AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started

Technical Research

Technical Research

Power Up Your Pen Tests: Creating Burp Suite Extensions with the New Montoya API

Power Up Your Pen Tests: Creating Burp Suite Extensions with the New Montoya API

May 25, 2023

Learn how to power up your pen tests by using the new Montoya API to create Burp Suite extensions from scratch.

By Christopher Cerne
Technical Research

A More Complete Exploit for Fortinet CVE-2022-42475

A More Complete Exploit for Fortinet CVE-2022-42475

May 17, 2023

Learn about our unique research focused on CVE-2022-42475 and how an exploit can be built to target a single specific FortiGate appliance running a single specific version of FortiOSbug.

By Carl Livitt, Jon Williams
Technical Research

What the Vuln: EDR Bypass with LoLBins

What the Vuln: EDR Bypass with LoLBins

Mar 23, 2023

Learn more about EDR bypass techniques with Lindsay Von Tish in the second blog of our What the Vuln series.

By Lindsay Von Tish
Technical Research

What the Vuln: Zimbra

What the Vuln: Zimbra

Feb 21, 2023

Take a deep dive into Zimbra Zip Path Traversal vulnerability with Carlos Yanez in the first blog of our What the Vuln series.

By Carlos Yanez
Technical Research

Spoofy: An Email Domain Spoofing Tool

Spoofy: An Email Domain Spoofing Tool

Feb 1, 2023

In this blog, take a deep dive into Spoofy, an opensource tool that offers bulk domain lookup based on DMARC and SPF records.

By Matt Keeley
Technical Research

Cloud Penetration: Not Your Typical Internal Testing

Cloud Penetration: Not Your Typical Internal Testing

Jan 10, 2023

Learn what it is like to be a cloud penetration tester from our expert, Seth Art.

By Seth Art
Technical Research

160K COVID-19 Records: Vulnerability in Avicena Medical Laboratory

160K COVID-19 Records: Vulnerability in Avicena Medical Laboratory

Dec 9, 2022

In this blog, learn how Bishop Fox discovered vulnerabilities in Kosovo's Avicena Medical Laboratory revealing patients' COVID-19 records.

By Dardan Prebreza
Technical Research

The State of Vulnerabilities in 2022

The State of Vulnerabilities in 2022

Oct 19, 2022

Is your organization concerned with security vulnerabilities? Read on as we examine publicly disclosed reports to understand the most frequent vulnerability types, the highest-disclosed bounties, and more.

By Carlos Yanez
Technical Research

(In)Secure by Design

(In)Secure by Design

Sep 22, 2022

Learn how your organization can improve application security by applying secure design patterns, avoiding anti-patterns, and adding security architecture analysis.

By Chris Bush, Shanni Prutchi
Technical Research

Introducing: CloudFox

Introducing: CloudFox

Sep 13, 2022

Introducing CloudFox, a command line tool created to help offensive security professionals find exploitable attack paths in cloud infrastructure.

By Seth Art, Carlos Vendramini
Technical Research

Solving the Unredacter Challenge

Solving the Unredacter Challenge

Sep 8, 2022

We asked you to take our Unredacter Challenge, in which we asked you to get creative and devise a way to solve our blurred secret message! Watch as Shawn A., one of our Unredacter Challenge winners, showcases his solution.

By Shawn Asmus
Technical Research

You're (Still) Doing IoT RNG

You're (Still) Doing IoT RNG

Aug 24, 2022

In this blog, we follow up on the systemic problem of insecure use of random number generators (RNGs) in the Internet of Things (IoT) industry.

By Dan Petro
Technical Research

An Introduction to Bluetooth Security

An Introduction to Bluetooth Security

Jun 27, 2022

Check out our latest blog to learn about Bluetooth Low Energy (BLE) - the BLE stack, how to pen test against it, and why you should get familiar with this technology.

By Saul Arias Mendez
Technical Research

Using CloudTrail to Pivot to AWS Accounts

Using CloudTrail to Pivot to AWS Accounts

Jun 7, 2022

In this blog, we look at how we can utilize the AWS CloudTrail service to discover other AWS accounts that we could pivot to.

By Gerben Kleijn
Technical Research

ripgen: Taking the Guesswork Out of Subdomain Discovery

ripgen: Taking the Guesswork Out of Subdomain Discovery

Jun 1, 2022

ripgen is a super-fast subdomain permutation discovery tool that helps map the full scope of an attack surface. Learn how our Cosmos team uses ripgen to uncover unknown subdomain findings in our clients' environments.

By Justin Rhinehart, Joe Sechman
Technical Research

Call of DeFi: The Battleground of Blockchain

Call of DeFi: The Battleground of Blockchain

May 24, 2022

Last year, decentralized finance (DeFi) grew tremendously, not only in usage, but also in cybersecurity attack. To understand the risks of these new blockchain technologies and use cases, we analyzed the main hacks that occurred in 2021.

By Dylan Dubief
Technical Research

Ruby Vulnerabilities: Exploiting Dangerous Open, Send and Deserialization Operations

Ruby Vulnerabilities: Exploiting Dangerous Open, Send and Deserialization Operations

May 17, 2022

Managing Sr. Consultant Ben Lincoln tested a Ruby on Rails application that was vulnerable to three of the most common types of Ruby-specific RCE vulnerabilities. Here is a walkthrough and new test harness that you can use to enable more efficient web application exploitation.

By Ben Lincoln
Technical Research

Our Top 9 Favorite Fuzzers

Our Top 9 Favorite Fuzzers

Apr 19, 2022

In keeping with our new tradition of crowdsourcing pen testing tool topics, it became clear that you wanted more on fuzzing! Learn which fuzzing tools are our pen testers' favorites to add to your security toolbox.

By Britt Kemp
Technical Research

Nuclei: Packing a Punch with Vulnerability Scanning

Nuclei: Packing a Punch with Vulnerability Scanning

Apr 5, 2022

Nuclei is one of our favorite tools to run more speedy, efficient, customized, AND accurate multi-protocol vulnerability scanning. Learn how our teams use this tool to uncover risks in our clients' environments.

By Matt Thoreson, David Bravo, Zach Zeitlin, Sandeep Singh
Technical Research

Reports from the Field: Part 3

Reports from the Field: Part 3

Mar 22, 2022

In the third part of our “Reports from the Field” series, we’ll explore how attackers utilize all tools available (including open source) to dig for an exploit.

By Wes Hutcherson
Technical Research

Reports from the Field: Part 2

Reports from the Field: Part 2

Mar 8, 2022

In the second part of our “Reports from the Field” series, we’ll explore exposed configuration files. If you want to check out our first part on reused credentials, visit: Reports from the Field, Part 1.

By Wes Hutcherson
Technical Research

Reports from the Field: Part 1

Reports from the Field: Part 1

Mar 1, 2022

In this three-part series, we’ll describe real-world examples that showcase how perceived ‘low-risk’ vulnerabilities can turn into critical, business-impacting issues – especially through attack chaining.

By Wes Hutcherson
Technical Research

Never, Ever, Ever Use Pixelation for Redacting Text

Never, Ever, Ever Use Pixelation for Redacting Text

Feb 15, 2022

You can’t read what pixelated text says... right? Think again; Dan Petro explains how pixelation works, why it’s a terrible redaction technique, and how our tool Unredacter can actually reverse pixelated text.

By Dan Petro
Technical Research

Creating an Exploit: SolarWinds Vulnerability CVE-2021-35211

Creating an Exploit: SolarWinds Vulnerability CVE-2021-35211

Jan 13, 2022

Sometimes, our Cosmos team creates custom exploits for particular CVEs as requested by clients. In this case, Carl Livitt created an exploit for CVE-2021-3521; here, he shares his thought process behind creating a ROP-based exploit for Serv-U FTP v15.2.3.717 on modern Windows systems.

By Carl Livitt
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.