AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started

Technical Research

Technical Research

Eyeballer 2.0 Web Interface and Other New Features

Eyeballer 2.0 Web Interface and Other New Features

Nov 15, 2021

Eyeballer, our open source AI-powered tool, just got a few updates. See what that entails and learn how to effectively use the tool.

By Dan Petro
Technical Research

A Snapshot of CAST in Action: Automating API Token Testing

A Snapshot of CAST in Action: Automating API Token Testing

Oct 21, 2021

While investigating our clients’ attack surfaces, I find myself repeating tasks frequently enough to demonstrate a need for automation, yet not frequently enough to justify the time needed to develop an automated solution.

By Zach Zeitlin
Technical Research

An Intro to Fuzzing (AKA Fuzz Testing)

An Intro to Fuzzing (AKA Fuzz Testing)

Sep 28, 2021

Learn everything you need to know about fuzzing, including who should fuzz, what types of fuzzers exist, how to write a good harness, and more.

By Matt Keeley
Technical Research

IAM Vulnerable - Assessing the AWS Assessment Tools

IAM Vulnerable - Assessing the AWS Assessment Tools

Sep 23, 2021

In a follow up to his IAM Vulnerable tool, Seth Art examines the identification aspect of IAM privilege escalation and reviews IAM privesc assessment tools

By Seth Art
Technical Research

IAM Vulnerable - An AWS IAM Privilege Escalation Playground

IAM Vulnerable - An AWS IAM Privilege Escalation Playground

Sep 9, 2021

The IAM Vulnerable tool helps you learn how to identify and then exploit intentionally vulnerable IAM configurations that allow for privilege escalation.

By Seth Art
Technical Research

You're Doing IoT RNG

You're Doing IoT RNG

Aug 5, 2021

Learn why hardware random number generators (RNG) used by billions of IoT devices to create encryption keys don't always generate random numbers.

By Dan Petro, Allan Cecil
Technical Research

LEXSS: Bypassing Lexical Parsing Security Controls

LEXSS: Bypassing Lexical Parsing Security Controls

Jun 22, 2021

Technical details of achieving cross-site scripting (XSS) attacks by using HTML parsing logic where lexical parsers are used to nullify dangerous content.

By Chris Davis
Technical Research

An Exploration of JSON Interoperability Vulnerabilities

An Exploration of JSON Interoperability Vulnerabilities

Feb 25, 2021

Learn more about how the same JSON document can be parsed with different values across microservices, leading to a variety of potential security risks.

By Jake Miller
Technical Research

Bad Pods: Kubernetes Pod Privilege Escalation

Bad Pods: Kubernetes Pod Privilege Escalation

Jan 19, 2021

Seth Art discusses the impact of overly permissive pod security policies and the importance of applying restrictive controls around pod creation by default

By Seth Art
Technical Research

Lessons Learned on Brute-forcing RMI-IIOP With RMIScout

Lessons Learned on Brute-forcing RMI-IIOP With RMIScout

Dec 8, 2020

New features that have been added to RMIScout, a pen testing tool that performs wordlist and brute-force attacks against exposed Java RMI interfaces .

By Jake Miller
Technical Research

Design Considerations for Secure GraphQL APIs

Design Considerations for Secure GraphQL APIs

Sep 28, 2020

Discusses security risks and bugs to GraphQL deployments and migrations and covers high-risk authorization vulnerabilities and less familiar SSRF issues.

By Jake Miller
Technical Research

Design Considerations for Secure Cloud Deployment

Design Considerations for Secure Cloud Deployment

Sep 15, 2020

Guidance on how to design a secure cloud deployment including reducing attack surface, simplifying maintenance, and ways to catch mistakes in the future.

By Jake Miller
Technical Research

h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)

h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)

Sep 8, 2020

Demonstrating how upgrading HTTP/1.1 connections to lesser-known HTTP/2 over cleartext (h2c) connections can allow a bypass of edge-proxy access controls.

By Jake Miller
Technical Research

Breaking HTTPS in the IoT: Practical Attacks For Reverse Engineers

Breaking HTTPS in the IoT: Practical Attacks For Reverse Engineers

Jun 30, 2020

Bishop Fox's Nathan Elendt discusses three attack techniques for performing Man-in-the Middle attacks against production-grade, HTTPS-protected Things.

By Nathan Elendt
Technical Research

How to Set Up Your Hardware Lab

How to Set Up Your Hardware Lab

Jun 23, 2020

Jordan Parkin discusses hardware hacking and the tools and equipment for setting up a budget-friendly lab for product security reviews and device research.

By Jordan Parkin
Technical Research

RMIScout: Safely and Quickly Brute-Force Java RMI Interfaces for Code Execution

RMIScout: Safely and Quickly Brute-Force Java RMI Interfaces for Code Execution

May 26, 2020

Open source RMIScout performs wordlist and brute-force attacks against exposed Java RMI interfaces to safely guess method signatures without invocation.

By Jake Miller
Technical Research

The TL;DR on TF-IDF: Applied Machine Learning

The TL;DR on TF-IDF: Applied Machine Learning

Apr 9, 2020

Joe Sechman and Greg Mortensen discuss how machine learning algorithms help keep up with constantly changing attack surfaces to detect more vulnerabilities

By Greg Mortensen, Joe Sechman
Technical Research

GadgetProbe: Exploiting Deserialization to Brute-Force the Remote Classpath

GadgetProbe: Exploiting Deserialization to Brute-Force the Remote Classpath

Feb 17, 2020

GadgetProbe is a tool to probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on a remote Java classpath.

By Jake Miller
Technical Research

How to Set Up Zniffer for Z-Wave

How to Set Up Zniffer for Z-Wave

Feb 12, 2020

Bishop Fox helps hardware security testers with a detailed step-by-step process for setting up a Z-Wave Zniffer, a wireless communications protocol.

By Priyank Nigam
Technical Research

Dufflebag: Uncovering Secrets in Exposed EBS Volumes

Dufflebag: Uncovering Secrets in Exposed EBS Volumes

Feb 3, 2020

Dufflebag is an open source tool that allows users to quickly look through public Amazon EBS volumes for snapshots of references to their organizations.

By Dan Petro
Technical Research

Escalator to the Cloud: 5 Privesc Attack Vectors in AWS

Escalator to the Cloud: 5 Privesc Attack Vectors in AWS

Dec 19, 2019

Identify what to look out for to mitigate or remove AWS privilege escalation. Gerben Kleijn sorted the 21 methods across AWS services in five categories.

By Gerben Kleijn
Technical Research

Well, That Escalated Quickly: Privilege Escalation in AWS

Well, That Escalated Quickly: Privilege Escalation in AWS

Dec 19, 2019

For security professionals performing AWS cloud security reviews or pen tests. Explore methods that can be used in practice and explained clearly to clients.

By Gerben Kleijn
Technical Research

CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI

CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI

Dec 12, 2019

Telerik UI for ASP.NET AJAX insecurely deserializes JSON objects resulting in arbitrary RCE. Learn how to patch and securely configure this software.

By Caleb Gross
Technical Research

SFDC Secure Development Cheat Sheet

SFDC Secure Development Cheat Sheet

Dec 11, 2019

This guide helps developers build secure Salesforce web applications, whether the goal is to pass the AppExchange review or improve an application’s security.

By Zach Julian
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.