Offensive
Security Blog

Advisory

Accellion Kiteworks Multiple Vulnerabilities

Sep 8, 2016

Three vulnerabilities were discovered in the Accellion Kiteworks appliance. The three vulnerabilities are described in this Bishop Fox security advisory.

By Shubham Shah

Security Perspective

What Security Leaders Can Learn About Decision-Making

Aug 24, 2016

In our latest cybersecurity leaders feature, Richard Seiersen from GE Healthcare shares his decision making philosophy with Bishop Fox's Vincent Liu.

By Vincent Liu

Technical Research

Game Over, Man! Reversing Video Games to Create an Unbeatable AI Player

Aug 10, 2016

Bishop Fox's Dan Petro explains the creation of his SmashBot AI character and how he implemented time-honored hacker techniques in the development process.

By Dan Petro

Security Perspective

How to Engineer Secure Things: Past Mistakes and Future Advice

Jun 15, 2016

Internet of Things security often is an afterthought. Nathan Elendt chronicles the do's and do nots of how engineers can create secure connected devices.

By Nathan Elendt

Security Perspective

The Power of 'Agile' Security at Dun & Bradstreet

Jun 1, 2016

Dun & Bradstreet CSO dishes on agile security and how it transformed his security program - and eventually, the entire business.

By Vincent Liu

Technical Research

If You Can't Break Crypto, Break the Client: Recovery of Plaintext iMessage Data

Apr 8, 2016

CVE-2016-1764, fixed by Apple in March of 2016, is an application-layer bug that leads to the remote disclosure of all message content and attachments in plaintext by exploiting the OS X Messages clie

By Joe DeMesy, Shubham Shah, and Matthew Bryant

Advisory

OS X Messages (iMessage): XSS & File Disclosure

Apr 8, 2016

This is the official Bishop Fox security advisory for the OS X Messages (iMessage) vulnerability, discovered in early 2016 and subsequently patched by Apple.

By Joe DeMesy, Shubham Shah, and Matthew Bryant

Security Perspective

On Apple, Encryption, and Privacy: A Word About Decryption

Mar 31, 2016

The FBI's decision to pursue decryption on an Apple iPhone without their buy-in has far-reaching consequences for consumer privacy.

By Carl Livitt

Security Perspective

CA Single Sign-On Software Update: Stay Secure

Mar 23, 2016

Bishop Fox's Mike Brooks discovered two vulnerabilities in the CA Single Sign-On application. If you use CA Single Sign-On, update your software immediately.

By Bishop Fox

Advisory

CA Single Sign-On Unspecified High-Risk Vulnerabilities Advisory

Mar 23, 2016

Two high-risk vulnerabilities were discovered in CA Technologies Single Sign-On (formerly CA SiteMinder®) application. A denial-of-service attack and ...

By Mike Brooks

Security Perspective

On Apple, Encryption, and Privacy

Mar 2, 2016

Resident iPhone and iOS experts Joe DeMesy and Carl Livitt discuss Apple's stance on privacy + encryption in this Bishop Fox blog post.

By Joe DeMesy and Carl Livitt

Technical Research

Burp, Collaborate, and Listen: A Pentester Reviews the Latest Burp Suite Addition

Feb 3, 2016

Bishop Fox pentesters analyze the implications and benefits of Burp Suite's newest penetration testing feature, Collaborator. Read our take at our blog.

By Max Zinkus

Security Perspective

Building a Winning Security Team From the Top Down

Oct 20, 2015

Growing your security team? Dropbox Head of Trust & Security Patrick Heim shares his insights with Bishop Fox Partner Vincent Liu in this blog post.

By Vincent Liu

Technical Research

Fishing the AWS IP Pool for Dangling Domains

Oct 7, 2015

Matt Bryant goes IP fishing in the AWS pool. Read about how he did it - and why expired digital assets can pose a threat.

By Matt Bryant

Technical Research

Stand Your Cloud #2: Host Server Hardening

Sep 23, 2015

In the second part of this AWS security series, Ruihai Fang and Trevor Lawrence share some best practices for strengthening your infrastructure.

By Trevor Lawrence & Ruihai Fang

Technical Research

The Active Directory Kill Chain: Is Your Company at Risk?

Sep 8, 2015

Bishop Fox's Kevin Sugihara walks through a step-by-step exploit on the Active Directory service offered by Microsoft.

By Kevin Sugihara

Technical Research

ColdFusion Bomb: A Chain Reaction From XSS to RCE

Aug 27, 2015

Shubham Shah discovered a vulnerability in the ColdFusion application. The Bishop Fox blog explains the vuln's details as well as how Adobe fixed the issue.

By Shubham Shah

Advisory

Adobe ColdFusion Reflected Cross-Site Scripting Flaw

Aug 27, 2015

A reflected cross-site scripting vulnerability was found in the post-authentication administrative panel for ColdFusion, an Adobe web application development platform.

By Shubham Shah

Technical Research

An Overview of BGP Hijacking

Aug 17, 2015

At the Bishop Fox blog, Zach Julian discusses the intricacies and threats of BGP hijacking. His post serves as an introduction to the subject matter.

By Zach Julian

Technical Research

On the "Brink" of a Robbery

Jul 28, 2015

Bishop Fox's Dan Petro explains vulnerabilities found in the Brink's CompuSafe Galileo and how they can lead to smart safe hacking in this blog post.

By Dan Petro

Advisory

NoScript Bypass

Jul 6, 2015

This Bishop Fox security advisory describes a vulnerability identified by researcher Matt Bryant in NoScript.

By Matt Bryant

Advisory

LastPass Site Password-Stealing Clickjacking Vulnerability

Jul 1, 2015

This Bishop Fox security advisory describes vulnerabilities identified within the LastPass application.

By Matt Bryant

Security Perspective

ISO 27018: The Long-Awaited Cloud Privacy Standard

May 20, 2015

How does ISO 27018 affect cloud services users and providers? Bishop Fox's Birgit Mullen explains its ramifications in this blog post.

By Birgit Thorup Mullen

Technical Research

Rethinking & Repackaging iOS Apps: Part 2

May 4, 2015

In Part 2, Carl Livitt introduces a toolchain for enabling iOS application hacking tools on non-jailbroken devices and includes a step-by-step guide.

By Carl Livitt