2.2.2 Image, File & Voice Vectors
Threat actors use specific file types, image formats, and voice channels as vectors to deliver payloads or steal sensitive data.
Image and Multimedia Vectors Attackers hide malicious data inside ordinary-looking media to slip past filters. - Steganography: concealing a file or instructions inside another file. Command-and-control (C2) data can be hidden in the pixels of a .jpg or .png. - Malicious metadata: abusing EXIF or other embedded properties to carry scripts or exploit strings. - Image-based social engineering: fake or deepfake profile photos that build trust before credential harvesting.
File-Based Vectors and Cracking Files act both as malware carriers and as tools for cracking credentials. - Dictionary files: lists of common words and passwords (such as "Password123" or "qwerty") fed into automated login attempts. - Rainbow tables: precomputed tables of password hashes that reverse a hash to plaintext far faster than brute force — defeated by salting. - Digital certificates: X.509 files; if a CA is compromised, fraudulent certificates can sign malware or enable on-path (man-in-the-middle) attacks. - Removable media: USB drives remain a primary vector, especially against air-gapped systems.
Voice and Communication Vectors Mobile and IoT connectivity have widened the surface for audio-based attacks. - Vishing (voice phishing): social engineering over phone or VoIP, often with a spoofed Caller ID. - Voice recording and IoT: always-on devices and apps can be abused to eavesdrop on sensitive conversations. - AI / deepfake audio: cloning a target's voice to bypass voice authentication or authorize fraudulent wire transfers.
Quick recall - Dictionary attack → tries a list of likely passwords; relies on predictable human choices. - Rainbow table → precomputed hashes for fast cracking; stopped by salting. - Steganography → hiding data in plain sight inside other files (usually images). - X.509 → the standard format for digital certificates and PKI files. - Vishing → voice-based social engineering, often using Caller ID spoofing.