Here are some documents to help you understand some file formats/headers, for file format fuzzing purpose:

WAVE PCM soundfile format (RIFF)
https://ccrma.stanford.edu/courses/422/projects/WaveFormat/

ZIP File format specification
http://www.pkware.com/documents/casestudies/APPNOTE.TXT

MPEG File format
http://www.mpgedit.org/mpgedit/mpeg_format/mpeghdr.htm#MPEGTAG

GZip File format
http://www.gzip.org/zlib/rfc-gzip.html

SWF File format
http://the-labs.com/MacromediaFlash/SWF-Spec/SWFfileformat.html

TIFF File format
http://www.awaresystems.be/imaging/tiff/faq.html

EXIF File format
http://www.media.mit.edu/pia/Research/deepview/exif.html

ID3Tag File format (v.2.3.0)
http://www.id3.org/id3v2.3.0

PNG File format (v1.2)
http://www.libpng.org/pub/png/spec/1.2/PNG-Contents.html

PDF File format
http://www.printmyfolders.com/understanding-pdf

PLS/M3U File format
http://forums.winamp.com/showthread.php?threadid=65772
http://www.assistanttools.com/articles/pls_playlist_format.shtml (PLS)
http://www.assistanttools.com/articles/m3u_playlist_format.shtml (M3U)

RAR File format
http://www.win-rar.com/index.php?id=24&kb_article_id=162

(to be updated…)

About the Author modpr0be

Thomas Gregory (modpr0be) saat ini adalah direktur dan pemilik PT Spentera, sebuah perusahaan yang fokus dalam bidang penetration test, incident response, intrusion analysis and forensic investigation. Saya sering memberikan konsultasi tentang strategi keamanan kepada investor, mitra, dan pelanggan. Di sela-sela pekerjaannya, penulis memberikan materi dalam bentuk pelatihan dan kontribusi komunitas dalam bentuk seminar, workshop, dan diskusi dengan berbagai topik seperti teknik peretasan, teknik eksploitasi, dan analisis intrusi. Saya juga berkontribusi untuk repositori eksploit Metasploit Framework sebagai pengembang kode eksploit. Saat ini saya memegang sertifikasi dari Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), ISO/IEC ISMS 27001: 2013 Lead Auditor/Auditor, GIAC Certified Intrusion Analyst (GCIA), dan Offensive Security Exploitation Expert (OSEE). Jika ingin menghubungi saya dapat melalui email di tom at spentera dot id.

Tinggalkan Balasan

Please log in using one of these methods to post your comment:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout /  Ubah )

Foto Google

You are commenting using your Google account. Logout /  Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout /  Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout /  Ubah )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d blogger menyukai ini: