Andrea Fortuna
AboutSearch
Tools
DFIR Toolkit OSINT Toolkit
  • Aug 27, 2019

    Cybersecurity Firm Imperva discloses Data Breach: some client info exposed

    Imperva disclosed today a security incident that led data exposure affecting a subset of customers using its Cloud Web Application Firewall (previously known as Incapsula). … read more »
  • Aug 27, 2019

    Warshipping: infiltrate corporate networks using postal service

    In the beginning it was the wardialing: the scan a block of numbers (dialed with specific software and a modem) often related to a company, in order to find out a fax or a modem response. … read more »
  • Aug 23, 2019

    Google, Mozilla and Apple blocks Kazakhstan root CA certificate to fight government's web surveillance

    Do you remember this post about Kazakhstan government attempts to deploy a root certificate in order to start a spying campaign of citizen’s HTTPS traffic? … read more »
  • Aug 22, 2019

    How to generate a Volatility profile for a Linux system

    When you start analyzing a Linux memory dump using volatility, the first problem you may need to face is choosing the correct memory profile. … read more »
  • Aug 21, 2019

    USBSamurai: how to make a remote controlled USB HID injecting cable for less than 10$

    An interesting article by Luca Bongiorni explains how to create a remote controlled HID injector cable using some simple hardware components easily purchased on online stores (with less then 10$) … read more »
  • Aug 20, 2019

    CVE-2019-9506: the Key Negotiation of Bluetooth (KNOB) Attack

    The vulnerability resides in the way devices choose an entropy value for encryption keys while establishing a connection: an attacker in close proximity to the victim’s device could intercept or manipulate encrypted Bluetooth traffic between two paired devices. … read more »
  • Aug 16, 2019

    The Making Of "Another World"

    Another World was one of the video games I most loved in my youth. … read more »
  • Aug 15, 2019

    OS X forensic acquisition: a basic workflow

    OS X is, in effect, a nix based system. Therefore the forensic image acquisition processes are very similar to those used on Linux systems. Today I’d like to share my personal acquisition workflow for Apple Mac systems, *suitable for OSX… read more »
  • Aug 14, 2019

    Microsoft CTF protocol can be exploited on all Windows versions

    Google Project Zero disclosed a vulnerability in CTF, a Microsoft protocol used by all Windows versions since Windows XP that can be exploited with ease. … read more »
  • Aug 13, 2019

    Yep, even your DSLR Camera can be infected with ransomware!

    Researchers have discovered that some DSLRs and mirrorless cameras are actually vulnerable to ransomware attacks. … read more »
  • Aug 12, 2019

    Why WhatsApp (and Telegram) messages are not really private?

    Do you think chatting in WhatsApp is completely private. No, sadly it's not! #privacy #whatsapp #telegram #signal #briar #riotim #metadata #e2e… read more »
  • Aug 8, 2019

    Reverse engineering and penetration testing on iOS apps: my own list of tools

    After a post focused on Android, another list of tools useful for penetration testing and reverse engineering of iOS applications. Also all this tools are OSS and freely available. … read more »
  • Aug 7, 2019

    CVE-2019-1125, "SWAPGS Attack": a new speculative execution side-channel attack

    Security researchers at Bitdefender disclosed a new way of exploiting a flaw in Intel chips. … read more »
  • Aug 7, 2019

    Some useful tools for finding unsecure Google Storage Buckets

    And some suggestion to hardening your buckets! … read more »
  • Aug 5, 2019

    Identity theft prevention? According to Bruce Schneier is basically useless

    Can I avoid identity theft? No, you can't! You can only prevent criminals from using your personal information, which they almost certainly already have. #privacy #cybersecurity #identitytheft #bruceschneier… read more »
  • Aug 2, 2019

    Facebook is working on a backdoor on WhatsApp end-to-end encryption

    Some months ago, Speigel Onlinereported on comments by Germany’s Interior Minister Horst Seehofer, who proposed greater governmental access to end-to-end encrypted communications, such as those by WhatsApp and Telegram. … read more »
  • Aug 1, 2019

    Forensic analysis of Windows 10 compressed memory using Volatility

    Memory analysis on Windows 10 is pretty different from previous Windows versions: a new feature, called Memory Compression, make it necessary a forensic tool able to read compressed memory pages. … read more »
  • Jul 31, 2019

    CVE-2019-0708 "Bluekeep": Immunity Inc. starts to sell a exploit with full RCE capabilities

    Cybersecurity firm Immunity Inc. decided to sell a BlueKeep exploit module capable of full remote code execution as part of its penetration testing toolkit. … read more »
  • Jul 29, 2019

    Yes, even geeks go on vacation!

    I’m going on vacation and get offline for a few days to recharge my batteries. … read more »
  • Jul 27, 2019

    CVE-2019-9848: (un)patched flaw in LibreOffice allows malicious code execution

    This vulnerability, discovered by Nils Emmerich, resides in LibreLogo, a programmable turtle vector graphics script that ships by default with LibreOffice, and still exists in the latest version has been patched in version 6.2.5. … read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andreafortunaig
  • andrea-fortuna

Cybersecurity expert, software developer, experienced digital forensic analyst, musician