Offensive
Security Blog

Culture

El Programa de Interns de Bishop Fox: Foxes de México Assemble!

Feb 16, 2024

En Bishop Fox, siempre estamos buscando crear la próxima generación de Avengers de la seguridad ofensiva a través de nuestro innovador internship program.

By Lesley Mugford

Culture

The Bishop Fox Internship Program: Mexico Foxes Assemble!

Feb 15, 2024

Learn about our internship program for Mexico-based penetration testers.

By Lesley Mugford

Security Perspective

Enabling Proper PCI Testing with External Penetration Tests

Feb 14, 2024

Gain actionable insights on how to maximize external penetration testing to develop comprehensive PCI security strategies.

By Derek Rush

Culture

Must-Listen Top Cybersecurity Podcasts

Feb 7, 2024

Interested in finding new ways to learn about the cybersecurity industry? Check this list of our must-listen top podcasts to hear from industry leading experts!

By Beth Robinson

Security Perspective

Navigating Threats: Adopting Proactive Social Engineering and Network Testing Strategies

Jan 16, 2024

Get insights from Bishop Fox experts on social engineering tactics, implementing technical controls, and the importance of internal network testing.

By Beth Robinson

Technical Research

It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable

Jan 15, 2024

Learn about SonicWall NGFW series 6 and 7 impacted by unauthenticated denial-of-service vulnerabilities with the potential for remote code execution.

By Jon Williams

Security Perspective

Strengthening Cybersecurity Defenses: Validating Incident Response Plans with Red Team Tabletop Exercises

Jan 4, 2024

In this blog, learn how Bishop Fox Red Team tabletop exercises help organizations test Incident Response plans against tactics, techniques, and procedures used by attackers.

By Alethe Denis

Technical Research

GWT: Unpatched, Unauthenticated Java Deserialization

Dec 18, 2023

In this blog, learn about an eight year old unpatched and unauthenticated Java deserialization vulnerability in GWT.

By Ben Lincoln

Technical Research

Introducing Swagger Jacker: Auditing OpenAPI Definition Files

Dec 12, 2023

Download Swagger Jacker, an open-source tool made for penetration testers that enables better auditing of OpenAPI definition files.

By Tony West

Security Perspective

Purple Teaming: Validating Cybersecurity Investments and Enhancing Efficiency

Dec 6, 2023

Learn how Purple Teaming brings together offensive and defensive strategies for a more comprehensive and impactful cybersecurity approach.

By Ryan Basden

Security Perspective

Healthcare: 2023 Insights from the Ponemon Institute

Nov 28, 2023

Get insights into offensive security trends in the healthcare sector with data from the Ponemon Institute’s 2023 State of Offensive Security Report.

By Beth Robinson

Advisory

Ray, Versions 2.6.3, 2.8.0

Nov 27, 2023

This Bishop Fox advisory highlights three critical severity vulnerabilities in the RAY application versions 2.6.3 and 2.8.0.

By Berenice Flores Garcia

Technical Research

Cloud Security Podcast Featuring Seth Art: Network Pentest 2.0

Nov 8, 2023

Learn about cloud security and cloud penetration testing in Part 2 of Seth Art's interview with Cloud Security Podcast.

By Seth Art

Technical Research

Cloud Security Podcast Featuring Seth Art: Cloud Pentest of AWS

Nov 1, 2023

Hear insights from Seth Art on how AWS cloud penetration testing improves cloud security and why cloud configuration reviews are not always enough.

By Seth Art

Technical Research

Building an Exploit for FortiGate Vulnerability CVE-2023-27997

Oct 27, 2023

Learn how Bishop Fox built a POC exploit for the pre-authentication remote code injection vulnerability in the Fortinet SSL VPN published by Lexfo.

By Bishop Fox Researchers

Product

Cosmos: Unleashing the Power of Perimeter Protection

Oct 24, 2023

In this blog, get a preview of the Cosmos: Protecting the Perimeter report and learn how continuous attack surface management protects digital perimeters.

By Beth Robinson

Security Perspective

Red Teaming: 2023 Insights from the Ponemon Institute

Oct 4, 2023

Learn why mature organizations turn to Red Teaming to improve cybersecurity resiliency.

By Beth Robinson

Technical Research

Celebrating One Year of CloudFox

Sep 29, 2023

Celebrate CloudFox's one-year anniversary as we reflect on the updates and growth that have occurred over the year including the creation of CloudFoxable.

By Seth Art

Technical Research

Passing the OSEP Exam Using Sliver

Sep 21, 2023

Learn how Bishop Fox senior security expert, Jon Guild, passed the OSEP exam using Sliver.

By Jon Guild

Security Perspective

Financial Services: 2023 Insights From the Ponemon Institute

Sep 19, 2023

Get a sneak peek into why FinServ organizations are at the forefront of offensive security.

By Beth Robinson

Security Perspective

The Dark Side of Convenience: Understanding the Dangers of Digital Supply Chain

Sep 5, 2023

Dive into this blog for an offensive security perspective on the dangers of the digital supply chain.

By Beth Robinson

Security Perspective

A Bishop Fox Recap - Hacker Summer Camp 2023

Aug 23, 2023

Get a Bishop Fox recap of the 2023 Hacker Summer Camp in Las Vegas.

By Beth Robinson

Technical Research

Badge of Shame - Breaking Into Secure Facilities with OSDP

Aug 9, 2023

Learn about five exploitable vulnerabilities we've identified in OSDP and share what defenders can do about them.

By Dan Petro

Technical Research

Analysis and Exploitation of CVE-2023-3519

Aug 4, 2023

Our latest blog offers additional analysis and exploitation of CVE-2023-3519, a critical remote code execution vulnerability in Citrix ADC.

By Caleb Gross