AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Customer header bg dark

Offensive
Security Blog

Expert insights on offensive security, AI vulnerabilities, and emerging threats from Bishop Fox's leading security researchers and penetration testers.

Advisories Culture Security Perspectives Product Technical Research View All
Technical Research

Glossary of Relevant AWS Terms

Glossary of Relevant AWS Terms

Oct 28, 2019

All entry text is from the AWS Glossary Version 1.0.

By Gerben Kleijn
Security Perspective

Introducing cyber.dic

Introducing cyber.dic

Sep 30, 2019

Cyber.dic is a tool for security professionals who find that everyday technical terms are underlined in red in their emails, reports, and presentations.

By Brianne Hughes, Catherine Lu
Technical Research

Breaching the Trusted Perimeter | Automating Exploitation

Breaching the Trusted Perimeter | Automating Exploitation

Sep 12, 2019

Automating Exploitation of a Pulse SSL VPN Arbitrary File Read Vulnerability

By Jon Williams
Security Perspective

OpenEMR 5.0.1(6) - Technical Advisory Release

OpenEMR 5.0.1(6) - Technical Advisory Release

Sep 11, 2019

Bishop Fox researcher Chris Davis identified high and medium-risk security issues in a popular open source healthcare. This blog post provides an overview of those findings.

By Chris Davis
Advisory

OpenEMR 5.0.1(6) - RCE and XSS

OpenEMR 5.0.1(6) - RCE and XSS

Sep 10, 2019

Bishop Fox researcher Chris Davis discovered a high-risk vulnerability in OpenEMR, an open source healthcare software application.

By Chris Davis
Security Perspective

Cybersecurity Fatalism - How It Poisons Your Decision Making

Cybersecurity Fatalism - How It Poisons Your Decision Making

Sep 2, 2019

Cybersecurity fatalism is a tempting mindset to fall into, but it's not a healthy one - or, as Bishop Fox researcher Dan Petro says, "it's bad and wrong".

By Dan Petro
Security Perspective

Contain Your Toxic Waste: Keep Prod Out of Dev

Contain Your Toxic Waste: Keep Prod Out of Dev

Aug 29, 2019

Tony Lozano discusses the importance of avoiding the mistake of putting production data in dev environments. This common practice creates security issues.

By Tony Lozano
Security Perspective

Every Sign Has a Story

Every Sign Has a Story

Aug 12, 2019

Thiago Campos reviews Google G Suite Developer's guide and provides some context on warnings that can go unnoticed by developers more focused on functionality than security.

By Thiago Campos
Technical Research

Meet Eyeballer: An AI-powered, Open Source Tool for Assessing External Perimeters

Meet Eyeballer: An AI-powered, Open Source Tool for Assessing External Perimeters

Aug 8, 2019

Eyeballer is an AI-powered, open-source tool designed to help assess large-scale external perimeters. Eyeballer video explainer included.

By Dan Petro, Gavin Stroy
Technical Research

A How-To Guide for Using ZigDiggity, the Zigbee Hacking Toolkit

A How-To Guide for Using ZigDiggity, the Zigbee Hacking Toolkit

Aug 7, 2019

ZigDiggity is a new, open source hacking toolkit designed for testing Zigbee-enabled systems.

By Francis Brown, Matt Gleason
Security Perspective

How Bishop Fox Enables Wickr's Security Assurance

How Bishop Fox Enables Wickr's Security Assurance

Aug 6, 2019

Wickr enlisted Bishop Fox to perform an examination of their security including quarterly assessments, penetration testing, and source code review.

By Bishop Fox
Culture

10 Must-See Talks at Black Hat and DEF CON

10 Must-See Talks at Black Hat and DEF CON

Aug 6, 2019

These are the best talks and presentations going on at Black Hat and DEF CON 2019 in Las Vegas.

By Bishop Fox
Technical Research

A How-To Guide for Using Sliver

A How-To Guide for Using Sliver

Aug 5, 2019

Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS.

By Joe DeMesy, Ronan Kervella
Technical Research

A Need for Vigilance in Open Source Software: Dolibarr CRM Advisory Release

A Need for Vigilance in Open Source Software: Dolibarr CRM Advisory Release

Jul 31, 2019

Bishop Fox researcher Priyank Nigam highlights the need for vigilance in open source security. He provides an overview of the vulnerabilities he found in Dolibarr ERP CRM.

By Priyank Nigam
Advisory

AeroGarden Version 1.3.1 - Multiple Vulnerabilities

AeroGarden Version 1.3.1 - Multiple Vulnerabilities

Jul 30, 2019

Vulnerabilities in the Aerogarden mobile app would allow an attacker to inflict damage to plant life and/or capture traffic to access the users’ account information.

By Jason Gay
Advisory

Dolibarr Version 9.0.1 — Multiple Vulnerabilities

Dolibarr Version 9.0.1 — Multiple Vulnerabilities

Jul 25, 2019

Bishop Fox researcher Priyank Nigam identified 3 high-risk security vulnerabilities in Dolibarr version 9.0.1. These vulnerabilities include RCE + XSS.

By Priyank Nigam
Advisory

InterSystems Cache 2017.2.2.865.0 and 2018.1.2 Multiple Vulnerabilities

InterSystems Cache 2017.2.2.865.0 and 2018.1.2 Multiple Vulnerabilities

Jul 24, 2019

Chris Davis identified several high-risk security vulnerabilities in the Intersystem Cache. This security advisory details the exploits and the solutions.

By Chris Davis
Technical Research

Going Semi-Automated in an Automated World: Using Human-in-the-Loop Workflows to Improve Our Security Tools

Going Semi-Automated in an Automated World: Using Human-in-the-Loop Workflows to Improve Our Security Tools

Jul 18, 2019

GitGot is a Bishop Fox tool that browses GitHub for sensitive secrets. It's the brainchild of Jake Miller, and you can read more about it in this blog post.

By Jake Miller
Technical Research

GitGot Tool Release

GitGot Tool Release

Jul 18, 2019

GitGot is a Bishop Fox tool that browses GitHub for sensitive secrets. It's the brainchild of Jake Miller, and you can learn how to use it in this write-up.

By Jake Miller
Advisory

Tegile Intelliflash OS Version 3.7.0.8.180413 (GA) - Password Disclosure

Tegile Intelliflash OS Version 3.7.0.8.180413 (GA) - Password Disclosure

May 14, 2019

The Tegile IntelliFlash OS was affected by a password disclosure vulnerability, which is explained in Thiago Campos' advisory.

By Thiago Campos
Advisory

Greyhound Critical Vulnerabilities - Road Rewards Program

Greyhound Critical Vulnerabilities - Road Rewards Program

Apr 11, 2019

Critical vulnerabilities were identified in the Greyhound APIs primarily due to insufficient authentication controls. Exploitation of these could result in the exposure of personally identifiable information.

By Priyank Nigam
Security Perspective

My Path to Security - How Christie Terrill Got Into Security

My Path to Security - How Christie Terrill Got Into Security

Mar 25, 2019

VP of Customer Success Christie Terrill shares her cybersecurity career journey and her life at Bishop Fox in this blog post.

By Bishop Fox
Advisory

Cantemo Portal Version 3.8.4 - Cross-Site Scripting

Cantemo Portal Version 3.8.4 - Cross-Site Scripting

Mar 8, 2019

Cantemo AB is a software systems and technology vendor for major media outlets. Chris Davis identified a high-risk vulnerability in it.

By Chris Davis
Advisory

Simple – Better Banking (Android) v. 2.45.0 – 2.45.3 - Sensitive Information Disclosure

Simple – Better Banking (Android) v. 2.45.0 – 2.45.3 - Sensitive Information Disclosure

Feb 21, 2019

The Simple – Better Banking Android application was affected by an information disclosure vulnerability, which you can read about in this advisory.

By Matt Hamilton
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.