-
Aug 27, 2019
In the beginning it was the wardialing: the scan a block of numbers (dialed with specific software and a modem) often related to a company, in order to find out a fax or a modem response. https://www.youtube.com/watch?v=zb1r_uKOew4 With the advent… read more »
-
Aug 26, 2019
Uff..Facebook announces a new privacy tool and a new Matrix's chapter is coming but…"not all that glitters is gold"! Wait! Did you say "Breaking Bad"? Cybersecurity Apple, what are you doing? iOS 12.4 makes it possible to jailbreak your iPhone… read more »
-
Aug 23, 2019
Do you remember this post about Kazakhstan government attempts to deploy a root certificate in order to start a spying campaign of citizen's HTTPS traffic? Google, Microsoft, and Mozilla are discussing a plan of action... https://www.andreafortuna.org/2019/07/19/kazakhstan-government-begins-intercepting-all-citizens-https-traffic/ Well, good news! Some… read more »
-
Aug 22, 2019
When you start analyzing a Linux memory dump using volatility, the first problem you may need to face is choosing the correct memory profile. In my opinion, the best practice is generate your own profile, using a machine with the… read more »
-
Aug 21, 2019
An interesting article by Luca Bongiorni explains how to create a remote controlled HID injector cable using some simple hardware components easily purchased on online stores (with less then 10$) https://www.youtube.com/watch?v=kmCjYPdNIPM The main idea (for the hardware-side) is to re-use… read more »
-
Aug 20, 2019
The vulnerability resides in the way devices choose an entropy value for encryption keys while establishing a connection: an attacker in close proximity to the victim’s device could intercept or manipulate encrypted Bluetooth traffic between two paired devices. Researchers at… read more »
-
Aug 19, 2019
Some interesting topics from BlackHat and DefCon! Technology Japanese user of Microsoft Excel asks: "Why is the SAVE ICON a 'Vending Machine w/ a Beverage dispensed?' " The save icon is not a vending machine https://twitter.com/fea0er/status/1160099135569063936 Privacy A researcher abused the… read more »
-
Aug 16, 2019
Another World was one of the video games I most loved in my youth. It was also one of the first software on which I had fun to do reverse engineering: with an hexadecimal editor on my Amiga 500 I… read more »
-
Aug 15, 2019
OS X is, in effect, a *nix based system. Therefore the forensic image acquisition processes are very similar to those used on Linux systems.Today I'd like to share my personal acquisition workflow for Apple Mac systems, suitable for OSX before… read more »
-
Aug 14, 2019
Google Project Zero disclosed a vulnerability in CTF, a Microsoft protocol used by all Windows versions since Windows XP that can be exploited with ease. What is CTF? What CTF stands is currently unknown: it is part of of the… read more »
-
Aug 13, 2019
Researchers have discovered that some DSLRs and mirrorless cameras are actually vulnerable to ransomware attacks. Once in range of your camera's WiFi, a bad actor could easily install malware that would encrypt your valuable photos unless you paid for a… read more »
-
Aug 12, 2019
End-to-end encryption is not everything! Yes, WhatsApp implements E2E using the Signal Protocol: The Signal Protocol is a non-federated cryptographic protocol that provides end-to-end encryption for instant messaging conversations. https://en.wikipedia.org/wiki/Signal_Protocol End-to-end encryption ensures that your message is turned into a… read more »
-
Aug 8, 2019
After a post focused on Android, another list of tools useful for penetration testing and reverse engineering of iOS applications.Also all this tools are OSS and freely available. Access Device iProxy Let's you connect your laptop to the iPhone to… read more »
-
Aug 7, 2019
Security researchers at Bitdefender disclosed a new way of exploiting a flaw in Intel chips. Speculative execution attacks As Spectre, Meltdown and other similar attacks, the SWAPGS attack takes advantage of speculative execution, a functionality that seeks to speed-up the… read more »
-
Aug 7, 2019
And some suggestion to hardening your buckets! Google Storage Buckets is a service similar to S3 Buckets and, like the must know Amazon's service, has the same security problems related to uncorrect configurations. Also Google Buckets may expose sensitive data… read more »
-
Aug 5, 2019
On this article on his blog, Bruce Schneier talks on protecting yourself from identity theft. TL;DR: You can’t. You can only prevent criminals from using your personal information, which they almost certainly already have. Bruce Schneier is a cryptographer, privacy… read more »
-
Aug 2, 2019
Some months ago, Speigel Online reported on comments by Germany’s Interior Minister Horst Seehofer, who proposed greater governmental access to end-to-end encrypted communications, such as those by WhatsApp and Telegram. Seehofer proposing greater governmental access to end-to-end encrypted communications, such as those… read more »
-
Aug 1, 2019
Memory analysis on Windows 10 is pretty different from previous Windows versions: a new feature, called Memory Compression, make it necessary a forensic tool able to read compressed memory pages. Windows 10 memory compression Recent releases of Windows 10 include… read more »
-
Jul 31, 2019
Cybersecurity firm Immunity Inc. decided to sell a BlueKeep exploit module capable of full remote code execution as part of its penetration testing toolkit. https://vimeo.com/349688256/aecbf5cac5 https://twitter.com/Immunityinc/status/1153752470130221057 Concerns about malicious usage of this module spreds around the whole cybersecurity community: According… read more »
-
Jul 29, 2019
I'm going on vacation and get offline for a few days to recharge my batteries.
During this time, blog updates will be pretty sporadic.
See you soon!
… read more »