AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Abstract cybersecurity illustration featuring servers, network nodes, and stylized attack indicators representing penetration testing and threat activity.

Offensive
Security Blog

Expert insights on offensive security, AI vulnerabilities, and emerging threats from Bishop Fox's leading security researchers and penetration testers.

Advisories Culture Industry Product Technical Research View All
Industry

Building Security at Scale: The AppExchange Story

Building Security at Scale: The AppExchange Story

Aug 11, 2025

In our interview hosted by Bishop Fox CEO Vinnie Liu with guests Brendan O’Connor, CEO of AppOmni and James Dolph, CISO at Guidewire, we uncovered the fascinating origin story of Salesforce's AppExchange.

By Bishop Fox Researchers
Technical Research

Next-Level Fingerprinting: Tools, Logic, and Tactics

Next-Level Fingerprinting: Tools, Logic, and Tactics

Aug 6, 2025

Explore how combining AI-assisted research with real-world data and signature normalization can significantly improve fingerprinting capabilities.

By Aaron Ringo
Culture

Fox Den Pull List: Our Favorite Comics

Fox Den Pull List: Our Favorite Comics

Jul 17, 2025

At Bishop Fox, thinking like an adversary comes naturally. So it’s no surprise that comics—where power, perspective, and outsider thinking collide—resonate deeply with our team. Ahead of Comic-Con 2025, we asked our Foxes: what comics still stick with you?

By Bishop Fox Researchers
Technical Research

You’re Pen Testing AI Wrong: Why Prompt Engineering Isn’t Enough

You’re Pen Testing AI Wrong: Why Prompt Engineering Isn’t Enough

Jul 9, 2025

Conventional pen testing methods fall short with LLMs. Static prompt tests miss adversarial context manipulation and latent model behaviors. Explore how to test AI systems like an attacker.

By Brian D.
Technical Research

Sitecore Experience Platform Vulnerabilities: Critical Update Needed for Versions 10.1 to 10.3

Sitecore Experience Platform Vulnerabilities: Critical Update Needed for Versions 10.1 to 10.3

Jun 26, 2025

Critical vulnerabilities in Sitecore Experience Platform versions 10.1–10.3 could allow unauthenticated attackers to gain full system access through a simple exploit chain. Learn what’s at risk—and how to defend against it.

By Bishop Fox Researchers
Technical Research

Sipping from the CVE Firehose: How We Prioritize Emerging Threats for Real-World Impact

Sipping from the CVE Firehose: How We Prioritize Emerging Threats for Real-World Impact

Jun 25, 2025

With tens of thousands of CVEs flooding in each year, how do you spot the ones that actually matter? At Bishop Fox, we’ve built a smarter way to cut through the noise and act fast on real-world threats. Here’s how we prioritize CVEs that truly impact our customers.

By Nate Robb
Technical Research

2025 Red Team Tools – Cloud & Identity Exploitation, Evasion & Developer Libraries

2025 Red Team Tools – Cloud & Identity Exploitation, Evasion & Developer Libraries

Jun 18, 2025

Explore the next wave of Red Team tools focused on cloud, identity, evasion, and developer libraries—where stealth, creativity, and adaptability matter more than flashy features. Learn how Bishop Fox operators turn techniques into strategic advantage.

By Bishop Fox
Technical Research

2025 Red Team Tools – C2 Frameworks, Active Directory & Network Exploitation

2025 Red Team Tools – C2 Frameworks, Active Directory & Network Exploitation

Jun 4, 2025

Explore our top Red Team tools for 2025—from powerful C2 frameworks to Active Directory and network exploitation utilities. Built for real-world adversary emulation, this toolkit is your edge in offensive security. Dive into part one of our expert-curated series.

By Bishop Fox
Technical Research

Before You Red Team: Fix These 5 Common Mistakes

Before You Red Team: Fix These 5 Common Mistakes

May 9, 2025

Attackers exploit the same 5 mistakes time and again. Red Teams spot the patterns, in this blog you will learn how to fix what adversaries count on.

By Trevin Edgeworth
Advisory

SonicWall Sonicos Versions 7.1.x and 8.0.x

SonicWall Sonicos Versions 7.1.x and 8.0.x

Apr 24, 2025

Bishop Fox staff identified a vulnerability in SonicWall SonicOS 7.1.x and 8.0.x that allowed them to cause an affected NSv virtual appliance to reboot by sending unauthenticated requests to specific API endpoints, resulting in a denial-of-service condition.

By Jon Williams
Industry

The Promise and Perils of AI: Navigating Emerging Cyber Threats - A Dark Reading Panel

The Promise and Perils of AI: Navigating Emerging Cyber Threats - A Dark Reading Panel

Apr 16, 2025

This video showcases leading voices in cybersecurity explaining their examinations into how AI is simultaneously transforming cyber defense and supercharging attacker capabilities. Together, they explored how GenAI is reshaping the threat landscape and what security leaders must do to adapt.

By Rob Ragan
Technical Research

Epic Fails and Heist Tales: A Red Teamer’s Journey to Deadwood

Epic Fails and Heist Tales: A Red Teamer’s Journey to Deadwood

Mar 31, 2025

Bishop Fox's, Alethe Denis, recaps and provides key insights from her talk, Epic Fails and Heist Tales: Red Teaming Toward Truly Tested Security, at Wild West Hackin' Fest.

By Alethe Denis
Technical Research

Rust for Malware Development

Rust for Malware Development

Mar 24, 2025

In this blog, Bishop Fox's Nick Cerne, will compare developing malware in Rust compared to its C counterparts and develop a simple malware dropper for demonstration.

By Nick Cerne
Technical Research

SonicWall-CVE-2024-53704: Exploit Details

SonicWall-CVE-2024-53704: Exploit Details

Mar 21, 2025

Bishop Fox researcher, Jon Williams, explains how they successfully exploited CVE-2024-53704, an authentication bypass in unpatched SonicWall firewalls.

By Jon Williams
Technical Research

Tomcat CVE-2025-24813: What You Need to Know

Tomcat CVE-2025-24813: What You Need to Know

Mar 18, 2025

A breakdown of CVE-2025-24813 in Apache Tomcat—what it is, who’s actually at risk, and why most users likely aren’t affected. Keep calm and patch your servers.

By Jon Williams
Technical Research

Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware

Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware

Feb 24, 2025

Bishop Fox researchers successfully reverse-engineered the encryption protecting SonicWall SonicOSX firmware, gaining access to the underlying file system.

By Jon Williams
Technical Research

SonicWall CVE-2024-53704: SSL VPN Session Hijacking

SonicWall CVE-2024-53704: SSL VPN Session Hijacking

Feb 10, 2025

Bishop Fox researchers have successfully exploited CVE-2024-53704, an authentication bypass affecting the SSL VPN component of unpatched SonicWall firewalls.

By Jon Williams
Industry

From Dial Tone to Throne: IVR Testing in the Spirit of The King of NYNEX

From Dial Tone to Throne: IVR Testing in the Spirit of The King of NYNEX

Feb 5, 2025

Explores IVR penetration testing methodologies, common vulnerabilities, and strategies to secure these critical systems against modern threats.

By Alethe Denis
Culture

Hacking the Norm: Unique Career Journeys into Cybersecurity

Hacking the Norm: Unique Career Journeys into Cybersecurity

Jan 30, 2025

The unique career journeys of Foxes highlight that passion, curiosity, and a willingness to explore can open doors to impactful roles in cybersecurity. Check out a few of their stories.

By Gerben Kleijn, Nathan Elendt, Katie Ritchie
Product

Cosmos Series Part 4: Results-Oriented Critical Thinking

Cosmos Series Part 4: Results-Oriented Critical Thinking

Jan 21, 2025

Explore how Bishop Fox integrates critical thinking into Cosmos development to enhance scalability, flexibility, and velocity. By focusing on outcomes and adopting structured analytical processes, we’ve avoided design pitfalls and empowered our teams to deliver impactful solutions.

By Aaron Symanski
Technical Research

raink: Use LLMs for Document Ranking

raink: Use LLMs for Document Ranking

Jan 14, 2025

Learn how Bishop Fox's open-source ranking algorithm, raink, can be used to solve general ranking problems that are difficult for LLMs to process.

By Caleb Gross
Industry

Navigating Workplace Security: Red Team Insights for the Return to Office

Navigating Workplace Security: Red Team Insights for the Return to Office

Jan 10, 2025

Review how Red Team insights can shed light on gaps in physical security and play a pivotal role in enhancing workplace security during the continued transition back to office environments as we relearn verification, protocol, and authorization.

By Alethe Denis
Technical Research

Cyber Mirage: How AI is Shaping the Future of Social Engineering

Cyber Mirage: How AI is Shaping the Future of Social Engineering

Jan 8, 2025

Bishop Fox explores the escalating threat of AI-driven deepfakes in social engineering attacks, highlighting their potential to deceive individuals and organizations by impersonating trusted figures through hyper-realistic audio and video fabrications.

By Brandon Kovacs
Product

Cosmos Series Part 3: The Importance of Automation

Cosmos Series Part 3: The Importance of Automation

Jan 7, 2025

Discover how automation in code integration, deployment, and infrastructure management has streamlined our operations, enhanced deployment velocity, and improved the consistency of our deliverables.

By Aaron Symanski
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.