• Five useful tools for Social Media Intelligence

    Currently it is rare to see an internet user who does not have at least one account on social media sites. People use social media services to post all types of contents online such as photos, videos, text messages, but… read more »
  • If you're a fan of Volatility, you'll love CrowdStrike’s SuperMem

    CrowdStrike released SuperMem, a great tool for automated Windows memory analysis. SuperMem allows analysts to perform quick triage with Volatility 3, but also a full triage with Volatility 2, 3/EVTXtract/memdumping and other resource gathering tools, or a comprehensive triage with… read more »
  • “Handle With Care”: a bit classic, a bit J-Pop

    A few days ago, my new album was released on the major platforms. In the last months I had the opportunity to watch many Anime: I think it influenced the style of the "gifts" I receive at night. In fact,… read more »
  • Cybersecurity Roundup #20

    A lot of vulnerabilities, some cybercrime stuff and a serious privacy concern on Xiaomi phones.… read more »
  • Cybersecurity Roundup #19

    Let's start again with the "Weekly roundup": what happened this week?… read more »
  • How to check Pegasus Spyware on your iPhone

    A recent report by The Pegasus Project, a consortium of non-profit organizations and various journalists, claimed to have discovered a leak of 50.000 phone numbers that likely belong to users who might be victims of the Pegasus spyware, developed by… read more »
  • Some thoughts about Stuxnet

    Some days ago, during a brief memory analisys demonstration with Volatility, I've used a memory dump of a system infected with the "old-but-gold" Stuxnet. But, one of the spectators asked me additional info about this malware, so I decided to… read more »
  • How “Process Ghosting“ works

    The Elastic Security team recently revealed a new technique for malware obfuscation and evasion called Process Ghosting, that allows tampering of in-memory mappings of executable files on Microsoft Windows. The technique [1] is the evolution of already known attack methods… read more »
  • dfir_ntfs: a forensic parser for NTFS filesystems

    NTFS filesystem is a gold mine for forensic analysis on Microsoft Windows systems. There are a lot of tools useful for extract a timeline of the activities on the filesystem, or for search anomalies that identify time stomping events. Recently… read more »
  • “Soundscapes”, my spectral music experimentation

    I've always been fascinated by the works of Gérard Grisey, a french composer pioneer of the Spectralist movement. According to Wikipedia [1], spectral music is …an acoustic musical practice where compositional decisions are often informed by sonographic representations and mathematical analysis of sound spectra, or by mathematically generated… read more »
  • iLEAPP: an iOS logs, events, and plists parser

    iLEAPP is a good iOS forensic tool developed by Alexis Brignoni. It’s composed by a set of python script previously developed by Alexis, collected in a single, useful, tool. iLEAPP [1] is developed in order to help forensic analyst during… read more »
  • iOS Forensics: how to perform a logical acquisition with libimobiledevice

    On iOS devices, due the well-known os restrictions, logical acquisition is the most common type of data extraction during digital forensic investigations. There are a lot of commercial forensic tools able to perform this step, but this type of acquisition… read more »
  • How smartphones reacts to IMSI catching attacks?

    I recently happened to read a research, presented during the ACM WINTECH 2020 conference, related to IMSI Catchers and their exploitation for tracking users of mobile devices. Mobile telephony standards have always used and recorded user's locations: when a user… read more »
  • How to sort and organize files recovered by PhotoRec

    During a forensic analysis, but also during other simple tasks (like helping a friend to recover deleted files), is useful to have a trusted tool to perform file-carving and data recovery. The tool that I prefer to perform this kind… read more »
  • Android Triage: a really useful forensic tool by Mattia Epifani

    Most of forensic acquisition activities on an Android device can be accomplished using the ADB (Android Debug Bridge) tool. However, a lot of commands are required: luckily, the forensic expert Mattia Epifani created a bash script that automatize a lot… read more »
  • How many data are shared by iOS and Android telemetry?

    An academic research, conducted by Professor Douglas J. Leith from Trinity College at the University of Dublin, analyzed traffic originating from iOS and Android devices heading to Apple and Google servers at various stages of a phone’s operation, such as… read more »
  • “L’abbraccio più forte”, by Valerio Berruti

    On March 2020, the Italian artist Valerio Berruti launched the initiative “L’abbraccio più forte” ("The strongest embrace"), with which he undertook to donate one of his drawings to anyone who had made a donation of at least 300 euros to… read more »
  • Didier Stevens: finding Metasploit & Cobalt Strike URLs

    An interesting article and video lesson by security reserarcher Didier Stevens. Cobalt Strike and Metasploit are the offensive security tools most commonly used to host malware command-and-control (C2) servers: both tool allows generation of shellcode for http(s) shells so, during… read more »
  • Coding on iPad Pro: my own setup

    Some months ago, my loved Thinkpad x1 carbon started to have some issues on battery and motherboard. It was an 8 years laptop, so i decided to directly buy a new device for my "personal purposes" (all devices for work… read more »
  • Some useful tips about /dev/tcp

    Just some simple tips that I found very useful. Bash supports read/write operations on a pseudo-device file /dev/tcp/[host]/[port] [1]. Writing to this special file makes bash open a tcp connection to host:port, and this feature may be used for some useful… read more »