RSS

Exif Smuggling

rolph1 pts0 comments

GitHub - signalblur/exifsmugglingpoc: A Proof-of-Concept using Cache Smuggling + Exif data to passively download a second stage payload · GitHub

/" data-turbo-transient="true" />

Skip to content

Search or jump to...

Search code, repositories, users, issues, pull requests...

-->

Search

Clear

Search syntax tips

Provide feedback

--><br>We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Cancel

Submit feedback

Saved searches

Use saved searches to filter your results more quickly

-->

Name

Query

To see all available qualifiers, see our documentation.

Cancel

Create saved search

Sign in

/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up

Appearance settings

Resetting focus

You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

{{ message }}

signalblur

exifsmugglingpoc

Public

forked from MalwareTech/ExifSmugglingPoC

Notifications<br>You must be signed in to change notification settings

Fork

Star

main

BranchesTags

Go to file

CodeOpen more actions menu

Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit

History<br>8 Commits<br>8 Commits

www

www

README.md

README.md

build_clickfix_cmd.py

build_clickfix_cmd.py

chrome_poc.ps1

chrome_poc.ps1

exif_smuggling.py

exif_smuggling.py

View all files

Repository files navigation

Exif Smuggling

A Proof-of-Concept evolution of Cache Smuggling. This attack conceals an executable payload inside a JPG's Exif data. As a result, image caching (such as that of a Web Browser) can be used to passively download the payload.

As a result, the example loader (chrome_poc.ps1) does not need to make any internet requests to fetch the second stage payload.<br>Instead, it simply extracts it from the Chrome browser's cache.

For full details see: https://malwaretech.com/2025/10/exif-smuggling

Example Usage

Convert PowerShell Loader to ClickFix Command

python3 build_clickfix_cmd.py --input-file chrome_poc.ps1 --output-file encoded_command.txt --fake-path "C:\test\doc.txt"

Embed payload dll inside arbitrary JPG

python3 exif_smuggling.py --input-file image.jpg --output-file payload.jpg --payload hello_world.dll

Example Phishing page

www/index.html

About

A Proof-of-Concept using Cache Smuggling + Exif data to passively download a second stage payload

Resources

Readme

Uh oh!

There was an error while loading. Please reload this page.

Activity

Stars

star

Watchers

watching

Forks

forks

Report repository

Releases

No releases published

Packages

Uh oh!

There was an error while loading. Please reload this page.

Contributors

Uh oh!

There was an error while loading. Please reload this page.

Languages

Python<br>53.9%

HTML<br>35.4%

PowerShell<br>10.7%

You can’t perform that action at this time.

payload exif smuggling reload search file

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.