Andrea Fortuna
AboutRss
  • Feb 9, 2017

    Ticketbleed, a TLS vulnerability on F5 appliances

    Similar to the well known Heartbleed vulnerability Ticketbleed is a vulnerability (CVE-2016–9244) in the TLS/SSL stack of F5 BIG-IP appliances allowing a remote attacker to extract up to 31 bytes of uninitialized memory at a time, that can potentially contain… read more »
  • Feb 9, 2017

    Analyze websites and the resources they request with urlscan.io

    Find out which HTTP requests your website triggers in the background and where they call out to This is not my discovery, but a very useful resource found through a Florian Roth tweet: [embed]https://twitter.com/cyb3rops/status/828581308792176646[/embed] urlscan.io is a service which analyses websites… read more »
  • Feb 8, 2017

    Emil Zátopek, 4 lessons about running and life

    If you are a runner that gives up at the first difficulty, here some advice from the “Czech Locomotive” 0. Who was Emil Zátopek? From Wikipedia: Emil Zátopek was a Czechoslovak long-distance runner best known for winning three gold medals at… read more »
  • Feb 7, 2017

    Simple malware downloader obfuscation with Powershell and Base64

    Maybe i have reinvented the wheel… …but i think is useful to share this discovery. I recently had the opportunity to analyze an email with attached a link that downloads a suspicious file. From a first analysis, it seemed be a .lnk… read more »
  • Feb 6, 2017

    Nope, 432 Hz is not the “frequency of universe”

    Let’s try to separate fact from fiction If you happen to meet some musician who claims that 432 Hz is “the natural frequency of the Universe”, which this frequency has the power of “attract the masses to the music” and cure… read more »
  • Feb 3, 2017

    A great malware removal guide from Heimdal Security

    A great collection of useful tools Paul Cucu has published on Heimdal Security Blog a really good article on malware removal, a useful guided checklist for removal malicious software from PCs: So how do you remove malware? Let’s not waste time… read more »
  • Feb 2, 2017

    Zero-day content injection vulnerability found in WordPress REST API

    Patch your CMS Now! Just a very quick post to warn you of a new vulnerability discovered by Sucuri on Wordpress. The vulnerability could be exploited by an unauthenticated attacker to inject malicious content, to modify posts, pages and any other… read more »
  • Feb 2, 2017

    The “GitLab meltdown”: moral of the story?

    Pretty simple: verify your backups! GitLab.com is in crisis after experiencing a severe data loss caused by human errors and ineffectual backups. What happened? On Tuesday evening, one database experience a severe performance degradation, and the sysadmin tries to start an… read more »
  • Feb 1, 2017

    A serious vulnerability found in 31 Netgear models allows bypassing authentication on admin panel

    …and lets hackers turn your router into a botnet! Trustwave has disclosed a flaw that affects Netgears routers. As the security researcher Simon Kenin explains, the vulnerability allows attackers to exploit the router’s password recovery system to bypass authentication and gain… read more »
  • Jan 31, 2017

    Warning! A simple SMS could break your Samsung Galaxy!

    The vulnerability was disclosed last week Vulnerability researchers of Context has discovered a flaw in Samsung’s Galaxy S4, S4 Mini, S5 and Note 4 smartphones that could be exploited by remote attackers to reboot targeted devices. The security hole, already patched… read more »
  • Jan 30, 2017

    Fernando Sor’s guitar technique: a good analysis by Rob MacKillop

    “Sor played without nails. He generally used only the thumb, index and middle fingers.” I think that the blog of Rob MacKillop is inspiring and very useful. His research on the guitar technique is very interesting, especially regarding the use… read more »
  • Jan 27, 2017

    WebEx plugin for Chrome: two serious vulnerabilities in a few days

    My advice? Check often for updates! On January, 21 the security researcher Tavis Ormandy from Google Project Zero has disclosed a vulnerability the Webex Chrome extension that allows remote execution of commands on any computer with the extension installed (about 20… read more »
  • Jan 26, 2017

    MalDuino, a malicious USB dongle based on Arduino

    Hack like Mr. Robot, with Arduino! MalDuino is an Arduino-powered USB device which emulates a keyboard and has keystroke injection capabilities. MalDuino is an arduino-powered USB device which has keyboard injection capabilities. Once plugged in, MalDuino acts as a keyboard, typing… read more »
  • Jan 25, 2017

    Hijacking Whatsapp accounts using Whatsapp Web?

    It seems possible: let’s analyze a recently published research Really interesting article by Martin Wagner about a technique that allows account hijacking on Whatsapp using the web interface of this messaging service. Whatsapp accounts are based on phone numbers. This… read more »
  • Jan 24, 2017

    Musician’s stuff: 6 good suggestions for a more creative 2017

    “Invest in yourself and try new things this year!” This article from Dan Musselman is very inspiring for me. 6 useful tips to be a more creative musician, 6 good propositions for 2017: As a musician, few things are more important… read more »
  • Jan 23, 2017

    Free DDoS mitigation services for independent media, organizations and activists

    Free protection for freedom of speech Recently, DDoS attacks have become also a tool to silence independent journalists, small media and activist websites: also an attacker without much experience is now able to launch an attack that can take many small… read more »
  • Jan 20, 2017

    EyePyramid, the ultimate analysis

    “Uncovering the Inner Workings of EyePyramid”, from TrendMicro (…and a small gift for Italian readers) About EyePyramid I have already wrote something, bringing mainly analyzes conducted by researchers much more prepared than me. :-) But now I need to talk again about… read more »
  • Jan 19, 2017

    The programmer’s dilemma: write good code or stay fat?

    “I need sugar to write good code!” Funny strip from Commitstrip: how many calories do you need a day to write good code? from http://www.commitstrip.com/en/2017/01/17/how-many-calories-do-you-need-a-day-to-write-good-code/ … read more »
  • Jan 18, 2017

    RecuperaBit, a tool for Forensic File System Reconstruction

    A python script that reconstruct filesystem structures and recover files on NTFS filesystems RecuperaBit is a python script developed by Andrea Lazzarotto useful for attempting to reconstruct a corrupted NTFS filesystem. RecuperaBit attempts reconstruction of the directory structure regardless of:… read more »
  • Jan 17, 2017

    ZeroPhone, the Raspberry smartphone

    A completely open-source mobile phone that you can assemble for 50$ You care about your privacy? You do not trust the manufacturers of smartphones and the backdoors that can be inserted into the firmware? You fear being intercepted? With just $50… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andreafortunaig
  • andrea-fortuna
  • andrea
  • andreafortunatw

Cybersecurity expert, software developer, experienced digital forensic analyst, musician