AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Customer header bg dark

Offensive
Security Blog

Expert insights on offensive security, AI vulnerabilities, and emerging threats from Bishop Fox's leading security researchers and penetration testers.

Advisories Culture Security Perspectives Product Technical Research View All
Culture

2023 Offensive Security Resolutions from the Fox Den

2023 Offensive Security Resolutions from the Fox Den

Jan 4, 2023

Get familiar with Bishop Fox's most important offensive security resolutions for 2023.

By Beth Robinson
Security Perspective

Our Favorite Tools of the Year: 2022 Edition

Our Favorite Tools of the Year: 2022 Edition

Dec 27, 2022

Check out out favorite pen testing tools that we loved using in 2022!

By Britt Kemp
Culture

A Hacker Holiday Gift Guide

A Hacker Holiday Gift Guide

Dec 20, 2022

Need gift ideas for your favorite hackers? We've got you covered with our Hacker Holiday Gift Guide.

By Shanni Prutchi
Advisory

FlowscreenComponents Basepack, Version 3.0.7 Advisory

FlowscreenComponents Basepack, Version 3.0.7 Advisory

Dec 15, 2022

In this advisory, read about a cross-site scripting (XSS) vulnerability in the FlowscreenComponents Basepack, Version 3.0.7.

By Matthew Rutledge
Security Perspective

The Latest in Ransomware: A Path of Cyber Destruction

The Latest in Ransomware: A Path of Cyber Destruction

Dec 12, 2022

In this blog, we share a roundup of recent ransomware events, how ransomware continues to forge a path of destruction, and shed light on efforts to slow the pace of attacks.

By Beth Robinson
Technical Research

160K COVID-19 Records: Vulnerability in Avicena Medical Laboratory

160K COVID-19 Records: Vulnerability in Avicena Medical Laboratory

Dec 9, 2022

In this blog, learn how Bishop Fox discovered vulnerabilities in Kosovo's Avicena Medical Laboratory revealing patients' COVID-19 records.

By Dardan Prebreza
Security Perspective

A CISO's Approach to Ransomware Playbooks

A CISO's Approach to Ransomware Playbooks

Nov 29, 2022

Get a CISO's perspective on testing your security defenses against real-world ransomware playbooks.

By Beth Robinson
Advisory

Log HTTP Requests, Version 1.3.1, Advisory

Log HTTP Requests, Version 1.3.1, Advisory

Nov 21, 2022

Read this medium risk advisory to learn details about CVE-2022-3402.

By Etan Castro Aldrete
Culture

How to Go from Active Duty to Civilian Cybersecurity

How to Go from Active Duty to Civilian Cybersecurity

Nov 17, 2022

In this blog, learn how veterans bridge the career gap between active duty service and civilian cybersecurity.

By Beth Robinson
Security Perspective

Don't Get Caught in the Dark: How to Build Better Documentation for Security Teams

Don't Get Caught in the Dark: How to Build Better Documentation for Security Teams

Oct 31, 2022

In this blog, we share our recommendations for improving technical documentation guidelines and strategies for security teams.

By Andy Doering
Security Perspective

Behind the Scenes, New Insights from SANS Hacker Survey

Behind the Scenes, New Insights from SANS Hacker Survey

Oct 27, 2022

Get inside the mind of a hacker with highlights from our webcast, Hacker Insights Revealed; New SANS Survey Results

By Beth Robinson
Advisory

Atlassian Jira Align, Version 10.107.4 Advisory

Atlassian Jira Align, Version 10.107.4 Advisory

Oct 24, 2022

Read to learn details about the Atlassian Jira Align, Version 10.107.4 Advisory

By Jake Shafer
Technical Research

The State of Vulnerabilities in 2022

The State of Vulnerabilities in 2022

Oct 19, 2022

Is your organization concerned with security vulnerabilities? Read on as we examine publicly disclosed reports to understand the most frequent vulnerability types, the highest-disclosed bounties, and more.

By Carlos Yanez
Security Perspective

Sharing the Power of Cybersecurity Awareness

Sharing the Power of Cybersecurity Awareness

Oct 5, 2022

In honor of Cybersecurity Awareness Month, we've gathered our top tips to help your family, friends, and community members stay safer in the virtual world.

By Beth Robinson
Security Perspective

Know Your Enemy, Know Yourself: Examining the Mind of a Cyber Attacker

Know Your Enemy, Know Yourself: Examining the Mind of a Cyber Attacker

Sep 28, 2022

We partnered with SANS to bring you a groundbreaking report that explores the minds and methodologies of modern cyber adversaries. See what inspired our research and get access to the full report.

By Wes Hutcherson
Technical Research

(In)Secure by Design

(In)Secure by Design

Sep 22, 2022

Learn how your organization can improve application security by applying secure design patterns, avoiding anti-patterns, and adding security architecture analysis.

By Chris Bush, Shanni Prutchi
Technical Research

Introducing: CloudFox

Introducing: CloudFox

Sep 13, 2022

Introducing CloudFox, a command line tool created to help offensive security professionals find exploitable attack paths in cloud infrastructure.

By Seth Art, Carlos Vendramini
Technical Research

Solving the Unredacter Challenge

Solving the Unredacter Challenge

Sep 8, 2022

We asked you to take our Unredacter Challenge, in which we asked you to get creative and devise a way to solve our blurred secret message! Watch as Shawn A., one of our Unredacter Challenge winners, showcases his solution.

By Shawn Asmus
Security Perspective

Pathways to Security: A Look at University, Military and STEM Programs

Pathways to Security: A Look at University, Military and STEM Programs

Aug 29, 2022

Level up your knowledge of university, military and STEM pathways into the cybersecurity industry to start planning your career journey.

By Beth Robinson
Technical Research

You're (Still) Doing IoT RNG

You're (Still) Doing IoT RNG

Aug 24, 2022

In this blog, we follow up on the systemic problem of insecure use of random number generators (RNGs) in the Internet of Things (IoT) industry.

By Dan Petro
Culture

What the Fox Happened in Las Vegas?

What the Fox Happened in Las Vegas?

Aug 18, 2022

What happened in Vegas stays in Vegas... or does it? See our recap of our Fox adventures at B-Sides LV, The Diana Initiative, Black Hat USA, and DEF CON 30.

By Britt Kemp
Culture

A Guide to Your First DEF CON

A Guide to Your First DEF CON

Aug 5, 2022

Going to DEF CON for the first time? Check our recommendations for making the most of your inaugural DEF CON experience.

By Britt Kemp
Culture

Creating Innovation in the Workplace

Creating Innovation in the Workplace

Aug 3, 2022

Learn why Bishop Fox has been ranked No. 21 on Fast Company’s Fourth Annual List of the 100 Best Workplaces for Innovators.

By Beth Robinson
Culture

Our Favorite Week of the Year

Our Favorite Week of the Year

Jul 26, 2022

In this blog, find out what security experts are excited for during this year's Black Hat and DEF CON week.

By Britt Kemp
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.