Posts by Jonathan Armas

Jonathan was security analyst at Fluid Attacks from March 2017 until October 2021.

Photo by Kuma Kum on Unsplash

Jonathan Armas

Bypassing SQLi filters manually

SQL injection can be one of the most dangerous vulnerabilities. Here we will see how to bypass certain controls that developers put in their code.

Photo by Hannah Gibbs on Unsplash

Jonathan Armas

Attacking a web server using SSRF

Here we will see what a Server Side Request Forgery is, how hackers can exploit it, and what are the best ways to protect against this attack.

Photo by Mick Haupt on Unsplash

Jonathan Armas

Searching for credentials in a repository

As everyone knows in our context, production credentials should be protected. In this post, we explain how to extract old credentials and how to protect them.

Photo by Bundo Kim on Unsplash

Jonathan Armas

Attacking a network using Responder

Windows hosts use LLMNR and NBT-NS for name resolution on the local network. These protocols do not verify addresses, and here we detail how to exploit this.

Photo by Clint Patterson on Unsplash

Jonathan Armas

The meaning of Try Harder

The OSCP exam is one of the hardest certifications out there for pentesters. Here we show you how you can prepare yourself to do your best on it.

Turned on Android smartphone. Photo by Pathum Danthanarayana on Unsplash:

Jonathan Armas

Intercept applications in newer Android phones

Android is one of the most suitable targets for hackers. Here we show how to intercept Android apps' web traffic by installing a self-signed certificate.

Photo by hcmorr on Unsplash

Jonathan Armas

Attacking a DC using kerberoast

Windows Active Directory works using the Kerberos protocol, and in this blog post, we detail how we can exploit its functionality to obtain user hashes.

Photo by Kushagra Kevat on Unsplash

Jonathan Armas

The weakest link in security is not the technology

Here we want to help you secure your deployments and avoid common mistakes. Infrastructure as code is one of the easiest ways to leverage cloud computing.

Hand holding a pirate toy

Jonathan Armas

How to resolve HTB Bounty

In this article, we present how to exploit a Bounty machine's vulnerabilities and how to gain access as an Administrator and obtain the root flag.

Start your 21-day free trial

Discover the benefits of our Continuous Hacking solution, which hundreds of organizations are already enjoying.

Start your 21-day free trial
Fluid Logo Footer

Hacking software for over 20 years

Fluid Attacks tests applications and other systems, covering all software development stages. Our team assists clients in quickly identifying and managing vulnerabilities to reduce the risk of incidents and deploy secure technology.

Copyright © 0 Fluid Attacks. We hack your software. All rights reserved.