Andrea Fortuna
AboutRss
  • Sep 26, 2017

    Extract all magnet links from an html page with Python

    A simple and useful snippet Recently i’ve developed a simple webscraper that extract magnet links from a specific page and starts the download with bittorrent. The core of the script is the code snippet below, that uses pyquery in order to… read more »
  • Sep 22, 2017

    CCleaner incident: what we need to know?

    Looking for a good alternative to CCleaner? Take a look to BleachBit! A good analysis by Cisco Talos Version 5.33 of the CCleaner downloaded between August 15 and September 12 was modified to include the Floxif malware: We would like to… read more »
  • Sep 21, 2017

    Optionsbleed: a vulnerability? Nope, a ghost!

    A bug really difficult to reproduce! Hanno Böck, a freelance journalist, has disclosed a bug in Apache Web Server causes servers to leak pieces of arbitrary memory in a way that could expose passwords or other secrets, like the most… read more »
  • Sep 20, 2017

    Create a Github Gist with a simple Python script

    How to share code snippets from command line Gist.github.com is a great service provided by GitHub, useful to share code snippets. You can share single files, parts of files, or full applications: every gist is a Git repository, which means that… read more »
  • Sep 18, 2017

    IlluminateJs: a good Javascript Deobfuscator

    Useful during analysis of malicious sites Yesterday in my twitter stream i’ve seen this tweet by Florian Roth: [embed]https://twitter.com/cyb3rops/status/902934898700320770[/embed] During the analysis of a malicious site, one of the first step is the deobfuscation of the suspicious javascript. There are… read more »
  • Sep 15, 2017

    What is the blockchain, and how will radically transform the economy?

    Do you know what is the blockchain? You should! How an independent, transparent, and permanent database coexisting in multiple locations and shared by a community will changing money and business? In this lucid and simple talk, Bettina Warburg describes how… read more »
  • Sep 13, 2017

    How to verify that Wannacry patch is correctly installed

    In a big company, with a lot of windows systems, checking the correct patching for Wannacry could be a little tricky. Security update MS17–010 addresses several vulnerabilities in Windows SMB v1 exploited by the WannaCrypt ransomware. However, the KB that contains… read more »
  • Sep 11, 2017

    DolphinAttack: inaudible voice commands allows attackers to control Siri, Alexa and other digital assistants

    A research about supersonic voice command hacking Chinese researchers have discovered a vulnerability in voice assistants from Apple, Google, Amazon, Microsoft, Samsung, and Huawei. Using a technique called “DolphinAttack”, a team from Zhejiang University translated typical vocal commands into ultrasonic frequencies… read more »
  • Sep 8, 2017

    LiMEaide: remotely dump RAM of a Linux client

    Simplify Linux digital forensics! LiMEaide is a python application developed by Daryl Bennett that can remotely dump RAM of a Linux client. It can also create a volatility profile for later analysis. In order to use LiMEaide all you need… read more »
  • Sep 6, 2017

    UniByAv: shellcode obfuscation using Python

    Applying XOR on a raw shellcode UniByAv is a simple obfuscator that take a raw shellcode and generate executable that are Anti-Virus friendly, really useful to check antivirus solutions. The obfuscation routine is purely writtend in assembly to remain pretty… read more »
  • Sep 4, 2017

    GitHub Dorks, a simple cheatsheet

    Search for sensitive data in GitHub repositories Developers generally like to share their code, and many of them do so by open sourcing it on GitHub. From Wikipedia: GitHub is a web-based Git or version control repository and Internet hosting… read more »
  • Sep 1, 2017

    PowerForensics: a PowerShell framework for hard drive forensic analysis

    Simple to install and with a lot of features The purpose of PowerForensics is to provide an all inclusive framework for hard drive forensic analysis. PowerForensics currently supports NTFS and FAT file systems, and work has begun on Extended File System… read more »
  • Aug 31, 2017

    Tired of the wait for new book of “A Song of Ice and Fire”?

    And not all of the predictions are completely off-base: some computer-generated theories that have been talked about by fans of the show. Readers of the “A Song of Ice and Fire” novel series on which the TV show is based… read more »
  • Aug 31, 2017

    Raven: a tool for gathering information about company employees using google and Linkedin

    Useful during a pentest Raven is a tool developed by 0x09AL to gather information about an organization employees using Linkedin. It’s developed using python, Selenium e geckodriver Features Automatically check found emails in haveibeenpwned.com Output in CSV format Installation Simply run… read more »
  • Aug 30, 2017

    NoSQL database enumeration and exploitation with NoSQLMap

    Like sqlmap, but for non-relational databases! NoSQLMap is a tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data… read more »
  • Aug 29, 2017

    Kaki King: two short videos recorded at TED conferences

    “A musical escape into a world of light and color” Today I want to share two videos from TED.com featuring Kaki King (born Katherine Elizabeth King), a guitarist and composer known for her percussive technique applied on multiple tunings on acoustic… read more »
  • Aug 28, 2017

    Linux Distributions for forensics investigation: my own list

    A shortlist of six distribution…guess my favorite! During a digital forensics analysis, a lot of different tools can be used, and it could be useful use a dedicated linux distribution with all tools already installed and configured. Here a brief… read more »
  • Aug 25, 2017

    “Spaghetti”, a Python Web Application security scanner

    Designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is a web application security scanner built on python2.7, designed to find various default and insecure files, configurations and misconfigurations. It’s developed and mantained by Momo Outaadi(m4ll0k), that… read more »
  • Aug 23, 2017

    Guitar tips: my own daily warm-up exercises

    Every morning a guitarist wakes up … and doing the warm-up! The warm-up is a very important step of a musician’s daily routine: a simple set of progressive exercises useful to predispose muscles and articulation for more complex movements and stretching. Today… read more »
  • Aug 21, 2017

    Volatility, my own cheatsheet (Part 8): Filesystem

    With this part, we ended the series dedicated to Volatility: the last ‘episode’ is focused on file system. If you want to read the other parts, take a look to this index: Image Identification Processes and DLLs Process Memory Kernel Memory… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andreafortunaig
  • andrea-fortuna
  • andrea
  • andreafortunatw

Cybersecurity expert, software developer, experienced digital forensic analyst, musician