Skip to content
HN On Hacker News ↗

GitHub - signalblur/exifsmugglingpoc: A Proof-of-Concept using Cache Smuggling + Exif data to passively download a second stage payload

▲ 105 points 28 comments by rolph 5w ago HN discussion ↗

Pangram verdict · v3.3

We believe that this document is fully human-written

0 %

AI likelihood · overall

Human
100% human-written 0% AI-generated
SEGMENTS · HUMAN 1 of 1
SEGMENTS · AI 0 of 1
WORD COUNT 107
PEAK AI % 0% · §1
Analyzed
Jun 9
backend: pangram/v3.3
Segments scanned
1 windows
avg 107 words each
Distribution
100 / 0%
human / AI fraction
Verdict
Human
Pangram v3.3

Article text · 107 words · 1 segments analyzed

Human AI-generated
§1 Human · 0%

A Proof-of-Concept evolution of Cache Smuggling. This attack conceals an executable payload inside a JPG's Exif data. As a result, image caching (such as that of a Web Browser) can be used to passively download the payload. As a result, the example loader (chrome_poc.ps1) does not need to make any internet requests to fetch the second stage payload. Instead, it simply extracts it from the Chrome browser's cache. For full details see: https://malwaretech.com/2025/10/exif-smuggling Example Usage Convert PowerShell Loader to ClickFix Command python3 build_clickfix_cmd.py --input-file chrome_poc.ps1 --output-file encoded_command.txt --fake-path "C:\test\doc.txt" Embed payload dll inside arbitrary JPG python3 exif_smuggling.py --input-file image.jpg --output-file payload.jpg --payload hello_world.dll Example Phishing page www/index.html