Bishop Fox Offensive Security Technical Research Blog

Technical Research

strongSwan CVE-2026-25075: Integer Underflow in VPN Authentication

Mar 26, 2026

Bishop Fox researchers took a deep dive into a new strongSwan vulnerability that allows unauthenticated attackers to take VPN services offline. We created an easy tool to test your strongSwan deployment & recommend upgrading to version 6.0.5 and later.

By Jon Williams

Technical Research

Pre-Authentication SQL Injection in FortiClient EMS 7.4.4 - CVE-2026-21643

Mar 9, 2026

FortiClient EMS 7.4.4 contains a pre-authentication SQL injection vulnerability (CVSS 9.1) in its multi-tenant site routing middleware. An unauthenticated attacker can inject arbitrary SQL by sending a crafted Site HTTP header to any pre-auth endpoint.

By John Untz

Technical Research

Beyond Electron: Attacking Alternative Desktop Application Frameworks

Mar 3, 2026

Tauri promises a lighter, security-first future beyond Electron—but does it actually reduce risk? Carlos Yanez uncovers how XSS and permissive configs can still be chained into RCE, walking through real-world exploitation techniques every appsec team should understand.

By Carlos Yanez

Technical Research

The Total Cost of AI Ownership: The Costs Not on Your Budget Sheet

Jan 13, 2026

AI looks affordable at first, licenses, cloud, headcount. But once it’s in production, costs spread across teams, systems, and decisions in ways most models miss. Here’s what we’ve learned about the hidden costs of owning AI long-term.

By Kelly Albrink

Technical Research

GenAI DevOps: More Code, More Problems

Dec 30, 2025

GenAI has made it possible for anyone to ship production code, but security hasn’t caught up. The real risk isn’t bad AI code, it’s how quickly unsafe behavior reaches production. Here’s how to build guardrails so speed doesn’t become liability.

By Derek Rush

Technical Research

MITRE AADAPT Framework as a Red Team Roadmap

Dec 17, 2025

MITRE’s AADAPT framework exposes how attackers target digital-asset systems but the real value comes from testing those threats. Learn how red teaming turns AADAPT into evidence-driven detection, stronger controls, and measurable protection against economic loss.

By Bishop Fox

Technical Research

Arista NextGen Firewall XSS to RCE Chain

Dec 4, 2025

Arista flagged three NG Firewall bugs as “limited.” Our researchers proved otherwise: real-world remote code execution is possible, and current patches don’t fully fix the root issues. Here’s what’s vulnerable, what we validated, and the steps to cut exposure now.

By Jon Williams, Ronan Kervella, Bishop Fox Researchers

Technical Research

Fortinet FortiWeb Authentication Bypass – CVE-2025-64446

Nov 19, 2025

Bishop Fox researchers discovered an authentication bypass in FortiWeb that lets attackers add their own admin accounts, take over the device, and erase evidence. Organizations can quickly check if they’re exposed using a new Bishop Fox scanner and should remove public access and update immediately.

By Jon Williams, John Untz

Technical Research

How a $20 Smart Device Gave Me Access to Your Home

Oct 2, 2025

Bishop Fox research uncovered zero-day vulnerabilities in the YoLink Smart Hub. Anyone using the YoLink Smart Hub v0382 is at risk.

By Nick Cerne

Technical Research

Demystifying 5G Security: Understanding the Registration Protocol

Sep 4, 2025

5G networks face critical security gaps during device registration. Despite improved architecture, unprotected initial messages and weak encryption negotiation create attack windows. Learn how to identify and mitigate these vulnerabilities.

By Drew Jones

Technical Research

Vulnerability Discovery with LLM-Powered Patch Diffing

Aug 15, 2025

Read our most recent research to see how LLMs can assist in scaling patch diffing workflows, saving valuable time in a crucial race against attackers.

By Jon Williams

Technical Research

Next-Level Fingerprinting: Tools, Logic, and Tactics

Aug 6, 2025

Explore how combining AI-assisted research with real-world data and signature normalization can significantly improve fingerprinting capabilities.

By Aaron Ringo

Technical Research

You’re Pen Testing AI Wrong: Why Prompt Engineering Isn’t Enough

Jul 9, 2025

Conventional pen testing methods fall short with LLMs. Static prompt tests miss adversarial context manipulation and latent model behaviors. Explore how to test AI systems like an attacker.

By Brian D.

Technical Research

Sitecore Experience Platform Vulnerabilities: Critical Update Needed for Versions 10.1 to 10.3

Jun 26, 2025

Critical vulnerabilities in Sitecore Experience Platform versions 10.1–10.3 could allow unauthenticated attackers to gain full system access through a simple exploit chain. Learn what’s at risk—and how to defend against it.

By Bishop Fox Researchers

Technical Research

Sipping from the CVE Firehose: How We Prioritize Emerging Threats for Real-World Impact

Jun 25, 2025

With tens of thousands of CVEs flooding in each year, how do you spot the ones that actually matter? At Bishop Fox, we’ve built a smarter way to cut through the noise and act fast on real-world threats. Here’s how we prioritize CVEs that truly impact our customers.

By Nate Robb

Technical Research

2025 Red Team Tools – Cloud & Identity Exploitation, Evasion & Developer Libraries

Jun 18, 2025

Explore the next wave of Red Team tools focused on cloud, identity, evasion, and developer libraries—where stealth, creativity, and adaptability matter more than flashy features. Learn how Bishop Fox operators turn techniques into strategic advantage.

By Bishop Fox

Technical Research

2025 Red Team Tools – C2 Frameworks, Active Directory & Network Exploitation

Jun 4, 2025

Explore our top Red Team tools for 2025—from powerful C2 frameworks to Active Directory and network exploitation utilities. Built for real-world adversary emulation, this toolkit is your edge in offensive security. Dive into part one of our expert-curated series.

By Bishop Fox

Technical Research

Before You Red Team: Fix These 5 Common Mistakes

May 9, 2025

Attackers exploit the same 5 mistakes time and again. Red Teams spot the patterns, in this blog you will learn how to fix what adversaries count on.

By Trevin Edgeworth

Technical Research

Epic Fails and Heist Tales: A Red Teamer’s Journey to Deadwood

Mar 31, 2025

Bishop Fox's, Alethe Denis, recaps and provides key insights from her talk, Epic Fails and Heist Tales: Red Teaming Toward Truly Tested Security, at Wild West Hackin' Fest.

By Alethe Denis

Technical Research

Rust for Malware Development

Mar 24, 2025

In this blog, Bishop Fox's Nick Cerne, will compare developing malware in Rust compared to its C counterparts and develop a simple malware dropper for demonstration.

By Nick Cerne

Technical Research

SonicWall-CVE-2024-53704: Exploit Details

Mar 21, 2025

Bishop Fox researcher, Jon Williams, explains how they successfully exploited CVE-2024-53704, an authentication bypass in unpatched SonicWall firewalls.

By Jon Williams

Technical Research

Tomcat CVE-2025-24813: What You Need to Know

Mar 18, 2025

A breakdown of CVE-2025-24813 in Apache Tomcat—what it is, who’s actually at risk, and why most users likely aren’t affected. Keep calm and patch your servers.

By Jon Williams

Technical Research

Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware

Feb 24, 2025

Bishop Fox researchers successfully reverse-engineered the encryption protecting SonicWall SonicOSX firmware, gaining access to the underlying file system.

By Jon Williams

Technical Research

SonicWall CVE-2024-53704: SSL VPN Session Hijacking

Feb 10, 2025

Bishop Fox researchers have successfully exploited CVE-2024-53704, an authentication bypass affecting the SSL VPN component of unpatched SonicWall firewalls.

By Jon Williams