Technical Research

Technical Research

Cloud Penetration: Not Your Typical Internal Testing

Jan 10, 2023

Learn what it is like to be a cloud penetration tester from our expert, Seth Art.

By Seth Art

Technical Research

160K COVID-19 Records: Vulnerability in Avicena Medical Laboratory

Dec 9, 2022

In this blog, learn how Bishop Fox discovered vulnerabilities in Kosovo's Avicena Medical Laboratory revealing patients' COVID-19 records.

By Dardan Prebreza

Technical Research

The State of Vulnerabilities in 2022

Oct 19, 2022

Is your organization concerned with security vulnerabilities? Read on as we examine publicly disclosed reports to understand the most frequent vulnerability types, the highest-disclosed bounties, and more.

By Carlos Yanez

Technical Research

(In)Secure by Design

Sep 22, 2022

Learn how your organization can improve application security by applying secure design patterns, avoiding anti-patterns, and adding security architecture analysis.

By Chris Bush, Shanni Prutchi

Technical Research

Introducing: CloudFox

Sep 13, 2022

Introducing CloudFox, a command line tool created to help offensive security professionals find exploitable attack paths in cloud infrastructure.

By Seth Art, Carlos Vendramini

Technical Research

Solving the Unredacter Challenge

Sep 8, 2022

We asked you to take our Unredacter Challenge, in which we asked you to get creative and devise a way to solve our blurred secret message! Watch as Shawn A., one of our Unredacter Challenge winners, showcases his solution.

By Shawn Asmus

Technical Research

You're (Still) Doing IoT RNG

Aug 24, 2022

In this blog, we follow up on the systemic problem of insecure use of random number generators (RNGs) in the Internet of Things (IoT) industry.

By Dan Petro

Technical Research

An Introduction to Bluetooth Security

Jun 27, 2022

Check out our latest blog to learn about Bluetooth Low Energy (BLE) - the BLE stack, how to pen test against it, and why you should get familiar with this technology.

By Saul Arias Mendez

Technical Research

Using CloudTrail to Pivot to AWS Accounts

Jun 7, 2022

In this blog, we look at how we can utilize the AWS CloudTrail service to discover other AWS accounts that we could pivot to.

By Gerben Kleijn

Technical Research

ripgen: Taking the Guesswork Out of Subdomain Discovery

Jun 1, 2022

ripgen is a super-fast subdomain permutation discovery tool that helps map the full scope of an attack surface. Learn how our Cosmos team uses ripgen to uncover unknown subdomain findings in our clients' environments.

By Justin Rhinehart, Joe Sechman

Technical Research

Call of DeFi: The Battleground of Blockchain

May 24, 2022

Last year, decentralized finance (DeFi) grew tremendously, not only in usage, but also in cybersecurity attack. To understand the risks of these new blockchain technologies and use cases, we analyzed the main hacks that occurred in 2021.

By Dylan Dubief

Technical Research

Ruby Vulnerabilities: Exploiting Dangerous Open, Send and Deserialization Operations

May 17, 2022

Managing Sr. Consultant Ben Lincoln tested a Ruby on Rails application that was vulnerable to three of the most common types of Ruby-specific RCE vulnerabilities. Here is a walkthrough and new test harness that you can use to enable more efficient web application exploitation.

By Ben Lincoln

Technical Research

Our Top 9 Favorite Fuzzers

Apr 19, 2022

In keeping with our new tradition of crowdsourcing pen testing tool topics, it became clear that you wanted more on fuzzing! Learn which fuzzing tools are our pen testers' favorites to add to your security toolbox.

By Britt Kemp

Technical Research

Nuclei: Packing a Punch with Vulnerability Scanning

Apr 5, 2022

Nuclei is one of our favorite tools to run more speedy, efficient, customized, AND accurate multi-protocol vulnerability scanning. Learn how our teams use this tool to uncover risks in our clients' environments.

By Matt Thoreson, David Bravo, Zach Zeitlin, Sandeep Singh

Technical Research

Reports from the Field: Part 3

Mar 22, 2022

In the third part of our “Reports from the Field” series, we’ll explore how attackers utilize all tools available (including open source) to dig for an exploit.

By Wes Hutcherson

Technical Research

Reports from the Field: Part 2

Mar 8, 2022

In the second part of our “Reports from the Field” series, we’ll explore exposed configuration files. If you want to check out our first part on reused credentials, visit: Reports from the Field, Part 1.

By Wes Hutcherson

Technical Research

Reports from the Field: Part 1

Mar 1, 2022

In this three-part series, we’ll describe real-world examples that showcase how perceived ‘low-risk’ vulnerabilities can turn into critical, business-impacting issues – especially through attack chaining.

By Wes Hutcherson

Technical Research

Never, Ever, Ever Use Pixelation for Redacting Text

Feb 15, 2022

You can’t read what pixelated text says... right? Think again; Dan Petro explains how pixelation works, why it’s a terrible redaction technique, and how our tool Unredacter can actually reverse pixelated text.

By Dan Petro

Technical Research

Creating an Exploit: SolarWinds Vulnerability CVE-2021-35211

Jan 13, 2022

Sometimes, our Cosmos team creates custom exploits for particular CVEs as requested by clients. In this case, Carl Livitt created an exploit for CVE-2021-3521; here, he shares his thought process behind creating a ROP-based exploit for Serv-U FTP v15.2.3.717 on modern Windows systems.

By Carl Livitt

Technical Research

Zero-Day Collaboration: Working With Imperva to Eliminate a Critical Exposure

Jan 11, 2022

The Bishop Fox Cosmos Adversarial Operations experts identified a WAF rule bypass in the Imperva Cloud Web Application Firewall. Discover how offensive and defensive security organizations can combine forces to ensure the best outcomes for organizations and continually improve security.

By Carl Livitt

Technical Research

How Bishop Fox Has Been Identifying and Exploiting Log4shell

Dec 27, 2021

Like you, Bishop Fox was racing against the clock to identify as many instance of the Log4j vulnerability for our clients as we could. Take a look at last week's craziness and our testing methodology.

By Dan Petro

Technical Research

XMPP: An Under-appreciated Attack Surface

Dec 6, 2021

Misconfigured XMPP (aka Jabber) servers may not be the most common service you encounter during pen tests, but they can prove valuable. Misconfigured XMPP servers are an excellent way to retrieve sensitive data from a company, establish a foothold in their infrastructure, and inform further attacks.

By Zach Julian

Technical Research

Eyeballer 2.0 Web Interface and Other New Features

Nov 15, 2021

Eyeballer, our open source AI-powered tool, just got a few updates. See what that entails and learn how to effectively use the tool.

By Dan Petro

Technical Research

A Snapshot of CAST in Action: Automating API Token Testing

Oct 21, 2021

While investigating our clients’ attack surfaces, I find myself repeating tasks frequently enough to demonstrate a need for automation, yet not frequently enough to justify the time needed to develop an automated solution.

By Zach Zeitlin