AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started

Technical Research

Technical Research

Reasonably Secure Electron

Reasonably Secure Electron

Nov 21, 2019

Many still consider the Electron framework insecure. This research describes how to effectively design applications that defend against attacks.

By Joe DeMesy
Technical Research

Glossary of Relevant AWS Terms

Glossary of Relevant AWS Terms

Oct 28, 2019

All entry text is from the AWS Glossary Version 1.0.

By Gerben Kleijn
Technical Research

Breaching the Trusted Perimeter | Automating Exploitation

Breaching the Trusted Perimeter | Automating Exploitation

Sep 12, 2019

Automating Exploitation of a Pulse SSL VPN Arbitrary File Read Vulnerability

By Jon Williams
Technical Research

Meet Eyeballer: An AI-powered, Open Source Tool for Assessing External Perimeters

Meet Eyeballer: An AI-powered, Open Source Tool for Assessing External Perimeters

Aug 8, 2019

Eyeballer is an AI-powered, open-source tool designed to help assess large-scale external perimeters. Eyeballer video explainer included.

By Dan Petro, Gavin Stroy
Technical Research

A How-To Guide for Using ZigDiggity, the Zigbee Hacking Toolkit

A How-To Guide for Using ZigDiggity, the Zigbee Hacking Toolkit

Aug 7, 2019

ZigDiggity is a new, open source hacking toolkit designed for testing Zigbee-enabled systems.

By Francis Brown, Matt Gleason
Technical Research

A How-To Guide for Using Sliver

A How-To Guide for Using Sliver

Aug 5, 2019

Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS.

By Joe DeMesy, Ronan Kervella
Technical Research

A Need for Vigilance in Open Source Software: Dolibarr CRM Advisory Release

A Need for Vigilance in Open Source Software: Dolibarr CRM Advisory Release

Jul 31, 2019

Bishop Fox researcher Priyank Nigam highlights the need for vigilance in open source security. He provides an overview of the vulnerabilities he found in Dolibarr ERP CRM.

By Priyank Nigam
Technical Research

Going Semi-Automated in an Automated World: Using Human-in-the-Loop Workflows to Improve Our Security Tools

Going Semi-Automated in an Automated World: Using Human-in-the-Loop Workflows to Improve Our Security Tools

Jul 18, 2019

GitGot is a Bishop Fox tool that browses GitHub for sensitive secrets. It's the brainchild of Jake Miller, and you can read more about it in this blog post.

By Jake Miller
Technical Research

GitGot Tool Release

GitGot Tool Release

Jul 18, 2019

GitGot is a Bishop Fox tool that browses GitHub for sensitive secrets. It's the brainchild of Jake Miller, and you can learn how to use it in this write-up.

By Jake Miller
Technical Research

An Introduction to AWS Cloud Security

An Introduction to AWS Cloud Security

Aug 28, 2018

If you're a newcomer to the slightly intimidating world of AWS cloud security, let this primer by Bishop Fox serve as your first jump into a world that you can navigate with some time and patience.

By Gerben Kleijn
Technical Research

A Guide to AWS S3 Buckets Security

A Guide to AWS S3 Buckets Security

Jul 10, 2018

The blog post serving as an intro to our guide on AWS S3 buckets security best practices. Download our guide for more technical information on how you can keep your AWS environment safe.

By Gerben Kleijn
Technical Research

Why You Need IDontSpeakSSL in Your Life

Why You Need IDontSpeakSSL in Your Life

Jun 26, 2018

Get the scoop on IDontSpeakSSL, the network pentesting tool created by Bishop Fox's Florian Nivette. To read about how it works, check out the blog post which explains the difference between it and it

By Florian Nivette
Technical Research

Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution

Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution

Jun 11, 2018

Bishop Fox's Jake Miller explains server-side spreadsheet injection, an attack vector based on CSV injection, in this technical write-up based off his Empire Hacking Meetup presentation.

By Jake Miller
Technical Research

Stand Your Cloud #3: AWS Provisioning and Access Requests

Stand Your Cloud #3: AWS Provisioning and Access Requests

Nov 14, 2017

AWS security can often be achieved thanks to proper provisioning + access requests. In this write-up, Gerben Kleijn explores how to handle these processes.

By Gerben Kleijn
Technical Research

A Bug Has No Name: Multiple Heap Buffer Overflows In the Windows DNS Client

A Bug Has No Name: Multiple Heap Buffer Overflows In the Windows DNS Client

Oct 10, 2017

A bug has no name - multiple heap buffer overflows in windows dns client - CVE-2017-11779 was fixed by Microsoft in October of 2017. This bug was discovered by Bishop Fox's consultant, Nick Freeman.

By Nick Freeman
Technical Research

Is CORS Becoming Obsolete?

Is CORS Becoming Obsolete?

Sep 6, 2017

CORS is not obsolete as feared - but rather, it's become part of a larger standard known as FETCH.

By Tim Sapio
Technical Research

Hot New ‘Anonymous’ Chat App Hijacks Millions of Contact Data

Hot New ‘Anonymous’ Chat App Hijacks Millions of Contact Data

Aug 28, 2017

Sarahah, the chat app marketed as being "anonymous," has a disturbing secret - a Sarahah leak may endanger the contact info of possibly millions of users.

By Zach Julian
Technical Research

Breaking Drone Defenses: Using Chicken Wire to Defeat Net Projectile-Based Products

Breaking Drone Defenses: Using Chicken Wire to Defeat Net Projectile-Based Products

Aug 3, 2017

Breaking Drone Defenses: Using Chicken Wire to Defeat Net Projectile-Based Products

By Francis Brown
Technical Research

How I Built An XSS Worm On Atmail

How I Built An XSS Worm On Atmail

Jun 23, 2017

Read an account of creating an XSS worm on a popular email hosting service provider.

By Zach Julian
Technical Research

How We Can Stop Email Spoofing

How We Can Stop Email Spoofing

May 23, 2017

Email spoofing is an antiquated attack that 98 percent of the internet is vulnerable to - even in the modern age. Defend yourself with our tool, SpoofCheck.

By Alex DeFreese
Technical Research

The CIA Leak: A Look On the Bright Side...

The CIA Leak: A Look On the Bright Side...

Mar 8, 2017

A closer examination of the CIA Leak: Don’t get lost in the hype. There is a bright side to strife...

By Dan Petro
Technical Research

In the News: A BGP Hijacking Technical Post-Mortem

In the News: A BGP Hijacking Technical Post-Mortem

Jan 18, 2017

BGP hijacking was utilized by the Iranian government in early January 2016. In this microblog, Zach Julian analyzes the technical implications of the event.

By Zach Julian
Technical Research

A Guide to Do-It-Yourself Network Segmentation

A Guide to Do-It-Yourself Network Segmentation

Nov 30, 2016

Want to keep your network secure? Working with a shoestring budget? Check out our do-it-yourself network segmentation guide.

By Cory Johnson
Technical Research

Game Over, Man! Reversing Video Games to Create an Unbeatable AI Player

Game Over, Man! Reversing Video Games to Create an Unbeatable AI Player

Aug 10, 2016

Bishop Fox's Dan Petro explains the creation of his SmashBot AI character and how he implemented time-honored hacker techniques in the development process.

By Dan Petro
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.