Technical Research

Technical Research

Sitecore Experience Platform Vulnerabilities: Critical Update Needed for Versions 10.1 to 10.3

Jun 26, 2025

Critical vulnerabilities in Sitecore Experience Platform versions 10.1–10.3 could allow unauthenticated attackers to gain full system access through a simple exploit chain. Learn what’s at risk—and how to defend against it.

By Bishop Fox Researchers

Technical Research

Sipping from the CVE Firehose: How We Prioritize Emerging Threats for Real-World Impact

Jun 25, 2025

With tens of thousands of CVEs flooding in each year, how do you spot the ones that actually matter? At Bishop Fox, we’ve built a smarter way to cut through the noise and act fast on real-world threats. Here’s how we prioritize CVEs that truly impact our customers.

By Nate Robb

Technical Research

2025 Red Team Tools – Cloud & Identity Exploitation, Evasion & Developer Libraries

Jun 18, 2025

Explore the next wave of Red Team tools focused on cloud, identity, evasion, and developer libraries—where stealth, creativity, and adaptability matter more than flashy features. Learn how Bishop Fox operators turn techniques into strategic advantage.

By Bishop Fox

Technical Research

2025 Red Team Tools – C2 Frameworks, Active Directory & Network Exploitation

Jun 4, 2025

Explore our top Red Team tools for 2025—from powerful C2 frameworks to Active Directory and network exploitation utilities. Built for real-world adversary emulation, this toolkit is your edge in offensive security. Dive into part one of our expert-curated series.

By Bishop Fox

Technical Research

Before You Red Team: Fix These 5 Common Mistakes

May 9, 2025

Attackers exploit the same 5 mistakes time and again. Red Teams spot the patterns, in this blog you will learn how to fix what adversaries count on.

By Trevin Edgeworth

Technical Research

Epic Fails and Heist Tales: A Red Teamer’s Journey to Deadwood

Mar 31, 2025

Bishop Fox's, Alethe Denis, recaps and provides key insights from her talk, Epic Fails and Heist Tales: Red Teaming Toward Truly Tested Security, at Wild West Hackin' Fest.

By Alethe Denis

Technical Research

Rust for Malware Development

Mar 24, 2025

In this blog, Bishop Fox's Nick Cerne, will compare developing malware in Rust compared to its C counterparts and develop a simple malware dropper for demonstration.

By Nick Cerne

Technical Research

SonicWall-CVE-2024-53704: Exploit Details

Mar 21, 2025

Bishop Fox researcher, Jon Williams, explains how they successfully exploited CVE-2024-53704, an authentication bypass in unpatched SonicWall firewalls.

By Jon Williams

Technical Research

Tomcat CVE-2025-24813: What You Need to Know

Mar 18, 2025

A breakdown of CVE-2025-24813 in Apache Tomcat—what it is, who’s actually at risk, and why most users likely aren’t affected. Keep calm and patch your servers.

By Jon Williams

Technical Research

Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware

Feb 24, 2025

Bishop Fox researchers successfully reverse-engineered the encryption protecting SonicWall SonicOSX firmware, gaining access to the underlying file system.

By Jon Williams

Technical Research

SonicWall CVE-2024-53704: SSL VPN Session Hijacking

Feb 10, 2025

Bishop Fox researchers have successfully exploited CVE-2024-53704, an authentication bypass affecting the SSL VPN component of unpatched SonicWall firewalls.

By Jon Williams

Technical Research

raink: Use LLMs for Document Ranking

Jan 14, 2025

Learn how Bishop Fox's open-source ranking algorithm, raink, can be used to solve general ranking problems that are difficult for LLMs to process.

By Caleb Gross

Technical Research

Cyber Mirage: How AI is Shaping the Future of Social Engineering

Jan 8, 2025

Bishop Fox explores the escalating threat of AI-driven deepfakes in social engineering attacks, highlighting their potential to deceive individuals and organizations by impersonating trusted figures through hyper-realistic audio and video fabrications.

By Brandon Kovacs

Technical Research

Current State of SonicWall Exposure: Firmware Decryption Unlocks New Insights

Dec 13, 2024

Discover Bishop Fox's survey on the current state of SonicWall appliances on the public internet.

By Bishop Fox Researchers

Technical Research

Sonicwall Firmware Deep Dive - SWI Firmware Decryption

Dec 2, 2024

Discover Bishop Fox in-depth analysis of SonicWall firewalls, revealing critical insights into firmware security and vulnerability.

By Bishop Fox Researchers

Technical Research

The Growing Concern of API Security

Nov 27, 2024

Explore concerns around API security, its unique vulnerabilities, and the need for tailored protection against evolving threats in an API-driven world.

By Robert Punnett, Nicholas Beacham

Technical Research

A Brief Look at FortiJump (FortiManager CVE-2024-47575)

Nov 1, 2024

The recent discovery of FortiJump (CVE-2024-47575) highlights a critical vulnerability exploited in the wild, prompting an urgent need to understand its impact on centralized management devices. Take a deeper look with Bishop Fox experts.

By Bishop Fox Researchers

Technical Research

Broken Hill: A Productionized Greedy Coordinate Gradient Attack Tool for Use Against Large Language Models

Sep 24, 2024

Walkthrough the GCG attack at a high level and be introduced to Broken Hill – Bishop Fox’s newly-released tool that can perform the GCG attack against a variety of popular LLMs.

By Ben Lincoln

Technical Research

Exploring Large Language Models: Local LLM CTF & Lab

Sep 11, 2024

Explore research on isolating functional expectations for LLMs using a controller to manage access between privileged and quarantined LLMs.

By Derek Rush

Technical Research

Product Security Review Methodology for Traeger Grill Hack

Jul 2, 2024

Read for an in-depth analysis of the Traeger Grill hack, uncovering the vulnerabilities that could compromise your grill's security and how they were addressed.

By Nick Cerne

Technical Research

The Unmask IAM Permission: API Gateway Access Logging

Jun 6, 2024

Unlock the secrets to securing your AWS environment! Learn the intricacies of IAM permissions and how to protect your Amazon API Gateway access logs.

By Chris Scrivana

Technical Research

PAN-OS CVE-2024-3400: Patch Your Palo Alto Firewalls

Apr 19, 2024

Bishop Fox shares limited details about mitigation bypasses for PAN-OS CVE-2024-3400 in an effort to be maximally useful for defenders, while minimally useful for opportunistic attackers.

By Bishop Fox Researchers

Technical Research

The iSOON Disclosure: Exploring the Integrated Operations Platform

Mar 21, 2024

In this blog, examine the iSoon data disclosure from an offensive security perspective.

By Bishop Fox Researchers

Technical Research

Poisoned Pipeline Execution Attacks: A Look at CI-CD Environments

Mar 19, 2024

In this blog, we examine three types of poisoned pipeline execution (PPE) attacks, methods to exploit these types of vulnerabilities, and recommended preventive measures.

By Sebastian Guerrero