Andrea Fortuna
AboutSearch
Tools
DFIR Toolkit OSINT Toolkit
  • Feb 12, 2020

    CVE-2020-2100: Jenkins servers can be exploited to perform DDoS attacks

    A vulnerability, discovered by Adam Thorn from the University of Cambridge, may allows attacker to abuse internet-facing Jenkins servers to mount and amplify reflective DDoS attacks… read more »
  • Feb 11, 2020

    OWASP Amass: in-depth attack surface mapping and asset discovery

    The #OWASP #Amass Project is tool developed to help information security professionals during the mapping process of attack perimeter. #penetrationtesting #golang #cybersecurity… read more »
  • Feb 7, 2020

    SpiderFoot 3.0: OSINT reconnaissance tool

    SpiderFoot is an OSINT automation tool for reconnaissance process, written in Python 3 and GPL-licensed. Recently, Steve Micallef released on GitHub [1] a new version (3) of SpiderFoot, with a lot of interesting enhancements. Web based UI or CLI Over 170 modules (see… read more »
  • Feb 6, 2020

    CVE-2019-18426: WhatsApp bug allowed remote access to users computers with just a text message

    Recently, developers of famous messaging app acknowledged and patched a major vulnerability that gave malicious users the ability to access files on a victim's computer. A target user may fall prey to this attack simply clicking a disguised link preview… read more »
  • Feb 5, 2020

    Simon Weckert Google Maps Hack: a hoax?

    Is it really possible to create a fake traffic jam on Google Maps? According to ArsTechnica [1] and TheRegister [2], the german artist Simon Wecker realized a performance art piece, named "Google Maps Hacks", walking around the roads of Berlin… read more »
  • Jan 31, 2020

    Some thoughts on Information Technology in a post-apocalyptic environment

    Some funny thoughts about information technology on a post-apocalyptic environment, and some info about a more serious project! When most people think about what to do after an apocalyptic event, the first time that comes to mind is food and… read more »
  • Jan 30, 2020

    CVE-2019-8641: remotely compromising an iPhone through iMessage

    Last December, in a talk at 36th Chaos Communication Congress, Samuel Groß presented a technical report about the infamous iOS vulnerability that allowed remote code execution on all iDevices up to iOS 12.4, within a couple of minutes and without… read more »
  • Jan 29, 2020

    CacheOut - Another day, another CPU attack!

    A team of researchers from University of Michigan (Stephan van Schaik, Marina Minkin, Andrew Kwong and Daniel Genkin) and University of Adelaide (Yuval Yarom) recently presented a new attack technique that targets Intel CPUs. The attack, dubbed CacheOut (CVE-2020-0549), is… read more »
  • Jan 28, 2020

    TLDR #1: Jeff Bezos’ iPhone hack

    Just few words (and links) about this hot topic. The Amazon billionaire Jeff Bezos had his mobile phone “hacked” in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of… read more »
  • Jan 24, 2020

    Some thoughts about SIM Hijacking

    The SIM hijacking, also know as SIM swapping, is an attack where a criminal contacts the cell phone provider of a target user, and convinces it (sometimes involving employees of the phone company) to switch target's account to a SIM… read more »
  • Jan 23, 2020

    DevSecOps: the value of "Security Champions"

    In a previous article [1], I've started to talk about DevSecOps and the concept of "shifting left" security.In order to move security checks to the early steps of development, a great help may be the presence of a security-aware person… read more »
  • Jan 22, 2020

    FBI got data from a locked iPhone 11 using GrayKey: how does this tool work?

    The recent deadly shooting last month at a naval air station in Pensacola, Fla., brought in the spotlight the issue of iOS security: attorney General William P. Barr requested Apple to provide access to two phones used by the killer.… read more »
  • Jan 21, 2020

    Security researcher found a hardcoded SSH Key in Fortinet SIEM appliances

    Security researcher Andrew Klaus, from Cybera, discovered a hardcoded SSH public key in Fortinet’s Security Information and Event Management FortiSIEM that can be used in order to generate a denial of service against the FortiSIEM Supervisor. Fortinet devices share the… read more »
  • Jan 16, 2020

    CVE-2020-0601: a critical Windows vulnerability discovered by...NSA!

    Recently, Microsoft released a patch that fixes a critical vulnerability in the Windows' crypto library. According to the advisory [1]: A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit… read more »
  • Jan 15, 2020

    Some thoughts about "Shift Left" security in DevSecOps

    A popular term in DevOps context is “shift left”: it refers to the effort by a DevOps team to implement measures to guarantee application quality at the most early point in the software development life cycle. In a application security context,… read more »
  • Jan 14, 2020

    CVE-2019-19781: my clippings on the infamous Citrix Netscaler vulnerability

    Many Proof-of-concept exploits has been released for the unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller and Citrix Gateway products. Below a list of useful links/quotes/posts on this topic. The vulnerability The vulnerability (CVE-2019-19781), already packs a double-punch in… read more »
  • Jan 10, 2020

    iOS Forensics: BFU (Before First Unlock) acquisition, using checkra1n

    iOS forensic is quite complex: in many cases, jailbreaking is the only way to gather all most information available in iOS devices. Ok, logical acquisition is easy, safe and it always works: however, this kind of acquisition mostly gives you… read more »
  • Jan 9, 2020

    TikTok fixed several vulnerabilities that could allow hijacking of any account

    Security experts from CheckPoint discovered multiple vulnerabilities in the popular TikTok app that could be chained by remote attackers to hijack any user accounts, execute malicious code on the target system and perform unwanted actions. Those vulnerabilities (that includes SMS… read more »
  • Jan 8, 2020

    Some thoughts about smartphones data extraction

    In an interesting article, editors by Privacy International examines some aspects of digital forensics on mobile phones, from the acquisition process to the data analysis phase. All the topics in the article [1] has been discussed in detail in the… read more »
  • Jan 3, 2020

    Ring camera accounts breach: Amazon blames users, EFF respond!

    Recently, digital intruders entered the Ring surveillance camera in the bedroom of an 8-year-old girl in Mississippi and started talking to her [1], then various other intrusions took place and it emerged that 3600 e-mail addresses, passwords, localizations and other… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andreafortunaig
  • andrea-fortuna

Cybersecurity expert, software developer, experienced digital forensic analyst, musician