Andrea Fortuna
AboutRss
  • Nov 29, 2017

    How to build a simple Echo Bot on Telegram using hook.io and Python

    Please note: This article has been written almost a year ago: in this months a lot of updates and bugfixes has been rolled up on hook.io infrastructure.So it's quite possible that the code snippets related to hook.io do not work correctly.I… read more »
  • Nov 28, 2017

    CVE-2017-16943: Exim Remote Code Execution Vulnerability

    Two vulnerabilities and an exploit POC impacting the Exim MTA have been publicly disclosed, identified as CVE-2017-16943 & CVE-2017-16944 The vulnerabilities could allow remote attackers to execute arbitrary code or cause a denial of service via vectors involving BDAT commands.… read more »
  • Nov 27, 2017

    How a malware can download a remote payload and execute malicious code...in one line?

    This post on arno0x0x's blog is awesome: an accurate analysis of some 'one-line commands' that can be used on a windows system in order to download a malicious payload and execute it. The examples are developed using several script languages,… read more »
  • Nov 24, 2017

    How to recover a broken FAT filesystem using FatCat

    FatCat is a tool designed to manipulate FAT filesystems, in order to explore, extract, repair, recover and forensic them. FatCat is developed and mantained by Grégoire Passault, and currently supports FAT12, FAT16 and FAT32. (more information about FAT filesystem here)… read more »
  • Nov 23, 2017

    CVE-2017-14746: you need to patch your Samba as soon as possible!

    A fresh advisory from SAMBA.org: All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer.… read more »
  • Nov 22, 2017

    RunPE: a practical example of Process Hollowing technique

    About the "Process Hollowing" i have already written some posts (like this). However, i've never published any practical example. So, today i want to quote this interesting article where Tigzy explains the process hollowing with a brief code snippet. in… read more »
  • Nov 20, 2017

    Securing your system with Quad9 DNS

    Quad9 is a free security solution that uses DNS to protect systems against the most common cyber threats. Its is developed in collaboration with IBM, Packet Clearing House and Global Cyber Alliance. How it works? Quad9 routes your DNS queries… read more »
  • Nov 18, 2017

    Things to watch: NOTHING TO HIDE - The documentary about surveillance and you

    NOTHING TO HIDE  is an independent documentary dealing with surveillance and its acceptance by the general public through the "I have nothing to hide" argument. The documentary is written, produced and directed by two journalists living in Berlin, Marc Meillassoux… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andrea-fortuna
  • andrea

Cybersecurity expert, software developer, experienced digital forensic analyst, musician