AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Customer header bg dark

Offensive
Security Blog

Expert insights on offensive security, AI vulnerabilities, and emerging threats from Bishop Fox's leading security researchers and penetration testers.

Advisories Culture Security Perspectives Product Technical Research View All
Security Perspective

Navigating Threats: Adopting Proactive Social Engineering and Network Testing Strategies

Navigating Threats: Adopting Proactive Social Engineering and Network Testing Strategies

Jan 16, 2024

Get insights from Bishop Fox experts on social engineering tactics, implementing technical controls, and the importance of internal network testing.

By Beth Robinson
Technical Research

It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable

It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable

Jan 15, 2024

Learn about SonicWall NGFW series 6 and 7 impacted by unauthenticated denial-of-service vulnerabilities with the potential for remote code execution.

By Jon Williams
Security Perspective

Strengthening Cybersecurity Defenses: Validating Incident Response Plans with Red Team Tabletop Exercises

Strengthening Cybersecurity Defenses: Validating Incident Response Plans with Red Team Tabletop Exercises

Jan 4, 2024

In this blog, learn how Bishop Fox Red Team tabletop exercises help organizations test Incident Response plans against tactics, techniques, and procedures used by attackers.

By Alethe Denis
Technical Research

GWT: Unpatched, Unauthenticated Java Deserialization

GWT: Unpatched, Unauthenticated Java Deserialization

Dec 18, 2023

In this blog, learn about an eight year old unpatched and unauthenticated Java deserialization vulnerability in GWT.

By Ben Lincoln
Technical Research

Introducing Swagger Jacker: Auditing OpenAPI Definition Files

Introducing Swagger Jacker: Auditing OpenAPI Definition Files

Dec 12, 2023

Download Swagger Jacker, an open-source tool made for penetration testers that enables better auditing of OpenAPI definition files.

By Tony West
Security Perspective

Purple Teaming: Validating Cybersecurity Investments and Enhancing Efficiency

Purple Teaming: Validating Cybersecurity Investments and Enhancing Efficiency

Dec 6, 2023

Learn how Purple Teaming brings together offensive and defensive strategies for a more comprehensive and impactful cybersecurity approach.

By Ryan Basden
Security Perspective

Healthcare: 2023 Insights from the Ponemon Institute

Healthcare: 2023 Insights from the Ponemon Institute

Nov 28, 2023

Get insights into offensive security trends in the healthcare sector with data from the Ponemon Institute’s 2023 State of Offensive Security Report.

By Beth Robinson
Advisory

Ray, Versions 2.6.3, 2.8.0

Ray, Versions 2.6.3, 2.8.0

Nov 27, 2023

This Bishop Fox advisory highlights three critical severity vulnerabilities in the RAY application versions 2.6.3 and 2.8.0.

By Berenice Flores Garcia
Technical Research

Cloud Security Podcast Featuring Seth Art: Network Pentest 2.0

Cloud Security Podcast Featuring Seth Art: Network Pentest 2.0

Nov 8, 2023

Learn about cloud security and cloud penetration testing in Part 2 of Seth Art's interview with Cloud Security Podcast.

By Seth Art
Technical Research

Cloud Security Podcast Featuring Seth Art: Cloud Pentest of AWS

Cloud Security Podcast Featuring Seth Art: Cloud Pentest of AWS

Nov 1, 2023

Hear insights from Seth Art on how AWS cloud penetration testing improves cloud security and why cloud configuration reviews are not always enough.

By Seth Art
Technical Research

Building an Exploit for FortiGate Vulnerability CVE-2023-27997

Building an Exploit for FortiGate Vulnerability CVE-2023-27997

Oct 27, 2023

Learn how Bishop Fox built a POC exploit for the pre-authentication remote code injection vulnerability in the Fortinet SSL VPN published by Lexfo.

By Bishop Fox Researchers
Product

Cosmos: Unleashing the Power of Perimeter Protection

Cosmos: Unleashing the Power of Perimeter Protection

Oct 24, 2023

In this blog, get a preview of the Cosmos: Protecting the Perimeter report and learn how continuous attack surface management protects digital perimeters.

By Beth Robinson
Security Perspective

Red Teaming: 2023 Insights from the Ponemon Institute

Red Teaming: 2023 Insights from the Ponemon Institute

Oct 4, 2023

Learn why mature organizations turn to Red Teaming to improve cybersecurity resiliency.

By Beth Robinson
Technical Research

Celebrating One Year of CloudFox

Celebrating One Year of CloudFox

Sep 29, 2023

Celebrate CloudFox's one-year anniversary as we reflect on the updates and growth that have occurred over the year including the creation of CloudFoxable.

By Seth Art
Technical Research

Passing the OSEP Exam Using Sliver

Passing the OSEP Exam Using Sliver

Sep 21, 2023

Learn how Bishop Fox senior security expert, Jon Guild, passed the OSEP exam using Sliver.

By Jon Guild
Security Perspective

Financial Services: 2023 Insights From the Ponemon Institute

Financial Services: 2023 Insights From the Ponemon Institute

Sep 19, 2023

Get a sneak peek into why FinServ organizations are at the forefront of offensive security.

By Beth Robinson
Security Perspective

The Dark Side of Convenience: Understanding the Dangers of Digital Supply Chain

The Dark Side of Convenience: Understanding the Dangers of Digital Supply Chain

Sep 5, 2023

Dive into this blog for an offensive security perspective on the dangers of the digital supply chain.

By Beth Robinson
Security Perspective

A Bishop Fox Recap - Hacker Summer Camp 2023

A Bishop Fox Recap - Hacker Summer Camp 2023

Aug 23, 2023

Get a Bishop Fox recap of the 2023 Hacker Summer Camp in Las Vegas.

By Beth Robinson
Technical Research

Badge of Shame - Breaking Into Secure Facilities with OSDP

Badge of Shame - Breaking Into Secure Facilities with OSDP

Aug 9, 2023

Learn about five exploitable vulnerabilities we've identified in OSDP and share what defenders can do about them.

By Dan Petro
Technical Research

Analysis and Exploitation of CVE-2023-3519

Analysis and Exploitation of CVE-2023-3519

Aug 4, 2023

Our latest blog offers additional analysis and exploitation of CVE-2023-3519, a critical remote code execution vulnerability in Citrix ADC.

By Caleb Gross
Technical Research

Breaking Fortinet Firmware Encryption

Breaking Fortinet Firmware Encryption

Aug 2, 2023

Check out our latest research on Fortinet products hat breaks encryption on firmware images, leading to improved detection, fingerprinting, and exploit development.

By Jon Williams
Technical Research

Citrix ADC Gateway RCE: CVE-2023-3519 is Exploitable, and 53% of Servers Are Unpatched

Citrix ADC Gateway RCE: CVE-2023-3519 is Exploitable, and 53% of Servers Are Unpatched

Jul 21, 2023

Bishop Fox developed an exploit for CVE-2023-3519, a stack overflow in Citrix ADC Gateway that allows remote code execution. There are 61,000 affected appliances exposed on the internet, and roughly 53% of them are currently unpatched.

By Caleb Gross, Jon Williams
Technical Research

Introducing jsluice: A Technical Deep-Dive for JavaScript Gold (Part 2)

Introducing jsluice: A Technical Deep-Dive for JavaScript Gold (Part 2)

Jul 20, 2023

Join us for a technical deep-dive of jsluice, an open-source mining tool for JavaScript code and files.

By Tom Hudson
Technical Research

Introducing jsluice: The Why Behind JavaScript Gold Mining (Part 1)

Introducing jsluice: The Why Behind JavaScript Gold Mining (Part 1)

Jul 20, 2023

Learn how to use jsluice, an open-source, Go package and command-line tool used to extract information from JavaScript files and code.

By Tom Hudson
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.