Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us
Photo by Ingo Stiller on Unsplash

Discovering Security Champions

Six recommendations for SecDevOps from Carnegie Mellon

I recently attended a webcast from Carnegie Mellon University entitled "At What Point Does DevSecOps Become Too Risky for the Business?" (I’m not sure if this was the appropriate title, but I...

Plague doctor injection. Photo by Sara Kurfeß on Unsplash: https://unsplash.com/photos/55HNtDVObk8

Manual SQLi Bypass

Bypassing SQLi filters manually

Among the most recurring vulnerabilities are injection flaws, not for nothing they are first in the OWASP Top Ten list. This type of vulnerability can disrupt your entire security and...

Photo by Sebastian Pena Lambarri on Unsplash

Everyone Is Responsible for SEC

An overview of DevSecOps, better SecDevOps

We recently published a post about 'DevOps.' At the end of it, we asked about the inclusion of security in this methodology of continuous integration and deployment. Consequently, we refer to the...

Blacksmith. Photo by Hannah Gibbs on Unsplash: https://unsplash.com/photos/BINLgyrG_fI

Understanding SSRF

Attacking a web server using SSRF

Many web applications request outside services for data, configurations, updates, among others. This is beneficial for the developers and maintainers because it keeps separation of duties in their...

Photo by Michael Fenton on Unsplash

Breaking Down DevOps

The central components of DevOps definition

DevOps is a predominant phenomenon, a new way of thinking and working in software engineering that is receiving a lot of attention nowadays. The word DevOps a combination of the words...

Photo by Glen Hooper on Unsplash

Trust Nothing, Verify Everything

Sharing at least a modicum about phishing attacks

The current global situation with the coronavirus or COVID-19 has led many of us to respond with our work from home. Amidst so much uncertainty, there are many of us who could be looking for...

New York City Skyline

Querier Writeup

How to solve HTB Querier

In my opinion, Querier is a great box. By following the steps below we will learn a bit about Windows (a widely used operating system) pentesting. The challenge begins with a public SMB; this is...

Fluid Attacks, Among the Top Global Leaders 2018

Among the Top Global Leaders 2018

Fluid Attacks, a top cybersecurity company

In an era where IT companies and business services are diverse, realizing which companies have the best performance on service delivery is crucial when buying services from companies that...

Hand holding a pirate toy

Bounty Writeup

How to resolve HTB Bounty

Scanning Phase First, we check the IP of the Bounty machine and try a ping to see if we have access. ping host$ ping -c2 Then, we scan the ports with nmap. In this case, we’re going to...

Developers programming in an office

DevOops Writeup

How to resolve HTB DevOops

Scanning Phase First, we check the IP of the DevOops machine and try a ping to see if we have access. Then, we scan the ports with nmap. In this case, we’re going to use basic nmap. port scannning...

Blank CSV document icon

Is that CSV Secure?

Defining CSV injection vulnerabilities

Comma-Separated Values file (or CSV) is a type of file that stores tabular data, numbers and text in plain text. Each line of the file is a data record and each record consists of one or more...

Chess piece different from the others

Conserving your identity

Using WS-Security to secure your web apps

In the digital era everything is or has a web application. Web apps are no longer just about content delivery, they have evolved to solve complex business needs and have become a mechanism for...

Service status - Terms of Use