Technical Research

Technical Research

Further Adventures in Fortinet Decryption

Mar 8, 2024

In this blog, we examine how the new Fortinet encryption scheme works and provide a tool to decrypt the root filesystem for x86-based FortiOS images.

By Bishop Fox Researchers

Technical Research

CVE-2024-21762 Vulnerability Scanner for FortiGate Firewalls

Mar 1, 2024

Discover vulnerable FortiGate firewalls with the Bishop Fox CVE-2024-21762 vulnerability scanner.

By Bishop Fox Researchers

Technical Research

It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable

Jan 15, 2024

Learn about SonicWall NGFW series 6 and 7 impacted by unauthenticated denial-of-service vulnerabilities with the potential for remote code execution.

By Jon Williams

Technical Research

GWT: Unpatched, Unauthenticated Java Deserialization

Dec 18, 2023

In this blog, learn about an eight year old unpatched and unauthenticated Java deserialization vulnerability in GWT.

By Ben Lincoln

Technical Research

Introducing Swagger Jacker: Auditing OpenAPI Definition Files

Dec 12, 2023

Download Swagger Jacker, an open-source tool made for penetration testers that enables better auditing of OpenAPI definition files.

By Tony West

Technical Research

Cloud Security Podcast Featuring Seth Art: Network Pentest 2.0

Nov 8, 2023

Learn about cloud security and cloud penetration testing in Part 2 of Seth Art's interview with Cloud Security Podcast.

By Seth Art

Technical Research

Cloud Security Podcast Featuring Seth Art: Cloud Pentest of AWS

Nov 1, 2023

Hear insights from Seth Art on how AWS cloud penetration testing improves cloud security and why cloud configuration reviews are not always enough.

By Seth Art

Technical Research

Building an Exploit for FortiGate Vulnerability CVE-2023-27997

Oct 27, 2023

Learn how Bishop Fox built a POC exploit for the pre-authentication remote code injection vulnerability in the Fortinet SSL VPN published by Lexfo.

By Bishop Fox Researchers

Technical Research

Celebrating One Year of CloudFox

Sep 29, 2023

Celebrate CloudFox's one-year anniversary as we reflect on the updates and growth that have occurred over the year including the creation of CloudFoxable.

By Seth Art

Technical Research

Passing the OSEP Exam Using Sliver

Sep 21, 2023

Learn how Bishop Fox senior security expert, Jon Guild, passed the OSEP exam using Sliver.

By Jon Guild

Technical Research

Badge of Shame - Breaking Into Secure Facilities with OSDP

Aug 9, 2023

Learn about five exploitable vulnerabilities we've identified in OSDP and share what defenders can do about them.

By Dan Petro

Technical Research

Analysis and Exploitation of CVE-2023-3519

Aug 4, 2023

Our latest blog offers additional analysis and exploitation of CVE-2023-3519, a critical remote code execution vulnerability in Citrix ADC.

By Caleb Gross

Technical Research

Breaking Fortinet Firmware Encryption

Aug 2, 2023

Check out our latest research on Fortinet products hat breaks encryption on firmware images, leading to improved detection, fingerprinting, and exploit development.

By Jon Williams

Technical Research

Citrix ADC Gateway RCE: CVE-2023-3519 is Exploitable, and 53% of Servers Are Unpatched

Jul 21, 2023

Bishop Fox developed an exploit for CVE-2023-3519, a stack overflow in Citrix ADC Gateway that allows remote code execution. There are 61,000 affected appliances exposed on the internet, and roughly 53% of them are currently unpatched.

By Caleb Gross, Jon Williams

Technical Research

Introducing jsluice: The Why Behind JavaScript Gold Mining (Part 1)

Jul 20, 2023

Learn how to use jsluice, an open-source, Go package and command-line tool used to extract information from JavaScript files and code.

By Tom Hudson

Technical Research

Introducing jsluice: A Technical Deep-Dive for JavaScript Gold (Part 2)

Jul 20, 2023

Join us for a technical deep-dive of jsluice, an open-source mining tool for JavaScript code and files.

By Tom Hudson

Technical Research

CVE-2023-27997 Is Exploitable, and 69% of FortiGate Firewalls Are Vulnerable

Jun 30, 2023

Check out latest analysis for CVE-2023-27997, a heap overflow in FortiOS, the the operating system behind FortiGate firewalls, that allows remote code execution.

By Caleb Gross

Technical Research

CVE-2023-27997 Vulnerability Scanner for FortiGate Firewalls

Jun 20, 2023

Use our latest vulnerability assessment tool to check for CVE-2023-27997, a vulnerability in FortiGate firewalls.

By Caleb Gross

Technical Research

Introducing CloudFoxable: A Gamified Cloud Hacking Sandbox

Jun 13, 2023

Introducing CloudFoxable, an intentionally vulnerable AWS environment created specifically to teach the art of AWS cloud penetration testing, while highlighting CloudFox to help find latent attack paths more effectively.

By Seth Art

Technical Research

Power Up Your Pen Tests: Creating Burp Suite Extensions with the New Montoya API

May 25, 2023

Learn how to power up your pen tests by using the new Montoya API to create Burp Suite extensions from scratch.

By Christopher Cerne

Technical Research

A More Complete Exploit for Fortinet CVE-2022-42475

May 17, 2023

Learn about our unique research focused on CVE-2022-42475 and how an exploit can be built to target a single specific FortiGate appliance running a single specific version of FortiOSbug.

By Carl Livitt, Jon Williams

Technical Research

What the Vuln: EDR Bypass with LoLBins

Mar 23, 2023

Learn more about EDR bypass techniques with Lindsay Von Tish in the second blog of our What the Vuln series.

By Lindsay Von Tish

Technical Research

What the Vuln: Zimbra

Feb 21, 2023

Take a deep dive into Zimbra Zip Path Traversal vulnerability with Carlos Yanez in the first blog of our What the Vuln series.

By Carlos Yanez

Technical Research

Spoofy: An Email Domain Spoofing Tool

Feb 1, 2023

In this blog, take a deep dive into Spoofy, an opensource tool that offers bulk domain lookup based on DMARC and SPF records.

By Matt Keeley