Eng Blog Author: Melodie Moorefield-Wilson

Melodie Moorefield-Wilson is Lead Product Security Engineer at Pendo. With over a decade of experience in software, she has had various roles in FinTech, BioTech, and Healthcare. When time allows, you might find her joining in on Capture the Flag competitions, or playing pickleball with her family. She lives in Chapel Hill, North Carolina with her husband and two sons.

Using Gosec to find Insecure Code Patterns

Golang at Pendo

Go and Pendo

From Pendo’s inception, we have felt strongly about using performant, modern tools and languages to build our product with. Go was a conscious choice because it was built on 3 principles that were crucial to Pendo’s success and agility: efficient compilation, efficient execution, and ease of programming. A future blog post will discuss in detail the process of choosing Go, and all considerations that went into the decision-making process. If you would like to know more about Go, click here for a comprehensive FAQ.

A Tour of Steganography – Embedding Payloads in PNG Files

Hiding data in inconspicuous places is not just something the spies of old did to get messages across borders, it is also something that attackers do to exfiltrate data out of vulnerable systems. Attackers may even slip malicious commands past antivirus software. The act of hiding data or malicious commands into regular files is called Steganography – a fascinating discipline that many talented security professionals devote themselves to mastering.

I am going to discuss how to embed payloads into PNG files without corrupting the original file, and how to hide that payload to prevent antivirus from being able to detect it.