Offensive Security Blog

Explore the EU's new DORA regulation and how financial entities and their ICT vendors must promptly align their security frameworks with DORA's requirements to mitigate potential risks and ensure operational stability.

Offensive Security Under the EU Digital Operational Resilience Act (DORA)

Aug 28, 2024

By Harley Geiger

Explore the intricacies of social engineering, explore its various forms, and describe how adversaries set, define, and achieve objectives leveraging social engineering tactics and strategies.

Manipulating the Mind: The Strategy and Practice of Social Engineering

Aug 13, 2024

By Alethe Denis

Take an in-depth look at Adversarial Controls Testing assessments (ACT), an offensive security testing approach that evaluates the effectiveness of an organization's email, endpoint, and network security controls by simulating real-world attacks.

Adversarial Controls Testing: A Step to Cybersecurity Resilience

Aug 1, 2024

By Bishop Fox Researchers

Bishop Fox's CISO Christie Terrill and former VP of Consulting Tom Eston discuss leveraging offensive security strategies for effective post-attack recovery, providing practical steps for remediation and building long-term cyber resilience.

Leveraging Offensive Security for Effective Post-Attack Recovery

Jul 17, 2024

By Bishop Fox Researchers

Read for an in-depth analysis of the Traeger Grill hack, uncovering the vulnerabilities that could compromise your grill's security and how they were addressed.

Product Security Review Methodology for Traeger Grill Hack

Jul 2, 2024

By Nick Cerne

Advisory

Traeger Grill D2 Wi-Fi Controller, Version 2.02.04

Jul 2, 2024

Discover critical vulnerabilities in the Traeger Grill D2 Wi-Fi Controller that could impact your grill's security. Read our advisory to learn about the issues identified.

By Nick Cerne

Advisory

ExpressionEngine, Version 7.3.15

Jun 17, 2024

Bishop Fox staff identified two vulnerabilities in Packet Tide’s ExpressionEngine version 7.3.15. The most severe issue allowed Bishop Fox staff to obtain access to a new administrator account in an instance of ExpressionEngine.

By Matthieu Keller

Discover the key points from our webcast, "How Does Social Engineering Work? in this recap blog.

How Does Social Engineering Work? From Planning to Execution

Jun 14, 2024

By Bishop Fox Researchers

Unlock the secrets to securing your AWS environment! Learn the intricacies of IAM permissions and how to protect your Amazon API Gateway access logs.

The Unmask IAM Permission: API Gateway Access Logging

Jun 6, 2024

By Chris Scrivana

Explore highlights from a recent webcast where special guest Anirban Banerjee, CEO and co-founder of partner Riscosity, and Matt Twells, senior solutions architect, explore critical considerations for developing a security program that prioritizes third-party risk reduction.

Strengthen Security to Mitigate Third-Party Risks

May 29, 2024

By Matt Twells

Advisory

OOB Memory Read: Netscaler ADC and Gateway

May 6, 2024

The affected Citrix NetScaler components are used for Authentication, Authorization, and Auditing (AAA), and remote access. The latest version of NetScaler is 14.1-21.15, released on April 23, 2024.

By Bishop Fox Researchers

We’re asking the big question: Which Star Wars Characters Would Make Great Cybersecurity Professionals?

Which Star Wars Character Fits Your Cybersecurity Style?

Apr 30, 2024

By Sean McMillan

Bishop Fox shares limited details about mitigation bypasses for PAN-OS CVE-2024-3400 in an effort to be maximally useful for defenders, while minimally useful for opportunistic attackers.

PAN-OS CVE-2024-3400: Patch Your Palo Alto Firewalls

Apr 19, 2024

By Bishop Fox Researchers

Gain cutting edge insights into offensive security strategies used by the Technology & Software industry.

Technology and Software: 2023 Insights From the Ponemon Institute

Apr 2, 2024

By Beth Robinson

Gain insights into how enterprises can take a pragmatic and informed approach to AI and LLM technology adoption, ensuring reduced security risks.

Practical Measures for AI and LLM Security: Securing the Future for Enterprises

Apr 1, 2024

By Bishop Fox Researchers

In this blog, examine the iSoon data disclosure from an offensive security perspective.

The iSOON Disclosure: Exploring the Integrated Operations Platform

Mar 21, 2024

By Bishop Fox Researchers

In this blog, we examine three types of poisoned pipeline execution (PPE) attacks, methods to exploit these types of vulnerabilities, and recommended preventive measures.

Poisoned Pipeline Execution Attacks: A Look at CI-CD Environments

Mar 19, 2024

By Sebastian Guerrero

Gain actionable tips to operationalize the FDA's 2023 legislation, H.R. 2617 Section 524B product security requirements for medical devices.

Implementing the FDA's 2023 Requirements for Medical Device Cybersecurity

Mar 12, 2024

By Matt Twells

In this blog, we examine how the new Fortinet encryption scheme works and provide a tool to decrypt the root filesystem for x86-based FortiOS images.

Further Adventures in Fortinet Decryption

Mar 8, 2024

By Bishop Fox Researchers

Discover vulnerable FortiGate firewalls with the Bishop Fox CVE-2024-21762 vulnerability scanner.

CVE-2024-21762 Vulnerability Scanner for FortiGate Firewalls

Mar 1, 2024

By Bishop Fox Researchers

Learn how to upgrade your job search in LinkedIn with helpful AI prompts and tips from an industry-leading recruiter.

Unlocking Job Opportunities with LinkedIn and Artificial Intelligence

Feb 28, 2024

By Kaitlin O'Neil

En Bishop Fox, siempre estamos buscando crear la próxima generación de Avengers de la seguridad ofensiva a través de nuestro innovador internship program.

El Programa de Interns de Bishop Fox: Foxes de México Assemble!

Feb 16, 2024

By Lesley Mugford

Learn about our internship program for Mexico-based penetration testers.

The Bishop Fox Internship Program: Mexico Foxes Assemble!

Feb 15, 2024

By Lesley Mugford