?
Blog
Visa Wants to Let You Give ChatGPT Your Credit Card. What Could Go Wrong?
June 12, 2026
Motorola just proved it still doesn’t care about Android updates
Blog
Motorola just proved it still doesn’t care about Android updates
May 4, 2026
Anthropic says ‘evil’ portrayals of AI were responsible for Claude’s blackmail attempts
Blog
Anthropic says ‘evil’ portrayals of AI were responsible for Claude’s blackmail attempts
May 11, 2026

Leave a Reply

Your email address will not be published. Required fields are marked *