Fluid Attacks logo
Login
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us
GET A DEMO
Photo by Kuma Kum on Unsplash

Manual SQLi Bypass

Bypassing SQLi filters manually

Among the most recurring vulnerabilities are injection flaws, not for nothing they are first in the OWASP Top Ten list. This type of vulnerability can disrupt your entire security and...



Blacksmith. Photo by Hannah Gibbs on Unsplash: https://unsplash.com/photos/BINLgyrG_fI

Understanding SSRF

Attacking a web server using SSRF

Many web applications request outside services for data, configurations, updates, among others. This is beneficial for the developers and maintainers because it keeps separation of duties in their...



Click pen and magnifying glass on book page. Photo by Joao Silas on Unsplash: https://unsplash.com/photos/I_LgQ8JZFGE

Search the History

Searching for credentials in a repository

At the moment, every company that develops their own product is sure that they are using some form of a source control management tool. This is used to track modifications to a source code...



Red wooden mailbox near green leaf plan. Photo by Bundo Kim on Unsplash.

Respond the Name

Attacking a network using Responder

Link Local Multicast Name Resolution (LLMNR) and NetBIOS Name Service (NBT-NS) are two name resolution protocols that help Windows hosts to find address names from other devices on the network....



Photo by Jp Valery on Unsplash

Evolution of Cybercrime Costs (II)

Uber cuts $120 million after discovering ad fraud...

In a previous blog post, we discussed some of the findings of Anderson et al. (2019) regarding the changes in cybercrime costs, more prominently in the United States and the United Kingdom. We...



Photo by Sharon McCutcheon on Unsplash

Your Files Have Been Encrypted!

Some pieces of information about ransomware attacks

When we talk about ransomware we refer to a very popular kind of malware. A malicious software that being on your computer (also on your mobile device) is capable to encrypt some of your important...



Photo by Andre Benz on Unsplash

Evolution of Cybercrime Costs (I)

Impact of cybercrime today portrays a new landscape

Every year, the Workshop on the Economics of Information Security (WEIS) gathers renowned social and computer scientists (both from and outside academia). In WEIS, the economic implications of...



Photo by Arteum.ro on Unsplash

Caution! Your Password Can Be Mine

A very short introduction to password cracking

Passwords are currently the most popular authentication method in computer systems and IT, and can serve as protection of our private information in email and bank accounts, social networks, and...



Person using a Syringe filled with bad stuff

Tainted love

It's all about sanitization

In several past articles, we have briefly touched on the concept of taint analysis. In this article, we will fill in the knowledge gaps regarding taint analysis which may have resulted from our...



Toasting Marshmallow. Photo by hcmorr on Unsplash: https://unsplash.com/photos/qlHRuDvaxL8

Roasting Kerberos

Attacking a DC using kerberoast

Kerberos is a protocol developed by MIT used to authenticate network services. It is built using secret-key cryptography and uses a trusted third-party server called Authentication Server. This...



handshake

A Conflict of Interest?

You probably don’t see it.

Years ago, we faced something odd in a project: a customer was putting pressure on us while performing a One-Shot Hacking. The manager who hired us demanded preliminary results and made comments...



New York City Skyline

Querier Writeup

How to solve HTB Querier

In my opinion, Querier is a great box. By following the steps below we will learn a bit about Windows (a widely used operating system) pentesting. The challenge begins with a public SMB; this is...




Service status - Terms of Use