AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Abstract cybersecurity illustration featuring servers, network nodes, and stylized attack indicators representing penetration testing and threat activity.

Offensive
Security Blog

Expert insights on offensive security, AI vulnerabilities, and emerging threats from Bishop Fox's leading security researchers and penetration testers.

Advisories Culture Industry Product Technical Research View All
Advisory

WP Coder, Version 2.5.3 Advisory

WP Coder, Version 2.5.3 Advisory

Apr 13, 2023

In this advisory learn about the WP Coder plugin that is affected by a time-based SQL injection vulnerability via the the ‘id’ parameter in versions up to, and including, 2.5.3.

By Etan Castro Aldrete
Advisory

Windows Task Scheduler Application, Version 19044.1706 Advisory

Windows Task Scheduler Application, Version 19044.1706 Advisory

Apr 4, 2023

Learn about CVE-2023-21541, a Windows Task Scheduler vulnerability discovered by Ben Lincoln.

By Ben Lincoln
Advisory

Microsoft Intune, Version 1.55.48.0 Advisory

Microsoft Intune, Version 1.55.48.0 Advisory

Apr 4, 2023

Learn about the latest Microsoft Intune vulnerability discovered by Ben Lincoln.

By Ben Lincoln
Technical Research

What the Vuln: EDR Bypass with LoLBins

What the Vuln: EDR Bypass with LoLBins

Mar 23, 2023

Learn more about EDR bypass techniques with Lindsay Von Tish in the second blog of our What the Vuln series.

By Lindsay Von Tish
Industry

Bank Vault or Screen Door? How Attackers View Financial Services

Bank Vault or Screen Door? How Attackers View Financial Services

Mar 20, 2023

Bank vault or screen door? Learn how FinServ attack surfaces appear to a hacker, how they prefer to exploit, and where they look for vulnerabilities.

By Beth Robinson
Culture

Women of the Fox Den - A Unique Hacking Perspective

Women of the Fox Den - A Unique Hacking Perspective

Mar 12, 2023

Get highlights from our International Women's Day livestream roundtable, Defend Like a Girl: Hacking Your Way to Cyber Success.

By Beth Robinson
Culture

The Women Behind the Writing

The Women Behind the Writing

Mar 9, 2023

Get to the know a few of the women behind the technical editorial team at Bishop Fox and learn about the criticality of clear, continuous, and consistent communication with customers.

By Beth Robinson
Technical Research

What the Vuln: Zimbra

What the Vuln: Zimbra

Feb 21, 2023

Take a deep dive into Zimbra Zip Path Traversal vulnerability with Carlos Yanez in the first blog of our What the Vuln series.

By Carlos Yanez
Industry

Red Teaming: The Ultimate Sanity Check for Security Teams

Red Teaming: The Ultimate Sanity Check for Security Teams

Feb 16, 2023

Learn how to take control of security program investments with Red Teaming.

By Trevin Edgeworth, Mark MacDonald
Culture

The Top 12 Hacking Influencers to Follow

The Top 12 Hacking Influencers to Follow

Feb 9, 2023

Check out this blog to learn about our favorite influencers to follow on the hacker scene.

By Britt Kemp
Technical Research

Spoofy: An Email Domain Spoofing Tool

Spoofy: An Email Domain Spoofing Tool

Feb 1, 2023

In this blog, take a deep dive into Spoofy, an opensource tool that offers bulk domain lookup based on DMARC and SPF records.

By Matt Keeley
Advisory

EzAdsPro BlackBox Advisory

EzAdsPro BlackBox Advisory

Jan 25, 2023

Read this high risk advisory to learn how EzAdsPro "BlackBox" application allowed directory listing resulting in unauthorized information disclosure.

By Dan Petro
Industry

8 Network Pen Testing Tools for Your Hacker Arsenal

8 Network Pen Testing Tools for Your Hacker Arsenal

Jan 17, 2023

Check out our recommendations for top network pen testing tools to level up your hacking skills.

By Britt Kemp
Technical Research

Cloud Penetration: Not Your Typical Internal Testing

Cloud Penetration: Not Your Typical Internal Testing

Jan 10, 2023

Learn what it is like to be a cloud penetration tester from our expert, Seth Art.

By Seth Art
Culture

2023 Offensive Security Resolutions from the Fox Den

2023 Offensive Security Resolutions from the Fox Den

Jan 4, 2023

Get familiar with Bishop Fox's most important offensive security resolutions for 2023.

By Beth Robinson
Industry

Our Favorite Tools of the Year: 2022 Edition

Our Favorite Tools of the Year: 2022 Edition

Dec 27, 2022

Check out out favorite pen testing tools that we loved using in 2022!

By Britt Kemp
Culture

A Hacker Holiday Gift Guide

A Hacker Holiday Gift Guide

Dec 20, 2022

Need gift ideas for your favorite hackers? We've got you covered with our Hacker Holiday Gift Guide.

By Shanni Prutchi
Advisory

FlowscreenComponents Basepack, Version 3.0.7 Advisory

FlowscreenComponents Basepack, Version 3.0.7 Advisory

Dec 15, 2022

In this advisory, read about a cross-site scripting (XSS) vulnerability in the FlowscreenComponents Basepack, Version 3.0.7.

By Matthew Rutledge
Industry

The Latest in Ransomware: A Path of Cyber Destruction

The Latest in Ransomware: A Path of Cyber Destruction

Dec 12, 2022

In this blog, we share a roundup of recent ransomware events, how ransomware continues to forge a path of destruction, and shed light on efforts to slow the pace of attacks.

By Beth Robinson
Technical Research

160K COVID-19 Records: Vulnerability in Avicena Medical Laboratory

160K COVID-19 Records: Vulnerability in Avicena Medical Laboratory

Dec 9, 2022

In this blog, learn how Bishop Fox discovered vulnerabilities in Kosovo's Avicena Medical Laboratory revealing patients' COVID-19 records.

By Dardan Prebreza
Industry

A CISO's Approach to Ransomware Playbooks

A CISO's Approach to Ransomware Playbooks

Nov 29, 2022

Get a CISO's perspective on testing your security defenses against real-world ransomware playbooks.

By Beth Robinson
Advisory

Log HTTP Requests, Version 1.3.1, Advisory

Log HTTP Requests, Version 1.3.1, Advisory

Nov 21, 2022

Read this medium risk advisory to learn details about CVE-2022-3402.

By Etan Castro Aldrete
Culture

How to Go from Active Duty to Civilian Cybersecurity

How to Go from Active Duty to Civilian Cybersecurity

Nov 17, 2022

In this blog, learn how veterans bridge the career gap between active duty service and civilian cybersecurity.

By Beth Robinson
Industry

Don't Get Caught in the Dark: How to Build Better Documentation for Security Teams

Don't Get Caught in the Dark: How to Build Better Documentation for Security Teams

Oct 31, 2022

In this blog, we share our recommendations for improving technical documentation guidelines and strategies for security teams.

By Andy Doering
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.