Scribd Logo
Upload

Welcome to Scribd!

  • Lab 1 - File Signature Analysis

    Uploaded by

    Gheorghe Rotari
    280 views3 pages
    This lab teaches students to analyze file signatures to determine if a file has a mismatched extension by hiding the true file type. Students are instructed to open various files after renaming them to the correct extension based on the first four bytes of the file signature. The files include images, PDFs, GIFs, archives containing other files, and HTML pages.

    Original Description:

    Original Title

    Lab1ITII.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This lab teaches students to analyze file signatures to determine if a file has a mismatched extension by hiding the true file type. Students are instructed to open various files after renaming them to the correct extension based on the first four bytes of the file signature. The files include images, PDFs, GIFs, archives containing other files, and HTML pages.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    280 views3 pages

    Lab 1 - File Signature Analysis

    Uploaded by

    Gheorghe Rotari
    This lab teaches students to analyze file signatures to determine if a file has a mismatched extension by hiding the true file type. Students are instructed to open various files after renaming them to the correct extension based on the first four bytes of the file signature. The files include images, PDFs, GIFs, archives containing other files, and HTML pages.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 3

    Lab 1 – File Signature Analysis

    This lab is designed to teach the students to determine if a file has a mismatched file extension,
    a common method attackers use to deliver malware successfully through firewalls and to hide
    it from the typical user.

    For this lab, install the ICY Hexplorer hex editor (hex_setup26.exe) and WinRAR (wrar550.exe)
    from the Lab 1 folder. Launch ICY Hexplorer and change the font (View > Options… > Font:
    System Fixed Font). To answer the following questions drag each file into ICY Hexplorer. Use
    “File Signatures.htm1” as a reference for the file signatures. HINT: Search for the hex characters
    of the header.

    1. file1

    First four bytes: FF D8 FF E1
    File Extension/Type: JPG Digital camera JPG using Exchangeable Image File Format (EXIF) 

    Rename the file with the correct extension and open it. What is it?
    Poză “INCOMING”

    2. file2

    First four bytes: 25 50 44 46

    File Extension/Type: PDF, FDF, AI Adobe Portable Document Format, Forms Document
    Format, and Illustrator graphics files
    Rename the file with the correct extension and open it. What is it?
    Document pdf întitulat “On the Effectiveness of Malware Protection on Android”

    3. file3

(hint: get from file7)


    First four bytes: 47 49 46 38
    File Extension/Type: GIF Graphics interchange format file

    Rename the file with the correct extension and open it. What is it?
    Imagine cu textul “THIS IS A BREACH NOTICE
    ONLY YOU CAN HELP PREVENT MALWARE FIRES”

    1 https://www.garykessler.net/library/file_sigs.html
    4. file4

    First four bytes: 4D 5A 90 00

    File Extension/Type: ZAP ZoneAlam data file
    Rename the file with the correct extension and open it. What is it?
    Nu se deschide.

    5. file5

    First four bytes: 49 54 53 46

    File Extension/Type: CHI, CHM Microsoft Compiled HTML Help File

    Rename the file with the correct extension and open it. What is it?
    SQL Server Configuration Manager Help

    6. file6

    First four bytes: D0 CF 11 E0

    File Extension/Type: DOC, DOT, PPS, PPT, XLA, XLS, WIZ

    Rename the file with the correct extension and open it. What is it?
    Meniu la “Brick Oven Pizzas”

    7. file7

    First four bytes: 50 4B 03 04

    File Extension/Type: ZIP ZLock Pro encrypted ZIPRename the file with the correct
    Rename the file with the correct extension and open it. What is it?
    2 fişiere arhivate: file3 şi file8

    8. file8


(hint: get from file7)


    First four bytes: 3C 68 74 6D

    File Extension/Type: HTML File

    Rename the file with the correct extension and open it. What is it?
    Pagină web cu instrucţiuni pentru achiziţionarea Winrar sau Rar licenţiat

    You might also like