AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Customer header bg dark

Offensive
Security Blog

Expert insights on offensive security, AI vulnerabilities, and emerging threats from Bishop Fox's leading security researchers and penetration testers.

Advisories Culture Security Perspectives Product Technical Research View All
Security Perspective

Cloud Offensive Security: 2023 Insights From the Ponemon Institute

Cloud Offensive Security: 2023 Insights From the Ponemon Institute

Jul 18, 2023

In this blog, we explore how offensive security solutions are implemented by mature organizations to proactively protect cloud environments.

By Beth Robinson
Technical Research

CVE-2023-27997 Is Exploitable, and 69% of FortiGate Firewalls Are Vulnerable

CVE-2023-27997 Is Exploitable, and 69% of FortiGate Firewalls Are Vulnerable

Jun 30, 2023

Check out latest analysis for CVE-2023-27997, a heap overflow in FortiOS, the the operating system behind FortiGate firewalls, that allows remote code execution.

By Caleb Gross
Technical Research

CVE-2023-27997 Vulnerability Scanner for FortiGate Firewalls

CVE-2023-27997 Vulnerability Scanner for FortiGate Firewalls

Jun 20, 2023

Use our latest vulnerability assessment tool to check for CVE-2023-27997, a vulnerability in FortiGate firewalls.

By Caleb Gross
Advisory

TaskCafe, Version 0.3.2 Advisory

TaskCafe, Version 0.3.2 Advisory

Jun 20, 2023

Learn about three vulnerabilities we discovered in TaskCafe Version 0.3.2 that result in improper access controls, stored cross-site scripting, and insecure file upload.

By Joan Bono, Luis De la Rosa Hernandez
Security Perspective

Architecting An Offensive Security Blueprint: 2023 Insights From the Ponemon Institute

Architecting An Offensive Security Blueprint: 2023 Insights From the Ponemon Institute

Jun 14, 2023

Learn how mature organizations are designing offensive security blueprints to defend forward against today's most advanced adversaries and threats.

By Tom Eston
Technical Research

Introducing CloudFoxable: A Gamified Cloud Hacking Sandbox

Introducing CloudFoxable: A Gamified Cloud Hacking Sandbox

Jun 13, 2023

Introducing CloudFoxable, an intentionally vulnerable AWS environment created specifically to teach the art of AWS cloud penetration testing, while highlighting CloudFox to help find latent attack paths more effectively.

By Seth Art
Culture

Geek Out: Technology Museums to Visit This Summer

Geek Out: Technology Museums to Visit This Summer

Jun 6, 2023

Check out our recommendations for technology museums to visit this summer.

By Shanni Prutchi
Technical Research

Power Up Your Pen Tests: Creating Burp Suite Extensions with the New Montoya API

Power Up Your Pen Tests: Creating Burp Suite Extensions with the New Montoya API

May 25, 2023

Learn how to power up your pen tests by using the new Montoya API to create Burp Suite extensions from scratch.

By Christopher Cerne
Technical Research

A More Complete Exploit for Fortinet CVE-2022-42475

A More Complete Exploit for Fortinet CVE-2022-42475

May 17, 2023

Learn about our unique research focused on CVE-2022-42475 and how an exploit can be built to target a single specific FortiGate appliance running a single specific version of FortiOSbug.

By Carl Livitt, Jon Williams
Culture

Using LinkedIn to Land Your Dream Cybersecurity Job

Using LinkedIn to Land Your Dream Cybersecurity Job

Apr 18, 2023

Learn how to get recruiters' attention on LinkedIn with expert tips from a Bishop Fox recruiting manager.

By Kaitlin O'Neil
Advisory

WP Coder, Version 2.5.3 Advisory

WP Coder, Version 2.5.3 Advisory

Apr 13, 2023

In this advisory learn about the WP Coder plugin that is affected by a time-based SQL injection vulnerability via the the ‘id’ parameter in versions up to, and including, 2.5.3.

By Etan Castro Aldrete
Advisory

Microsoft Intune, Version 1.55.48.0 Advisory

Microsoft Intune, Version 1.55.48.0 Advisory

Apr 4, 2023

Learn about the latest Microsoft Intune vulnerability discovered by Ben Lincoln.

By Ben Lincoln
Advisory

Windows Task Scheduler Application, Version 19044.1706 Advisory

Windows Task Scheduler Application, Version 19044.1706 Advisory

Apr 4, 2023

Learn about CVE-2023-21541, a Windows Task Scheduler vulnerability discovered by Ben Lincoln.

By Ben Lincoln
Technical Research

What the Vuln: EDR Bypass with LoLBins

What the Vuln: EDR Bypass with LoLBins

Mar 23, 2023

Learn more about EDR bypass techniques with Lindsay Von Tish in the second blog of our What the Vuln series.

By Lindsay Von Tish
Security Perspective

Bank Vault or Screen Door? How Attackers View Financial Services

Bank Vault or Screen Door? How Attackers View Financial Services

Mar 20, 2023

Bank vault or screen door? Learn how FinServ attack surfaces appear to a hacker, how they prefer to exploit, and where they look for vulnerabilities.

By Beth Robinson
Culture

Women of the Fox Den - A Unique Hacking Perspective

Women of the Fox Den - A Unique Hacking Perspective

Mar 12, 2023

Get highlights from our International Women's Day livestream roundtable, Defend Like a Girl: Hacking Your Way to Cyber Success.

By Beth Robinson
Culture

The Women Behind the Writing

The Women Behind the Writing

Mar 9, 2023

Get to the know a few of the women behind the technical editorial team at Bishop Fox and learn about the criticality of clear, continuous, and consistent communication with customers.

By Beth Robinson
Technical Research

What the Vuln: Zimbra

What the Vuln: Zimbra

Feb 21, 2023

Take a deep dive into Zimbra Zip Path Traversal vulnerability with Carlos Yanez in the first blog of our What the Vuln series.

By Carlos Yanez
Security Perspective

Red Teaming: The Ultimate Sanity Check for Security Teams

Red Teaming: The Ultimate Sanity Check for Security Teams

Feb 16, 2023

Learn how to take control of security program investments with Red Teaming.

By Trevin Edgeworth, Mark MacDonald
Culture

The Top 12 Hacking Influencers to Follow

The Top 12 Hacking Influencers to Follow

Feb 9, 2023

Check out this blog to learn about our favorite influencers to follow on the hacker scene.

By Britt Kemp
Technical Research

Spoofy: An Email Domain Spoofing Tool

Spoofy: An Email Domain Spoofing Tool

Feb 1, 2023

In this blog, take a deep dive into Spoofy, an opensource tool that offers bulk domain lookup based on DMARC and SPF records.

By Matt Keeley
Advisory

EzAdsPro BlackBox Advisory

EzAdsPro BlackBox Advisory

Jan 25, 2023

Read this high risk advisory to learn how EzAdsPro "BlackBox" application allowed directory listing resulting in unauthorized information disclosure.

By Dan Petro
Security Perspective

8 Network Pen Testing Tools for Your Hacker Arsenal

8 Network Pen Testing Tools for Your Hacker Arsenal

Jan 17, 2023

Check out our recommendations for top network pen testing tools to level up your hacking skills.

By Britt Kemp
Technical Research

Cloud Penetration: Not Your Typical Internal Testing

Cloud Penetration: Not Your Typical Internal Testing

Jan 10, 2023

Learn what it is like to be a cloud penetration tester from our expert, Seth Art.

By Seth Art
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.