Nick Chapel (@McCryptoFace) is a red team engineer for a major retailer, but if asked he would tell you that he’s really a purple teamer at heart. After spending a couple years in an incident response role, he turned to the dark side of the Force, where as a red teamer he uses his evil powers for good. His academic background was in religious studies, having done postgraduate research in the field of western esotericism. His many loves include cryptography, mysticism, reverse engineering, puppies, CTF competitions, fin-de-siècle British esoteric movements, lockpicking, the Oxford comma, and popping shells. Also coffee, which makes his enjoyment of all of the other things possible.
Long before it became an infosec capture-the-flag staple, steganography had its birth in the Steganographia of Johannes Trithemius, an early 16th century book of magic and secret writing. Though it remains perhaps the most widely known, this is but one among countless examples of cryptography from the Renaissance and early modern eras used by alchemists, magicians, and dissidents to conceal their hidden knowledge from the prying eyes of the uninitiated. By applying the lens of cyber threat intelligence to the Steganographia and other examples of Renaissance and early modern cryptography, we can give ourselves greater insight into the motivations and threat models that drove subversive actors centuries before PGP was a gleam in Phil Zimmerman’s eyes. As we explore these historical examples through a threat intel lens, I will show how modern-day incident responders and other infosec practitioners can enrich their investigations by applying this same approach to their daily work.