Andrea Fortuna
AboutRss
  • Aug 7, 2019

    Some useful tools for finding unsecure Google Storage Buckets

    And some suggestion to hardening your buckets! Google Storage Buckets is a service similar to S3 Buckets and, like the must know Amazon's service, has the same security problems related to uncorrect configurations. Also Google Buckets may expose sensitive data… read more »
  • Aug 5, 2019

    Identity theft prevention? According to Bruce Schneier is basically useless

    On this article on his blog, Bruce Schneier talks on protecting yourself from identity theft. TL;DR: You can’t. You can only prevent criminals from using your personal information, which they almost certainly already have. Bruce Schneier is a cryptographer, privacy… read more »
  • Aug 2, 2019

    Facebook is working on a backdoor on WhatsApp end-to-end encryption

    Some months ago, Speigel Online reported on comments by Germany’s Interior Minister Horst Seehofer, who proposed greater governmental access to end-to-end encrypted communications, such as those by WhatsApp and Telegram. Seehofer proposing greater governmental access to end-to-end encrypted communications, such as those… read more »
  • Aug 1, 2019

    Forensic analysis of Windows 10 compressed memory using Volatility

    Memory analysis on Windows 10 is pretty different from previous Windows versions: a new feature, called Memory Compression, make it necessary a forensic tool able to read compressed memory pages. Windows 10 memory compression Recent releases of Windows 10 include… read more »
  • Jul 31, 2019

    CVE-2019-0708 "Bluekeep": Immunity Inc. starts to sell a exploit with full RCE capabilities

    Cybersecurity firm Immunity Inc. decided to sell a BlueKeep exploit module capable of full remote code execution as part of its penetration testing toolkit. https://vimeo.com/349688256/aecbf5cac5 https://twitter.com/Immunityinc/status/1153752470130221057 Concerns about malicious usage of this module spreds around the whole cybersecurity community: According… read more »
  • Jul 29, 2019

    Yes, even geeks go on vacation!

    I'm going on vacation and get offline for a few days to recharge my batteries. During this time, blog updates will be pretty sporadic. See you soon! … read more »
  • Jul 28, 2019

    My Weekly RoundUp #103

    Last weekly roundup before my vacation: my last respect to an iconic actor, some privacy troubles for Apple Siri and a new interesting production from Hulu. INBOX Regarding GDPR CLI (a command line tool for checking websites GDPR compliancy), Lucy… read more »
  • Jul 27, 2019

    CVE-2019-9848: (un)patched flaw in LibreOffice allows malicious code execution

    This vulnerability, discovered by Nils Emmerich, resides in LibreLogo, a programmable turtle vector graphics script that ships by default with LibreOffice, and still exists in the latest version has been patched in version 6.2.5. LibreLogo allows users to specify pre-installed… read more »
  • Jul 26, 2019

    Software Developers and Security: a love-hate relationship

    Recently, GitLab performed a survey on over 4,000 developers and operators, with interesting results. This year, over 4,000 respondents – across various industries, roles, and geographic locations – candidly shared their experiences, helping us uncover what software professionals require in… read more »
  • Jul 25, 2019

    How to retrieve hard disk information and properties with WMIC and lsblk

    A couple of very brief tip, useful during a forensic acquisition. During the initial phase of a digital forensic investigation, a lot of information about target systems need to be collected. One of this item are the information about the… read more »
  • Jul 24, 2019

    No, your browser "Incognito Mode" can't stop Facebook and Google track your porn habits!

    Yes, that's an uncomfortable topic! A team of researchers (Elena Maris, Timothy Libert and Jennifer Henrichsen) from Microsoft, the University of Pennsylvania, and Carnegie Mellon have revealed a study showing that Google and Facebook are keeping tabs on user's porn… read more »
  • Jul 23, 2019

    QCSuper: A tool for capturing 2G/3G/4G air traffic on Qualcomm-based phones

    QCSuper is a tool allowing to capture raw 2G/3G/4G radio frames, generating PCAP captures using Qualcomm-based phones and modems. Lately, I have been playing with a 3G dongle – a small USB device enabling to connect to the mobile Internet.… read more »
  • Jul 22, 2019

    My Weekly RoundUp #102

    What happened last week? 50 years since the moon landing, 4 trailers from San Diego Comic-Con, 7.5 Terabytes of secret data and a proper recognition to the father of computer science! 50 years ago, NASA’s Apollo 11 mission changed our… read more »
  • Jul 21, 2019

    The SyTech Hack: a brief screenshot-based attack analysis

    Last weekend, on July 13, a group of hackers going by the name of 0v1ru$ hacked into Active Directory server of SyTech, a contractor for FSB, Russia's national intelligence service.From this server they gained access to the company's entire network,… read more »
  • Jul 19, 2019

    Kazakhstan government begins intercepting all citizens’ HTTPS traffic

    Do you want to know the reason why? To "protect them from cyber threats"! Kazakhstan government has started intercepting all HTTPS internet traffic inside its borders, starting July 17. Governement instructed local ISPs to force their users into installing a… read more »
  • Jul 19, 2019

    FaceApp privacy concerns: is it safe to use the app that make yourself look older?

    It's the killer app of the last weeks, but FaceApp has been giving people the power to change their facial expressions, looks, and now age, since 2017. But at the same time, people have been giving FaceApp the power to… read more »
  • Jul 18, 2019

    Reverse engineering and penetration testing on Android apps: my own list of tools

    This list of tools is really useful both in penetration testing on an Android application and in reverse engineering of a suspicious application.All tools are OSS and freely available: so, enjoy! Reverse Engineering APKInspector GUI tool for analysis of Android… read more »
  • Jul 17, 2019

    Elon Musk unveils Neuralink: tiny wires in the brain to read electrical pulses and let humans 'merge with computers'

    Ok, it sounds like science fiction, but it's not.At its presentation at the California Academy of Sciences, Elon Musk‘s revealed that brain-computer interface company Neuralink its plans to begin human trials of its neuron-reading technology next year. The company has… read more »
  • Jul 17, 2019

    Commando VM: a full Windows-based penetration testing virtual machine distribution

    Months ago, I published a post about Flare VM, a project by Fireeye/Mandiant researcher focused on the creation of a Windows-based security distribution for malware analysis. Recently, Fireeye released a similar project: another windows-based distribution, but this time dedicated to… read more »
  • Jul 16, 2019

    Zoom RCE vulnerability also affects RingCentral and Zhumu

    UPDATE: Apple has sent out a silent security update to Macs to remove software that was automatically installed by RingCentral and Zhumu.(https://www.theverge.com/2019/7/16/20696529/apple-mac-silent-update-zoom-ringcentral-zhumu-vulnerabilty-patched) I've already written something about Zoom vulnerabilities (CVE-2019-13576, CVE-2019-13586) in my WeeklyRoundup, but today the security researcher Karan… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andreafortunaig
  • andrea-fortuna
  • andrea
  • andreafortunatw

Cybersecurity expert, software developer, experienced digital forensic analyst, musician