Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Toasting Marshmallow. Photo by hcmorr on Unsplash: https://unsplash.com/photos/qlHRuDvaxL8

Roasting Kerberos

Attacking a DC using kerberoast

Kerberos is a protocol developed by the MIT used to authenticate network services, is built using secret key cryptography and using a trusted third party server (named Authentication Server). This...



Born into cloud

Secure Cloud as Code

The weakest link in security is not the technology.

Amazon Web Services (AWS) is one of the biggest cloud services used by thousands of companies around the world, and with a centralized and strong security, it is one of the best on the market....



Executive leaking business information

Attacking Without Announce

Nobody knows, but everything is allowed

We talk a lot about the advantages of extreme connectivity and availability of information, but so little about how our company’s, client’s, or even our own personal data is secure. Here we want...



Hand holding a pirate toy

Bounty Writeup

How to resolve HTB Bounty

Scanning Phase First, we check the IP of the Bounty machine and try a ping to see if we have access. ping host$ ping -c2 10.10.10.93 Then, we scan the ports with nmap. In this case, we’re going to...



Vulnerability disclosure

Vulnerability disclosure ecosystem

Responsible vulnerability disclosure

An information security vulnerability is a flaw or a weakness in a system or application that a malicious attacker could exploit, and could result in a compromise of the confidentiality, integrity...



man standing in front of blue and red lights

LibSSH new Vulnerability

New vulnerability on libssh CVE-2018-10933

The new vulnerability in LibSSH, tracked as CVE-2018-10933, resides on the server code which can enable a client to bypass the authentication process and create channels without permission. This...



Developers programming in an office

DevOops Writeup

How to resolve HTB DevOops

Scanning Phase First, we check the IP of the DevOops machine and try a ping to see if we have access. Then, we scan the ports with nmap. In this case, we’re going to use basic nmap. port scannning...



Blank CSV document icon

Is that CSV Secure?

Defining CSV injection vulnerabilities

Comma-Separated Values file (or CSV) is a type of file that stores tabular data, numbers and text in plain text. Each line of the file is a data record and each record consists of one or more...



Pyramids in the desert

Types of triangles

Solving CodeAbbey Pythagorean Theorem challenge

A triangle is a 3-sided polygon sometimes (but not very commonly) called the trigon. Every triangle has three sides and three angles, some of which may be the same. The sides of a triangle are...



Magnifying glass finding password in a set of binary data

Storing passwords safely

Solving Yashira hash challenge 3

By the end of the year, we witnessed a huge increase in the amount of attacks that extracted large quantities of personal information, emails and passwords. Even one of the biggest email services,...



Service status - Terms of Use