Andrea Fortuna
Just some random thoughts about the Meaning of Life, The Universe, and Everything

CrowdStrike released SuperMem, a great tool for automated Windows memory analysis.

A lot of vulnerabilities, some cybercrime stuff and a serious privacy concern on Xiaomi phones.

Let’s start again with the “Weekly roundup”: what happened this week?

A recent report by The Pegasus Project, a consortium of non-profit organizations and various journalists, claimed to have discovered a leak of 50.000 phone numbers that likely belong to users who might be victims of the Pegasus spyware, developed by the Israeli technology firm NSO.

Amnesty International, part of the group, has released a tool to check if your phone has been affected, called Mobile Verification Toolkit, or MVT.

In this post we will look steps for analyze a iPhone using a Linux machine.

Some days ago, during a brief memory analisys demonstration with Volatility, I’ve used a memory dump of a system infected with the “old-but-gold” Stuxnet.
But, one of the spectators asked me additional info about this malware, so I decided to collect some informations about the story of this “iconic” malware strain.

The Elastic Security team recently revealed a new technique for malware obfuscation and evasion called Process Ghosting, that allows tampering of in-memory mappings of executable files on Microsoft Windows.

NTFS filesystem is a gold mine for forensic analysis on Microsoft Windows systems.

iLEAPP is a good iOS forensic tool developed by Alexis Brignoni. It’s composed by a set of python script previously developed by Alexis, collected in a single, useful, tool.

On iOS devices, due the well-known os restrictions, logical acquisition is the most common type of data extraction during digital forensic investigations. There are a lot of commercial forensic tools able to perform this step, but this type of acquisition can be also perfomed using an open source tool.

I recently happened to read a research, presented during the ACM WINTECH 2020 conference, related to IMSI Catchers and their exploitation for tracking users of mobile devices.