Andrea Fortuna
AboutRss
  • Aug 15, 2019

    OS X forensic acquisition: a basic workflow

    OS X is, in effect, a *nix based system. Therefore the forensic image acquisition processes are very similar to those used on Linux systems.Today I'd like to share my personal acquisition workflow for Apple Mac systems, suitable for OSX before… read more »
  • Aug 14, 2019

    Microsoft CTF protocol can be exploited on all Windows versions

    Google Project Zero disclosed a vulnerability in CTF, a Microsoft protocol used by all Windows versions since Windows XP that can be exploited with ease. What is CTF? What CTF stands is currently unknown: it is part of of the… read more »
  • Aug 13, 2019

    Yep, even your DSLR Camera can be infected with ransomware!

    Researchers have discovered that some DSLRs and mirrorless cameras are actually vulnerable to ransomware attacks. Once in range of your camera's WiFi, a bad actor could easily install malware that would encrypt your valuable photos unless you paid for a… read more »
  • Aug 12, 2019

    Why WhatsApp (and Telegram) messages are not really private?

    End-to-end encryption is not everything! Yes, WhatsApp implements E2E using the Signal Protocol: The Signal Protocol is a non-federated cryptographic protocol that provides end-to-end encryption for instant messaging conversations.  https://en.wikipedia.org/wiki/Signal_Protocol End-to-end encryption ensures that your message is turned into a… read more »
  • Aug 8, 2019

    Reverse engineering and penetration testing on iOS apps: my own list of tools

    After a post focused on Android, another list of tools useful for penetration testing and reverse engineering of iOS applications.Also all this tools are OSS and freely available. Access Device iProxy Let's you connect your laptop to the iPhone to… read more »
  • Aug 7, 2019

    CVE-2019-1125, "SWAPGS Attack": a new speculative execution side-channel attack

    Security researchers at Bitdefender disclosed a new way of exploiting a flaw in Intel chips. Speculative execution attacks As Spectre, Meltdown and other similar attacks, the SWAPGS attack takes advantage of speculative execution, a functionality that seeks to speed-up the… read more »
  • Aug 7, 2019

    Some useful tools for finding unsecure Google Storage Buckets

    And some suggestion to hardening your buckets! Google Storage Buckets is a service similar to S3 Buckets and, like the must know Amazon's service, has the same security problems related to uncorrect configurations. Also Google Buckets may expose sensitive data… read more »
  • Aug 5, 2019

    Identity theft prevention? According to Bruce Schneier is basically useless

    On this article on his blog, Bruce Schneier talks on protecting yourself from identity theft. TL;DR: You can’t. You can only prevent criminals from using your personal information, which they almost certainly already have. Bruce Schneier is a cryptographer, privacy… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andrea-fortuna
  • andrea

Cybersecurity expert, software developer, experienced digital forensic analyst, musician