Posts by Jonathan Armas

Jonathan was security analyst at Fluid Attacks from March 2017 until October 2021.

Photo by Kuma Kum on Unsplash

May 20, 2020

Jonathan Armas


Bypassing SQLi filters manually

SQL injection can be one of the most dangerous vulnerabilities. Here we will see how to bypass certain controls that developers put in their code.

Photo by Hannah Gibbs on Unsplash

May 6, 2020

Jonathan Armas


Attacking a web server using SSRF

Here we will see what a Server Side Request Forgery is, how hackers can exploit it, and what are the best ways to protect against this attack.

Photo by Mick Haupt on Unsplash

April 29, 2020

Jonathan Armas


Searching for credentials in a repository

As everyone knows in our context, production credentials should be protected. In this post, we explain how to extract old credentials and how to protect them.

Photo by Bundo Kim on Unsplash

March 31, 2020

Jonathan Armas


Attacking a network using Responder

Windows hosts use LLMNR and NBT-NS for name resolution on the local network. These protocols do not verify addresses, and here we detail how to exploit this.

Photo by Clint Patterson on Unsplash

December 4, 2019

Jonathan Armas


The meaning of Try Harder

The OSCP exam is one of the hardest certifications out there for pentesters. Here we show you how you can prepare yourself to do your best on it.

Turned on Android smartphone. Photo by Pathum Danthanarayana on Unsplash: https://unsplash.com/photos/t8TOMKe6xZU

October 23, 2019

Jonathan Armas


Intercept applications in newer Android phones

Android is one of the most suitable targets for hackers. Here we show how to intercept Android apps' web traffic by installing a self-signed certificate.

Photo by hcmorr on Unsplash

August 5, 2019

Jonathan Armas


Attacking a DC using kerberoast

Windows Active Directory works using the Kerberos protocol, and in this blog post, we detail how we can exploit its functionality to obtain user hashes.

Photo by Kushagra Kevat on Unsplash

May 2, 2019

Jonathan Armas


The weakest link in security is not the technology

Here we want to help you secure your deployments and avoid common mistakes. Infrastructure as code is one of the easiest ways to leverage cloud computing.

Hand holding a pirate toy

October 29, 2018

Jonathan Armas


How to resolve HTB Bounty

In this article, we present how to exploit a Bounty machine's vulnerabilities and how to gain access as an Administrator and obtain the root flag.

Start your 21-day free trial

Discover benefits of our Continuous Hacking solution, which hundreds of organizations are already enjoying.

Start your 21-day free trial