Andrea Fortuna
Andrea Fortuna — Cybersecurity expert and digital forensics analyst
Cybersecurity expert, software developer, experienced digital forensic analyst, musician
andreafortuna.orgMost organizations don't fail at security because they lack tools, they fail because they can't sustain attention at 2:00 AM.
A cybersecurity blog that bridges the gap between hands-on technical analysis and strategic thinking. Andrea writes about everything from iOS forensics to building 24/7 security operations on small teams, often opening with real-world scenarios that pull you into complex topics. His European perspective on security regulation and infrastructure adds a dimension you won't find on most infosec blogs.
Written by Andrea Fortuna.
Very Active
Publishes multiple times per week
3
Independent Blog
English
How this blog's content is accessed through Blogs Are Back.
Full Content
RSS feed includes complete post content for reading in-app
Direct Access
Feed can be fetched directly from your browser
Direct Post Links
Post pages can be loaded directly in the reader
Embeddable
Posts can be displayed inline in the reader view
Recent posts from Andrea Fortuna's RSS feed.
When digital evidence follows you home in DFIR teams
There is a type of fatigue that does not show up in burnout surveys, does not get discussed in team retrospectives, and does not appear in any CISO dashboard. It accumulates quietly, over months, in people who spend their days reconstructing what happened on a murdered child’s phone, parsing chat logs from a grooming case, or reviewing CCTV footage of a violent assault frame by frame. Digital forensic analysts and secondary investigators occupy a peculiar position in the broader law enforceme...
When your AI assistant starts billing by the thought
There is a moment in every technology adoption cycle when the vendor decides the honeymoon is over. The product is established, the users are hooked, the switching cost is real, and the capital that subsidized cheap access is no longer available in unlimited quantities. GitHub Copilot reached that moment in spring 2026, when GitHub announced that all Copilot plans would move to usage-based billing built around GitHub AI Credits. The important detail is not that the sticker price suddenly explode...
Security awareness training and the checkbox we all pretend works
Every year, around October, a familiar ritual plays out in organizations across Europe and North America. Someone in IT sends a calendar invite. The subject line reads something like “Annual cybersecurity awareness training, mandatory.” The body contains a link. The training takes between fifteen and twenty-five minutes, depending on how aggressively employees click through the slides. There is a quiz at the end. The questions are not difficult. Nobody fails. A flag turns green somewhere in a sp...
Agentic AI in the enterprise and the autonomous actor missing from threat models
In April 2026, a Unit 42 incident response engagement documented something that, if described two years earlier, would have sounded like a slightly paranoid thought experiment. An insider used their company’s own AI assistant to stage a data exfiltration attack. The forensic analysis showed the employee manipulating the tool through a sequence of crafted prompts, steering it to retrieve, compile, and package sensitive records that the employee’s own account did not have direct permission to acce...
Lazarus, DPAPI, and the art of leaving nothing behind in RemotePE
Most incident response playbooks share a foundational assumption: the attacker left something on disk. A binary, a script, a configuration file, a registry key, a prefetch artifact, something with a modification timestamp and a hash you can run through VirusTotal. The entire discipline of disk forensics rests on this premise, and for most of the threat landscape it holds. Lazarus has decided it prefers the other scenario. In brief RemotePE demonstrates a fileless chain that minimizes disk...
If you enjoy Andrea Fortuna, you might also like these blogs.
Troy Hunt
troyhunt.comSecurity researcher and creator of Have I Been Pwned. Expert analysis on data breaches and web security.
Filippo Valsorda
words.filippo.ioGo security team member writing about cryptography and open source maintenance.
Robert Heaton
robertheaton.comThoughtful essays on programming, security, and the human side of software.
Perishable Press
perishablepress.comWeb Dev + WordPress + Security
Follow Andrea Fortuna
Whether you're a security practitioner or just trying to understand the threat landscape, Andrea breaks down complex security topics with real-world clarity.