AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Customer header bg dark

Offensive
Security Blog

Expert insights on offensive security, AI vulnerabilities, and emerging threats from Bishop Fox's leading security researchers and penetration testers.

Advisories Culture Security Perspectives Product Technical Research View All
Advisory

Amtrak Mobile APIs - Multiple Vulnerabilities

Amtrak Mobile APIs - Multiple Vulnerabilities

Feb 19, 2019

The Amtrak mobile APIs are affected by vulnerabilities that can lead to exposed PII and partial payment data for Amtrak guests.

By Priyank Nigam
Advisory

OpenMRS - Insecure Object Deserialization

OpenMRS - Insecure Object Deserialization

Feb 4, 2019

This write-up details a critical Bishop Fox-identified vulnerability in OpenMRS, a collaborative open-source healthcare project.

By Nicolas Serra
Security Perspective

My Path to Security - How Tom Wilhelm Got Into Security

My Path to Security - How Tom Wilhelm Got Into Security

Jan 21, 2019

See how Bishop Fox Practice Director Tom Wilhelm has enjoyed a long and rewarding career in cybersecurity in this blog post.

By Bishop Fox
Advisory

Silverpeas 5.15 To 6.0.2: Path Traversal

Silverpeas 5.15 To 6.0.2: Path Traversal

Jan 15, 2019

A Bishop Fox researcher discovered a critical vulnerability in the Silverpeas application, a popular open source WEB platform that services multiple high-profile French organizations.

By Bastien Faure
Advisory

PhpSpreadsheet Versions<=1.5.0 - XXE injection

PhpSpreadsheet Versions<=1.5.0 - XXE injection

Nov 30, 2018

Bishop Fox researcher Alex Leahu found an XML External Entity (XXE) Injection vulnerability in the PhpSpreadsheet library.

By Alex Leahu
Advisory

YunoHost 2.7.2 to 2.7.14 - Multiple Vulnerabilities

YunoHost 2.7.2 to 2.7.14 - Multiple Vulnerabilities

Oct 30, 2018

YunoHost is an application that is used to manage applications hosted on a Linux server; Florian Nivette identified several vulnerabilities in it.

By Florian Nivette
Advisory

Eaton UPS 9PX 8000 SP - Multiple Vulnerabilities

Eaton UPS 9PX 8000 SP - Multiple Vulnerabilities

Oct 19, 2018

Bishop Fox researchers identified three security vulnerabilities in the Eaton power management appliance manufactured by Eaton Corporation Plc.

By Kelly Albrink
Advisory

SV3C L-Series HD Camera – Multiple Vulnerabilities

SV3C L-Series HD Camera – Multiple Vulnerabilities

Oct 16, 2018

This security advisory describes several vulnerabilities found in the SV3C L-Series HD Camera, version 2.3.4.2103-S50-NTD-B20170823B and below.

By Jefferino Siqueria
Security Perspective

My Path to Security - How Gerben Kleijn Got Into Security

My Path to Security - How Gerben Kleijn Got Into Security

Oct 11, 2018

Learn how Gerben Kleijn - a Bishop Fox Managing Consultant - got his start in an infosec career, which ultimately took him to his current job at Bishop Fox.

By Bishop Fox
Advisory

Subsonic 6.1.1 - Multiple Vulnerabilities

Subsonic 6.1.1 - Multiple Vulnerabilities

Sep 17, 2018

Florian Nivette identified several vulnerabilities in Subsonic, an open source web media server that enables the management of media resources.

By Florian Nivette
Advisory

Wallabag 2.2.3 to 2.3.2 - Stored Cross-Site Scripting

Wallabag 2.2.3 to 2.3.2 - Stored Cross-Site Scripting

Sep 17, 2018

Wallabag is an open source RSS reader application, distributed under an MIT license. A Bishop Fox researcher identified a stored cross-site scripting vulnerability in it.

By Florian Nivette
Advisory

CremeCRM 1.6.12 - Multiple Vulnerabilities

CremeCRM 1.6.12 - Multiple Vulnerabilities

Aug 30, 2018

Two vulnerabilities were identified in CremeCRM: 29 instances of stored cross-site scripting and one instance of reflected link manipulation.

By Florian Nivette
Technical Research

An Introduction to AWS Cloud Security

An Introduction to AWS Cloud Security

Aug 28, 2018

If you're a newcomer to the slightly intimidating world of AWS cloud security, let this primer by Bishop Fox serve as your first jump into a world that you can navigate with some time and patience.

By Gerben Kleijn
Security Perspective

Password Security: The Good, the Bad, and the "Never Should Have Happened"

Password Security: The Good, the Bad, and the

Aug 16, 2018

This Bishop Fox guide to password security will help inform your organization's password policy procedures.

By Candis Orr
Security Perspective

A Primer to Red Teaming

A Primer to Red Teaming

Jul 31, 2018

Is red teaming right for your organization? What do you need to be successful? What's the difference between a blue team and a red team - or even a red team and a purple team? Find out in this guide

By MJ Keith
Security Perspective

My Path to Security - How Matt Frost Got Into Cybersecurity

My Path to Security - How Matt Frost Got Into Cybersecurity

Jul 20, 2018

Read about how Senior Security Consultant Matt Frost got his start in infosec - and his start at Bishop Fox.

By Bishop Fox
Security Perspective

How 'Small' Security Errors Lead to a Security Breach

How 'Small' Security Errors Lead to a Security Breach

Jul 16, 2018

In the wake of the Timehop breach, the social media aggregator chose a transparent approach in disclosure. Bishop Fox partnered with them in this guide and case study on how small cybersecurity errors

By Alex DeFreese
Technical Research

A Guide to AWS S3 Buckets Security

A Guide to AWS S3 Buckets Security

Jul 10, 2018

The blog post serving as an intro to our guide on AWS S3 buckets security best practices. Download our guide for more technical information on how you can keep your AWS environment safe.

By Gerben Kleijn
Security Perspective

WPA3 Is a Major Missed Opportunity: Here's Why

WPA3 Is a Major Missed Opportunity: Here's Why

Jun 30, 2018

The announced WPA3 is a well-intentioned attempt at strengthening open Wi-Fi security, but it's not enough. Dan Petro describes the problem and possible solutions.

By Dan Petro
Technical Research

Why You Need IDontSpeakSSL in Your Life

Why You Need IDontSpeakSSL in Your Life

Jun 26, 2018

Get the scoop on IDontSpeakSSL, the network pentesting tool created by Bishop Fox's Florian Nivette. To read about how it works, check out the blog post which explains the difference between it and it

By Florian Nivette
Security Perspective

My Path to Security - How Kelly Albrink Got Into Security

My Path to Security - How Kelly Albrink Got Into Security

Jun 15, 2018

Former art dealer Kelly Albrink is a self-taught infosec professional hailing from a one-of-a-kind background. Learn how she got into infosec in this blog post.

By Kelly Albrink
Technical Research

Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution

Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution

Jun 11, 2018

Bishop Fox's Jake Miller explains server-side spreadsheet injection, an attack vector based on CSV injection, in this technical write-up based off his Empire Hacking Meetup presentation.

By Jake Miller
Advisory

Jirafeau Version 3.3.0 – Multiple Vulnerabilities

Jirafeau Version 3.3.0 – Multiple Vulnerabilities

Jun 6, 2018

Bishop Fox researcher Florian Nivette identified multiple vulnerabilities in Jirafeau Version 3.3.0. This write-up discusses the exploits and their implications.

By Florian Nivette
Advisory

SolarWinds Serv-U Managed File Transfer – Insufficient Session ID Entropy

SolarWinds Serv-U Managed File Transfer – Insufficient Session ID Entropy

May 14, 2018

This security advisory describes a high-risk vulnerability found by Bishop Fox researcher Baker Hamilton in SolarWinds Serv-U Managed File Transfer.

By Baker Hamilton
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.