Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Syringe ready to inject bad stuff. Credit: https://pixabay.com/es/photos/jeringa-healthcare-aguja-medicina-417786/

Tainted love

It's all about sanitization

In the several past articles, we have briefly touched on the concept of taint analysis. In this article, we would like to fill in the gaps which maybe have been raised by these careless...



Photo by KP Bodenstein on Unsplash: https://unsplash.com/photos/ElQI4kGSbiw

Fool the machine

Trick neural network classifiers

Artificial Neural Networks (ANNs) are certainly a wondrous achievement. They solve classification and other learning tasks with great accuracy. However, they are not flawless and might misclassify...



Toasting Marshmallow. Photo by hcmorr on Unsplash: https://unsplash.com/photos/qlHRuDvaxL8

Roasting Kerberos

Attacking a DC using kerberoast

Kerberos is a protocol developed by the MIT used to authenticate network services, is built using secret key cryptography and using a trusted third party server (named Authentication Server). This...



Git. Photo by Yancy Min on Unsplash: https://unsplash.com/photos/842ofHC6MaI/

Big Code

Learning from open source

In our Machine Learning (ML) for secure code series the mantra has always been the same: to figure out how to leverage the power of ML to detect security vulnerabilities in source code, regardless...



Photo by Andres Urena on Unsplash. Credits: https://unsplash.com/photos/k1osF_h2fzA

Natural code

Natural language processing for code security

Our return to the Machine Learning (ML) for secure code series is a bit of a digression, but one too interesting to resist. At the same time, it is not, since the Natural Language Processing (NLP)...



handshake

A Conflict of Interest?

You probably don’t see it.

Years ago, we faced something odd in a project: a customer was putting pressure on us while performing a One-Shot Hacking. The manager who hired us demanded preliminary results and made comments...



New York City Skyline

Querier Writeup

How to solve HTB Querier

In my opinion, Querier is a great box. We can learn a bit about Windows pentesting, a widely used operating system. The challenge begins with a public SMB where we will pass our first level. Next...



Parsing code. Photo by Markus Spiske on Unsplash: https://unsplash.com/photos/hvSr_CVecVI

Parse and Conquer

Why Asserts uses Parser combinators

As you might have noticed, at Fluid Attacks we like parser combinators, functional programming, and, of course, Python. In the parser article, I showed you the essentials of Pyparsing and we also...



Yellow police line tape on Unsplash: https://unsplash.com/photos/jM6Y2nhsAtk

Do not read this post

What if this post were a malicious link?

Why the f*ck did you click to this post? Seriously, why? Chances are, you were attracted to the title, paradoxically, suggesting not to do something. But, here you are. We are glad you did not...



Binary machine learning. Credits: https://unsplash.com/photos/h3sAF1cVURw

Binary learning

Learning to exploit binaries

While our main focus, as stated previously, is to apply machine learning (ML) techniques to the discovery of vulnerabilities in source code, that is, a white-box approach to ML-guided hacking,...



Depiction of a deep neural network. Credits: https://unsplash.com/photos/R84Oy89aNKs

Deep Hacking

Deep learning for vulnerability discovery

If we have learned anything so far in our quest to understand how machine learning (ML) can be used to detect vulnerabilities in source code, it’s that what matters the most in this process are...



Chucky the actual serial killer doll

The anomaly serial killer doll

Hunting missing checks with anomaly detection

In our previous article we focused on taint-style vulnerabilites, i.e., those that are essentially due to the lack of input sanitization which allows tainted, user-controlled data to reach...




Service status - Terms of Use