-
Sep 7, 2019
There’s been a lot of discussion about BlueKeep, a security hole in the Windows Remote Desktop Protocol that allows a remote attacker to access your machine. https://twitter.com/GossiTheDog/status/1170014744176148481 According to this article by Brent Cook on the Rapid7 site: Today, Metasploit… read more »
-
Sep 6, 2019
KolibriOS is an open source operating system with a monolithic preemptive kernel, video drivers, for 32-bit x86 architecture computers. The entire operating system with a good set of application fits into a 1.44 Mb Floppy Disk. The project is an… read more »
-
Sep 5, 2019
Researchers at CheckPoint said that over half of all Android handsets are vulnerable to a over-the-air (OTA) SMS phishing attack that could allow an attacker to route all internet traffic through a rogue proxy that can sniff traffic and steal… read more »
-
Sep 4, 2019
Are you a privacy obsessed? You can do everything in your power to avoid being tracked through your phone, such as change OS, avoid Google's services, only use open-source apps from F-Droid, turn off WiFi and location services but…there is… read more »
-
Sep 3, 2019
Michał Brygidyn is an AWS DevOps engineer with AWS Certified Security and a security researcher with CompTIA Security+ certification. In this post on the PGS Software Blog, he shares some interesting tips about Cloud Security on AWS. ...the Cloud is safe. The… read more »
-
Sep 2, 2019
Also this week, a lot of SciFi news! Entertainment Elliot is coming back! Mr. Robot’s fourth and final season gets an October 6th premiere date in new trailer https://www.youtube.com/watch?v=9Hmb33a7ATM The new trailer for the upcoming season — like the first season… read more »
-
Aug 30, 2019
Security researchers from Google’s Project Zero team say they have discovered a number of compromized websites which used previously undisclosed security flaws to attack any iPhone that visited them. "There was no target discrimination; simply visiting the hacked site was… read more »
-
Aug 30, 2019
Okay, this is the third post dedicated to Another World (previous are this and this): I think now it's clear how much I appreciate this game. In any case, I also love software developing and computer archaeology, so when I've… read more »
-
Aug 29, 2019
During a penetration test, once you get a local access to a target, you should start a local assessment of the machine in order to plan a correct tactic for privileges escalation and lateral movement. So, today l'd like to… read more »
-
Aug 28, 2019
Credit card skimming is a type of credit card theft performed using a small device to steal credit card information during a legitimate credit card transaction. How skimmers works? When a credit or debit card is swiped through a skimmer,… read more »
-
Aug 27, 2019
Imperva disclosed today a security incident that led data exposure affecting a subset of customers using its Cloud Web Application Firewall (previously known as Incapsula). The data exposure incident is limited only to the Cloud WAF, according the blog post… read more »
-
Aug 27, 2019
In the beginning it was the wardialing: the scan a block of numbers (dialed with specific software and a modem) often related to a company, in order to find out a fax or a modem response. https://www.youtube.com/watch?v=zb1r_uKOew4 With the advent… read more »
-
Aug 26, 2019
Uff..Facebook announces a new privacy tool and a new Matrix's chapter is coming but…"not all that glitters is gold"! Wait! Did you say "Breaking Bad"? Cybersecurity Apple, what are you doing? iOS 12.4 makes it possible to jailbreak your iPhone… read more »
-
Aug 23, 2019
Do you remember this post about Kazakhstan government attempts to deploy a root certificate in order to start a spying campaign of citizen's HTTPS traffic? Google, Microsoft, and Mozilla are discussing a plan of action... https://www.andreafortuna.org/2019/07/19/kazakhstan-government-begins-intercepting-all-citizens-https-traffic/ Well, good news! Some… read more »
-
Aug 22, 2019
When you start analyzing a Linux memory dump using volatility, the first problem you may need to face is choosing the correct memory profile. In my opinion, the best practice is generate your own profile, using a machine with the… read more »
-
Aug 21, 2019
An interesting article by Luca Bongiorni explains how to create a remote controlled HID injector cable using some simple hardware components easily purchased on online stores (with less then 10$) https://www.youtube.com/watch?v=kmCjYPdNIPM The main idea (for the hardware-side) is to re-use… read more »
-
Aug 20, 2019
The vulnerability resides in the way devices choose an entropy value for encryption keys while establishing a connection: an attacker in close proximity to the victim’s device could intercept or manipulate encrypted Bluetooth traffic between two paired devices. Researchers at… read more »
-
Aug 19, 2019
Some interesting topics from BlackHat and DefCon! Technology Japanese user of Microsoft Excel asks: "Why is the SAVE ICON a 'Vending Machine w/ a Beverage dispensed?' " The save icon is not a vending machine https://twitter.com/fea0er/status/1160099135569063936 Privacy A researcher abused the… read more »
-
Aug 16, 2019
Another World was one of the video games I most loved in my youth. It was also one of the first software on which I had fun to do reverse engineering: with an hexadecimal editor on my Amiga 500 I… read more »
-
Aug 15, 2019
OS X is, in effect, a *nix based system. Therefore the forensic image acquisition processes are very similar to those used on Linux systems.Today I'd like to share my personal acquisition workflow for Apple Mac systems, suitable for OSX before… read more »