AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started

Security Perspectives

Security Perspective

Behind The CTF Guide “Breaking & Entering: A Pocket Guide for Friendly Remote Admins"

Behind The CTF Guide “Breaking & Entering: A Pocket Guide for Friendly Remote Admins

Oct 6, 2021

I am happy to announce that the PDF version of that CTF guide is now available for download!

By Andy Doering
Security Perspective

A Review of the 2021 CISA and MITRE Vulnerability Lists

A Review of the 2021 CISA and MITRE Vulnerability Lists

Sep 21, 2021

A review of the 2021 CISA and MITRE Vulnerability Lists to understand their similarities and differences, and share our takeaways.

By Britt Kemp
Security Perspective

DEF CON 29 Recap: 9 Talks You May Have Missed

DEF CON 29 Recap: 9 Talks You May Have Missed

Aug 19, 2021

A recap of some of our favorite DEF CON 29 security talks featuring Patrick Wardle, James Kettle, and Bishop Fox's own Hector Cuevas Cruz.

By Britt Kemp
Security Perspective

9 Post-Exploitation Tools for Your Next Penetration Test

9 Post-Exploitation Tools for Your Next Penetration Test

Jul 15, 2021

Nine tools we’ve found useful for our post-exploitation efforts including GhostPack, Metasploit, PowerHub, LOLBAS, Mimikatz, PHPSploit, and more.

By Britt Kemp
Security Perspective

Free Tools and Add-Ons to Explore for Applying DevSecOps in Your Organization

Free Tools and Add-Ons to Explore for Applying DevSecOps in Your Organization

Jun 24, 2021

List of free, built-in, or open-source tools & reference material when planning a move to DevSecOps. It’s a starting point to try within your environment. 

By Tom Eston
Security Perspective

Our Position on the Digital Millennium Copyright Act (DMCA) and the Need to Safeguard Tools for Responsible Security Researchers

Our Position on the Digital Millennium Copyright Act (DMCA) and the Need to Safeguard Tools for Responsible Security Researchers

Jun 23, 2021

Bishop Fox is joining our peers in the security industry in cautioning against Section 1201 of the Digital Millennium Copyright Act (DMCA).

By Bishop Fox
Security Perspective

Why You Need Continuous Testing to Detect Emerging Threats and Discover the Unknowns

Why You Need Continuous Testing to Detect Emerging Threats and Discover the Unknowns

Jun 16, 2021

Learn why continuous testing will become a requirement for most organizations in the near future.

By Bishop Fox
Security Perspective

Applying DevSecOps in Your Organization

Applying DevSecOps in Your Organization

Jun 10, 2021

Tom Eston describes the entire DevSecOps lifecycle and what aspects of tooling and testing you can build into the way your organization develops applications.

By Tom Eston
Security Perspective

New Insights on Supply Chain and Ransomware Attacks From Our Chat With Alex Stamos and Charles Carmakal

New Insights on Supply Chain and Ransomware Attacks From Our Chat With Alex Stamos and Charles Carmakal

Jun 10, 2021

Alex Stamos, Charles Carmakal, & Vinnie Liu discussed the challenges facing supply chain post Solarwinds & Colonial Pipeline attacks. Read their takeaways.

By Bishop Fox, Vincent Liu
Security Perspective

SCOTUS CFAA Ruling: What does it mean for pen testers and security?

SCOTUS CFAA Ruling: What does it mean for pen testers and security?

Jun 4, 2021

Bishop Fox Lead Researcher Dan Petro provides his insights into how the latest CFAA Supreme Court ruling impacts pen testers and security research.

By Dan Petro
Security Perspective

Prepare for Scoping: The Technical Side

Prepare for Scoping: The Technical Side

May 25, 2021

Scoping is an important precursor to a successful security test. Explore the technical considerations needed when choosing a vendor for a network pen test.

By Claire Tills
Security Perspective

CVE Digest for March and April 2021: Exploits Gone Wild

CVE Digest for March and April 2021: Exploits Gone Wild

May 6, 2021

In this CVE recap of March and April 2021, we review more notable unpatched security vulnerabilities attackers are continuing to target in the wild.

By Britt Kemp
Security Perspective

Ham Hacks: Breaking Into Software-defined Radio

Ham Hacks: Breaking Into Software-defined Radio

Apr 29, 2021

Expand hacking skills for software defined radio (SDR), learn radio basics and hardware/software setup, perform demos, and reverse engineer radio signals.

By Kelly Albrink
Security Perspective

9 Red Team Tools For a Successful Red Teaming Engagement

9 Red Team Tools For a Successful Red Teaming Engagement

Apr 13, 2021

Nine tools we’ve found useful for our red teaming engagements including CursedChrome, Sliver, Githound, Stormspotter, DumpsterFire, Overlord, and more.

By Britt Kemp
Security Perspective

Don’t Shortchange Your Organization’s Security With URL Shortener Services

Don’t Shortchange Your Organization’s Security With URL Shortener Services

Apr 6, 2021

URL shortening services can compromise system security and weaken the attack surface. Protect infrastructure and critical data by not using these services.

By Ori Zigindere
Security Perspective

If Your Scope Is Bad, Your Pen Test Will Be Bad

If Your Scope Is Bad, Your Pen Test Will Be Bad

Mar 23, 2021

The quality of an engagement is entirely dependent on the quality of the scoping. If a penetration test doesn’t start with goals, it won't be as successful

By Jessica La Bouve
Security Perspective

ProxyLogon (CVE-2021-26855): 2021’s Top Contender for Vulnerability for the Year (It’s March...)

ProxyLogon (CVE-2021-26855): 2021’s Top Contender for Vulnerability for the Year (It’s March...)

Mar 10, 2021

The attack on Microsoft Exchange servers encompasses several unique vulnerabilities in an attack chain. The impact is critical for multiple reasons.

By Barrett Darnell
Security Perspective

Understanding the Driving Factors of a Pen Test

Understanding the Driving Factors of a Pen Test

Mar 9, 2021

How a pen tester will perform an assessment and determine what assets to attack depends on what’s important to a company's security strategy and investment.

By Dan Petro
Security Perspective

The Evolution of the Red Team

The Evolution of the Red Team

Mar 3, 2021

Bishop Fox believes Red Teams can deliver even more value and prevent attacks by integrating Red Teaming services with risk analysis and threat modeling.

By Todd Kendall
Security Perspective

CVE Digest for January and February 2021: Buffer Overflows Take the Spotlight

CVE Digest for January and February 2021: Buffer Overflows Take the Spotlight

Mar 1, 2021

In this CVE recap of January and part of February 2021, we review notable security vulnerabilities that can threaten an organization's attack surface.

By Britt Kemp
Security Perspective

What We Can Learn from the Accellion Breach

What We Can Learn from the Accellion Breach

Feb 23, 2021

News about the recent Jones Day/Accellion vendor data breach highlights just how difficult third-party risk management (TPRM) is in practice.

By Joe Sechman
Security Perspective

Choosing the Right Modern Application Security Tools

Choosing the Right Modern Application Security Tools

Feb 23, 2021

Tom Eston describes how a combination of manual and automated application security tools can best support the way your organization develops applications.

By Tom Eston
Security Perspective

When to Engage a Red Team

When to Engage a Red Team

Feb 16, 2021

Engage with a Red Team to uncover business risks and vulnerabilities, improve your defenses and security, and strategize and protect your environment.

By Todd Kendall
Security Perspective

Preparing for the Google Partner Program Security Test

Preparing for the Google Partner Program Security Test

Feb 9, 2021

This Self-Assessment covers common threats to prep for the Google Partner Program assessment, that validates the security of Google partners’ applications.

By Zach Moreno
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.