Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us
GET A DEMO
Broken blue ceramic plate on Unsplash: https://unsplash.com/photos/WdJkXFQ4VHY

Debug like a Boss

Should CEOs discuss software defects?

You wake up, and probably check your smartphone immediately. Chances are you already have smart devices at home; like light bulbs, you turn on and off from the same smartphone. You often check...



Turned on Android smartphone. Photo by Pathum Danthanarayana on Unsplash: https://unsplash.com/photos/t8TOMKe6xZU

Intercepting Android

Intercept applications in newer Android phones

Android is an operating system based on the Linux kernel and used by mobile devices such as smartphones and tablets. Due to its popularity, it is the major target for hackers. One of their common...



Photo by camilo jimenez on Unsplash: https://unsplash.com/photos/vGu08RYjO-s

Triage for Hackers

Prioritize code auditing via ML

Based upon our last experiment, in this article, I will provide a global vision of how our ML for vulnerability discovery approach should work. First, what problem would this solve? I am repeating...



Multicolored hallway. Photo by Efe Kurnaz on Unsplash: https://unsplash.com/photos/RnCPiXixooY

Do we need a Purple Team?

Understanding Purple Teams

A good way to think of Purple Teams is that they are a mixture of Red or sword, and Blue or shield teams in pentesting processes. They are professional hackers that simulate attacks and protect an...



Photo by Rishi Deep on Unsplash: https://unsplash.com/photos/WiCvC9u7OpE

Vulnerability classifiers

A pipeline to classify vulnerable code

After our first encounter with the Python machine learning ecosystem, we are ready for a first attempt at creating a vulnerability classifier from samples of labeled code. Our objective is to...



Photo by NESA by Makers on Unsplash

Sastisfying App Security

An introduction to SAST

SAST is a type of white box test in which a set of technologies is used to analyze the source code, byte code or the application binaries in order to reveal known security vulnerabilities that can...



Foosball red vs blue. Photo by Stefan Steinbauer on Unsplash: https://unsplash.com/photos/va-B5dBbpr4

Red Team exercise

What is a Red Team exercise?

Red Team refers to a team of professional hackers that attempts to access a system through simulating a cyberattack. During a Red Team exercise each team member plays a specific role while the...



Digital heart beat monitor on Unsplash https://unsplash.com/photos/0lrJo37r6Nk

HealthTech Protection

How healthcare breakthroughs could help cybersecurity

Many startups are achieving success by redefining how the economy works. Xtechs (financial, health, insurance, among others) are reducing operational costs and delivering more value to customers,...



Bookshelf with some books

Learning how to code

A chat with Ricardo Yepes. Part 2.

We continue our conversation with Ricardo. We threw him a question that was the source of interesting debates at Fluid Attacks some time ago. Should a company invest in security awareness...



Bookshelf with some books

We need more training in basic stuff

A chat with Ricardo Yepes. Part 1.

Ricardo is a DevOps engineer in Australia. Previously, he worked for Fluid Attacks as a security analyst and instructor. He also spent a couple of years developing and maintaining an educational...



Toasting Marshmallow. Photo by hcmorr on Unsplash: https://unsplash.com/photos/qlHRuDvaxL8

Roasting Kerberos

Attacking a DC using kerberoast

Kerberos is a protocol developed by the MIT used to authenticate network services, is built using secret key cryptography and using a trusted third party server (named Authentication Server). This...



handshake

A Conflict of Interest?

You probably don’t see it.

Years ago, we faced something odd in a project: a customer was putting pressure on us while performing a One-Shot Hacking. The manager who hired us demanded preliminary results and made comments...




Service status - Terms of Use