Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us
Plague doctor injection. Photo by Sara Kurfeß on Unsplash: https://unsplash.com/photos/55HNtDVObk8

Manual SQLi Bypass

Bypassing SQLi filters manually

Among the most recurring vulnerabilities are injection flaws, not for nothing they are first in the OWASP Top Ten list. This type of vulnerability can disrupt your entire security and...

Blacksmith. Photo by Hannah Gibbs on Unsplash: https://unsplash.com/photos/BINLgyrG_fI

Understanding SSRF

Attacking a web server using SSRF

Many web applications request outside services for data, configurations, updates, among others. This is beneficial for the developers and maintainers because it keeps separation of duties in their...

Click pen and magnifying glass on book page. Photo by Joao Silas on Unsplash: https://unsplash.com/photos/I_LgQ8JZFGE

Search the History

Searching for credentials in a repository

At the moment, every company that develops their own product is sure that they are using some form of a source control management tool. This is used to track modifications to a source code...

Photo by Jeremy Thomas on Unsplash

Effective Vulnerability Triage

BDSA and various data points for prioritization

Here at the beginning, we give you the link for the Synopsys' webinar. As Dale Gardner pointed out in November of last year: "Open-source software is increasingly used by development teams to...

Photo by Tyler Nix on Unsplash

Have You Noticed the PII Leakage?

WhiteHat: the more you collect, the higher the risk

I want to start with this sentence that Khare gave us days before the webinar (which you can access here) in a blog post (link here): “Mobile app owners and developers are receiving a failing...

Photo by David Kovalenko on Unsplash

Continuous Search for the Unknown

ForAllSecure on the Next-Generation fuzzing

First of all, we give you the links where you can find the webinar video and the copy of the document —both from ForAllSecure. Almost everything expressed below is based on both sources. In the...

Red wooden mailbox near green leaf plan. Photo by Bundo Kim on Unsplash.

Respond the Name

Attacking a network using Responder

Link Local Multicast Name Resolution (LLMNR) and NetBIOS Name Service (NBT-NS) are two name resolution protocols that help Windows hosts to find address names from other devices on the network....

Photo by Johannes Plenio on Unsplash

Evolution of Cybersecurity Testing

Lumu's tip on continuous compromise assessment

The activity of cybersecurity testing at present, according to the information given to us by Sylvester and Cuervo, can prompt us to remember its beginnings. Among them, for example, what was...

Photo by Erda Estremera on Unsplash

Opening the Program's Box

General ideas about Software Reverse Engineering

Just by curiosity, a child today may take a device and disassemble it. Possibly wondering what elements are inside and how they come together to work. Something similar can be done by an adult in...

Photo by Terry Vlisidis on Unsplash

Penetration Testing as a Service

NetSPI's 'advice': better platforms for PTaaS

Today, cybersecurity risks are becoming prominent, growing year by year, affecting large numbers of organizations. Many of them have not maintained basic security principles in favor of their...

Photo by Jp Valery on Unsplash

Evolution of Cybercrime Costs (II)

Uber cuts $120 million after discovering ad fraud...

In a previous blog post, we discussed some of the findings of Anderson et al. (2019) regarding the changes in cybercrime costs, more prominently in the United States and the United Kingdom. We...

Photo by Sharon McCutcheon on Unsplash

Your Files Have Been Encrypted!

Some pieces of information about ransomware attacks

When we talk about ransomware we refer to a very popular kind of malware. A malicious software that being on your computer (also on your mobile device) is capable to encrypt some of your important...

Service status - Terms of Use