Fluid Attacks logo
Login
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us
GET A DEMO
Photo by Andre Benz on Unsplash

Evolution of Cybercrime Costs (I)

Impact of cybercrime today portrays a new landscape

Every year, the Workshop on the Economics of Information Security (WEIS) gathers renowned social and computer scientists (both from and outside academia). In WEIS, the economic implications of...



Photo by Arteum.ro on Unsplash

Caution! Your Password Can Be Mine

A very short introduction to password cracking

Passwords are currently the most popular authentication method in computer systems and IT, and can serve as protection of our private information in email and bank accounts, social networks, and...



Person using a Syringe filled with bad stuff

Tainted love

It's all about sanitization

In several past articles, we have briefly touched on the concept of taint analysis. In this article, we will fill in the knowledge gaps regarding taint analysis which may have resulted from our...



Toasting Marshmallow. Photo by hcmorr on Unsplash: https://unsplash.com/photos/qlHRuDvaxL8

Roasting Kerberos

Attacking a DC using kerberoast

Kerberos is a protocol developed by MIT used to authenticate network services. It is built using secret-key cryptography and uses a trusted third-party server called Authentication Server. This...



handshake

A Conflict of Interest?

You probably don’t see it.

Years ago, we faced something odd in a project: a customer was putting pressure on us while performing a One-Shot Hacking. The manager who hired us demanded preliminary results and made comments...



New York City Skyline

Querier Writeup

How to solve HTB Querier

In my opinion, Querier is a great box. By following the steps below we will learn a bit about Windows (a widely used operating system) pentesting. The challenge begins with a public SMB; this is...



Parsing code. Photo by Markus Spiske on Unsplash: https://unsplash.com/photos/hvSr_CVecVI

Parse and Conquer

Why Asserts uses Parser combinators

As you might have noticed at Fluid Attacks we like parser combinators, functional programming, and of course, Python. In the parser article, we showed you the essentials of Pyparsing and we also...



Yellow police line tape on Unsplash: https://unsplash.com/photos/jM6Y2nhsAtk

Do not read this post

What if this post were a malicious link?

Why the f*ck did you click to this post? Seriously, why? Chances are, you were attracted to the title, paradoxically, suggesting not to do something. But, here you are. We are glad you did not...



greek statue with small angels.

Asymmetric DoS, slow HTTP attack

The story of David and Goliath

Have you ever heard the story of David and Goliath? David, a young boy, goes out to confront a giant, named Goliath. David is the underdog in this fight and is expected to lose. But, everyone...



Hand holding a pirate toy

Bounty Writeup

How to resolve HTB Bounty

Scanning Phase First, we check the IP of the Bounty machine and try a ping to see if we have access. ping host$ ping -c2 10.10.10.93 Then, we scan the ports with nmap. In this case, we’re going to...



Painting a red and blue wall

LibSSH new Vulnerability

New vulnerability on libssh CVE-2018-10933

The new vulnerability in LibSSH, tracked as CVE-2018-10933, resides on the server code which can enable a client to bypass the authentication process and create channels without permission. This...



Developers programming in an office

DevOops Writeup

How to resolve HTB DevOops

Scanning Phase First, we check the IP of the DevOops machine and try a ping to see if we have access. Then, we scan the ports with nmap. In this case, we’re going to use basic nmap. port scannning...




Service status - Terms of Use