Andrea Fortuna
AboutRss
  • Jan 31, 2018

    CVE-2018-0101: Cisco ASA WebVPN is affected by a serious flaw

    Cisco released security updates to address a critical security vulnerability in Cisco ASA software. UPDATED 2/5/2018 Cisco updated previous advisory: After further investigation, Cisco has identified additional attack vectors and features that are affected by this vulnerability. In addition, it… read more »
  • Jan 29, 2018

    A Telegram Echo Bot built with a single PHP line

    Some weeks ago i've written a brief tutorial focused on building a simple Echo BOT on Telegram using Python. Today i want to share a very small snippet that implements the same Bot using PHP as responder for the Telegram's… read more »
  • Jan 26, 2018

    Windows PE run-time encryption with Hyperion

    Hyperion is a crypter for PE files, developed and presented by Christian Amman in 2012. The tool is a runtime crypter that can transform a Windows portable executables (PE) into an encrypted version that decrypts itself on startup and executes… read more »
  • Jan 24, 2018

    How a malware can be spread through webpages? A simple example made with python

    Recently a colleague asked me an example of how a malware can be spread using simple html pages hosted on a hacked website. So, there are a lot of techniques, but in this case I've choose to use for the… read more »
  • Jan 22, 2018

    Some interesting facts about reverse-engineering of x86 microcode, from a research by Ruhr University Bochum

    Micro­code is an ab­strac­tion layer on top of the phy­si­cal com­po­n­ents of a CPU and is pre­sent in most CPUs. It fa­ci­li­ta­te com­plex in­struc­tion sets, but it also pro­vi­des an up­date me­cha­nism that al­lows CPUs to be patched in-place wi­thout… read more »
  • Jan 19, 2018

    How to create a contextual menu on Windows Explorer for PyInstaller packaging

    Package your python application (for Windows and Linux) with just a right-click! Recently I've written a brief post about the packaging of a python script for Linux and Windows on a Linux machine, using PyInstaller and Wine. Today i want… read more »
  • Jan 17, 2018

    LaZagne, a credentials recovery tool

    LaZagne is a tool developed by Alessandro Zanni useful to retrieve passwords stored on a local computer by most commonly-used software. The tool displays passwords for (currently) 22 Windows and 12 Linux programs. Each software stores its passwords using different… read more »
  • Jan 15, 2018

    PE-sieve, a command line tool for investigating inline hooks

    PE-sieve is a small tool for investigating inline hooks and other in-memory code patches, developed by hasherezade. The tool, based on libpeconv (also developed by hasherezade), scans a given process and searching for the modules containing in-memory code modifications. When… read more »
  • Jan 12, 2018

    PinMe: tracking a smartphone with localization services turned off

    Arsalan Mosenia, Xiaoliang Dai, Prateek Mittal and Niraj Jha, in paper recently published, describe a new user-location mechanism that exploits non-sensory/sensory data stored on the smartphone to estimate the user's location when all location services are turned off. The technique,… read more »
  • Jan 10, 2018

    Process Doppelgänging: a more stealth alternative of the process hollowing technique?

    Recently at Black Hat Europe conference, Tal Liberman and Eugene Kogan (enSilo lab) presented a a new code injection technique called "Process Doppelgänging", that works on all Windows versions and seems to be able to bypass most of today's major… read more »
  • Jan 8, 2018

    Meltdown: another PoC in the wild

    Pavel Boldin published a new PoC exploit of Meltdown vulnerability working on Linux, written in C. "Speculative optimizations execute code in a non-secure manner leaving data traces in microarchitecture such as cache." Can only dump linux_proc_banner at the moment, since… read more »
  • Jan 6, 2018

    In-Spectre-Meltdown: a PoC for Meltdown and Spectre vulnerabilities

    In-Spectre-Meltdown is a PoC developed by Viral Maniar using Python and Powershell to check speculative execution side-channel attacks that affect many modern processors and operating systems designs that allows unprivileged processes to steal secrets from privileged processes. This tool is based on… read more »
  • Jan 5, 2018

    Meltdown and Spectre: what we know about the vulnerabilities in CPUs?

    In the last hours, the vulnerabilities of the CPU have had a great prominence even in the non-specialized press.So, I think that would be useful trying to summarize the situation in a simple way. Background https://xkcd.com/1938/ Google's Project Zero releases… read more »
  • Jan 3, 2018

    How keyloggers works: a simple example of keyboard hooking using Python

    Keyloggers are often used by malicious softwares to steal sensitive data and login credentials. During a malware analysis process is useful to know how a keylogger works. A keylogger can be implemented simply setting a hook on the keydown event… read more »
  • Dec 31, 2017

    My Year of Running – 2017

    My running year recap. Ok, 2018 is near to ends, now is time to make some statistics on my running activity. This year i have run for 5279 kilometers (3280 miles): every workout has been performed in the early morning,… read more »
  • Dec 29, 2017

    Forensic logical acquisition of Android devices using adb backup

    In digital forensics, the term logical extraction is typically used to refer to extractions that do not recover deleted data, or do not include a full bit-by-bit copy of the evidence, analogously to copying and pasting a folder in order… read more »
  • Dec 27, 2017

    How to cross-compile a Python script into a Windows executable on Linux

    Using Wine and Pyinstaller. Pyinstaller is a program that packages Python programs into stand-alone executables, under the most used OSs (Windows, Linux, Mac OS X, FreeBSD, Solaris and AIX). Initially Pyinstaller had a beta feature that allows the cross-compilation of… read more »
  • Dec 22, 2017

    Forensic disk images of a Windows system: my own workflow

    Every forensic analyst, during his experience, perfects his own workflow for the acquisition of forensic images. Today I want to propose my own workflow for acquisition of physical disks on Microsoft Windows systems Required tools FTK Imager The Forensic Toolkit… read more »
  • Dec 20, 2017

    Sysinternals ProcDump porting for Linux

    Microsoft has released, on its GitHub repository, an interesting Linux porting of ProcDump from Sysinternals suite. Like the Windows version, ProcDump allows developers to create core dumps of their application based on performance triggers. Furthermore, ProcDump is also useful for… read more »
  • Dec 18, 2017

    How to hack a turned-off computer, using Intel Management Engine

    In this great speech on BlackHat Europe 2017, Mark Ermolov and Maxim Goryachy by Positive Technology talks about the Intel Management Engine subsystem and how the recently discovered vulnerabilities can be used in order to compromise a system. Intel Management… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andreafortunaig
  • andrea-fortuna
  • andrea
  • andreafortunatw

Cybersecurity expert, software developer, experienced digital forensic analyst, musician