
January 12, 2023
Carlos Bello
Injecting JS into one site is harmful, into all, lethal
In this blog post, we present in detail a vulnerability we discovered in Rushbet v2022.23.1-b490616d, along with the steps to follow to replicate the exploit.

November 23, 2022
Carlos Bello
So it's the app itself that delivers the cookie to me?
In this blog post, I present in detail a zero-day vulnerability I discovered in KAYAK v161.1, along with the steps to follow to replicate the exploit.

September 6, 2022
Andres Roldan
A Black Hat talk follow up
We will take a brief understanding at DirectX, a new attack surface on Hyper-V

June 13, 2022
Felipe Ruiz
Chances are you're vulnerable with Microsoft Office
In this blog post, you can learn what Follina is, how it works, what cyberattacks are linked to it and what you can do as prevention measures.

May 28, 2022
Andres Roldan
Cross-process memory patching with Python
We will take AMSI bypass to another level by using cross-process memory injection.

April 27, 2022
Felipe Ruiz
Conti gang relentlessly lashes their vulnerable systems
It's been almost two weeks since the beginning of the Conti gang's new wave of cyberattacks against Costa Rican organizations. Find out here what has happened.

April 20, 2022
Felipe Ruiz
Three strikes already for this web browser in 2022
In this blog post, you can learn about three zero-day vulnerabilities of at least high severity in Google Chrome that have been exploited this year.

April 18, 2022
Jason Chavarría
What you should know about our security advisories
In this blog post we explain what our Advisories are and, in the process, share some information on how the Fluid Attacks Research Team works.

April 11, 2022
Felipe Ruiz
A very brief introduction
Our blog needed a basic post about ethical hacking. It can be helpful as an introduction for those who don't know and want to learn about it.