Reverse engineering and penetration testing on Android apps: my own list of tools

This list of tools is really useful both in penetration testing on an Android application and in reverse engineering of a suspicious application.
All tools are OSS and freely available: so, enjoy!

Continue reading “Reverse engineering and penetration testing on Android apps: my own list of tools”

Diffy: an interesting DFIR tool released from Netflix’s SIRT

The Netflix Security Intelligence and Response Team (SIRT) has released (under Apache 2.0 license) a triage tool to help digital forensics and incident response teams quickly identify compromised hosts on which to focus their response.

The tool, written in python 3 and named “Diffy”, is strictly focused on security incidents on cloud architectures.

Continue reading “Diffy: an interesting DFIR tool released from Netflix’s SIRT”

How to find unsecured S3 buckets: some useful tools

Services like Amazon’s S3 have made it easier and cheaper than ever to store large quantities of data in the cloud.
Used properly, S3 buckets are a useful tool, however a lot of companies fail to implement basic security resulting in catastrophic data breaches.
Continue reading “How to find unsecured S3 buckets: some useful tools”