Andrea Fortuna
AboutRss
  • Jan 6, 2018

    In-Spectre-Meltdown: a PoC for Meltdown and Spectre vulnerabilities

    In-Spectre-Meltdown is a PoC developed by Viral Maniar using Python and Powershell to check speculative execution side-channel attacks that affect many modern processors and operating systems designs that allows unprivileged processes to steal secrets from privileged processes. This tool is based on… read more »
  • Jan 5, 2018

    Meltdown and Spectre: what we know about the vulnerabilities in CPUs?

    In the last hours, the vulnerabilities of the CPU have had a great prominence even in the non-specialized press.So, I think that would be useful trying to summarize the situation in a simple way. Background https://xkcd.com/1938/ Google's Project Zero releases… read more »
  • Jan 3, 2018

    How keyloggers works: a simple example of keyboard hooking using Python

    Keyloggers are often used by malicious softwares to steal sensitive data and login credentials. During a malware analysis process is useful to know how a keylogger works. A keylogger can be implemented simply setting a hook on the keydown event… read more »
  • Dec 31, 2017

    My Year of Running – 2017

    My running year recap. Ok, 2018 is near to ends, now is time to make some statistics on my running activity. This year i have run for 5279 kilometers (3280 miles): every workout has been performed in the early morning,… read more »
  • Dec 29, 2017

    Forensic logical acquisition of Android devices using adb backup

    In digital forensics, the term logical extraction is typically used to refer to extractions that do not recover deleted data, or do not include a full bit-by-bit copy of the evidence, analogously to copying and pasting a folder in order… read more »
  • Dec 27, 2017

    How to cross-compile a Python script into a Windows executable on Linux

    Using Wine and Pyinstaller. Pyinstaller is a program that packages Python programs into stand-alone executables, under the most used OSs (Windows, Linux, Mac OS X, FreeBSD, Solaris and AIX). Initially Pyinstaller had a beta feature that allows the cross-compilation of… read more »
  • Dec 22, 2017

    Forensic disk images of a Windows system: my own workflow

    Every forensic analyst, during his experience, perfects his own workflow for the acquisition of forensic images. Today I want to propose my own workflow for acquisition of physical disks on Microsoft Windows systems Required tools FTK Imager The Forensic Toolkit… read more »
  • Dec 20, 2017

    Sysinternals ProcDump porting for Linux

    Microsoft has released, on its GitHub repository, an interesting Linux porting of ProcDump from Sysinternals suite. Like the Windows version, ProcDump allows developers to create core dumps of their application based on performance triggers. Furthermore, ProcDump is also useful for… read more »
  • Dec 18, 2017

    How to hack a turned-off computer, using Intel Management Engine

    In this great speech on BlackHat Europe 2017, Mark Ermolov and Maxim Goryachy by Positive Technology talks about the Intel Management Engine subsystem and how the recently discovered vulnerabilities can be used in order to compromise a system. Intel Management… read more »
  • Dec 15, 2017

    Investigate suspicious Windows processes using Sysinternals Sysmon

    This article on Microsoft's Technet Blog is really interesting: Moti Bani explain how to investigate suspicious activity on servers using Sysmon Tool. What is Sysmon? Sysmon is a tool from Sysinternals that provides a comprehensive monitoring about activities in the… read more »
  • Dec 13, 2017

    How to fix the WXR version error when importing a very old Wordpress export file

    Recently I needed to migrate the contents of a Wordpress 2.1.7 (really old!) on a new installation based on Wordpress 4.9.1. So i've exported all contents from old site using the standard export procedure, but during the import on the… read more »
  • Dec 11, 2017

    Metasploit Console: my own cheatsheet

    Metasploit Framework is a priceless open-source a tool for developing and executing exploit code against a remote target machine. Its main admin interface, the Metasploit console has many different command options to chose from. Here my own set (in alphabetical… read more »
  • Dec 8, 2017

    What is Reflective DLL Injection and how can be detected?

    DLL (Dynamic-link library) are the Microsoft's implementation of the shared library concept and provide a mechanism for shared code and data, allowing a developer of shared code/data to upgrade functionality without requiring applications to be re-linked or re-compiled. DLLs may… read more »
  • Dec 6, 2017

    Just some thoughts about credential stuffing attacks: how to check and prevent them

    People reuse passwords all the time. How can i check and prevent credential stuffing attacks? Recently i've read this article by Brian Chappell on SC Media UK: Credential stuffing: People reuse passwords all the time. Shocker, I know. In BeyondTrust's… read more »
  • Dec 4, 2017

    How to learn programming: the traditional way and the quick way

    Do you want to become a programmer? You need to know that you will have to face a long and difficult course, full of nights spent for debugging. Furthermore, you also need to face relationships with colleagues and clients, time… read more »
  • Dec 1, 2017

    Determine age, region, source of leaked credentials using RadioCarbon

    RadioCarbon is an interesting tool developed by Florian Roth, focused on checking age and origin of a credential leak: Typically you get leaked credentials in form of list of email addresses or user names, cleartext passwords or password hashes, and… read more »
  • Nov 29, 2017

    Yes, you can log into macOS "High Sierra" as root with no password

    UPDATE - Apple released the security patch for the bug: https://support.apple.com/en-us/HT208315 The security fate discovered in MacOS High Sierra by Lemi Orhan Ergin is so serious that it is hard to believe it's real: you can become root without typing… read more »
  • Nov 29, 2017

    How to build a simple Echo Bot on Telegram using hook.io and Python

    Please note: This article has been written almost a year ago: in this months a lot of updates and bugfixes has been rolled up on hook.io infrastructure.So it's quite possible that the code snippets related to hook.io do not work correctly.I… read more »
  • Nov 28, 2017

    CVE-2017-16943: Exim Remote Code Execution Vulnerability

    Two vulnerabilities and an exploit POC impacting the Exim MTA have been publicly disclosed, identified as CVE-2017-16943 & CVE-2017-16944 The vulnerabilities could allow remote attackers to execute arbitrary code or cause a denial of service via vectors involving BDAT commands.… read more »
  • Nov 27, 2017

    How a malware can download a remote payload and execute malicious code...in one line?

    This post on arno0x0x's blog is awesome: an accurate analysis of some 'one-line commands' that can be used on a windows system in order to download a malicious payload and execute it. The examples are developed using several script languages,… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andreafortunaig
  • andrea-fortuna
  • andrea
  • andreafortunatw

Cybersecurity expert, software developer, experienced digital forensic analyst, musician