Offensive Security Blog

Sometimes, our Cosmos team creates custom exploits for particular CVEs as requested by clients. In this case, Carl Livitt created an exploit for CVE-2021-3521; here, he shares his thought process behind creating a ROP-based exploit for Serv-U FTP v15.2.3.717 on modern Windows systems.

Creating an Exploit: SolarWinds Vulnerability CVE-2021-35211

Jan 13, 2022

By Carl Livitt

The Bishop Fox Cosmos Adversarial Operations experts identified a WAF rule bypass in the Imperva Cloud Web Application Firewall. Discover how offensive and defensive security organizations can combine forces to ensure the best outcomes for organizations and continually improve security.

Zero-Day Collaboration: Working With Imperva to Eliminate a Critical Exposure

Jan 11, 2022

By Carl Livitt

Lots of research, security talks, and vulnerabilities caught our attention this past year. In this recap, we’ll provide an overview of some of the research we found interesting, some of the talks we found the most compelling, and some of the vulnerabilities we won’t (or can’t) forget anytime soon.

Taking Home Gold: The Best InfoSec Talks & Research of the Year

Jan 4, 2022

By Britt Kemp

Like you, Bishop Fox was racing against the clock to identify as many instance of the Log4j vulnerability for our clients as we could. Take a look at last week's craziness and our testing methodology.

How Bishop Fox Has Been Identifying and Exploiting Log4shell

Dec 27, 2021

By Dan Petro

Affecting enterprise software, web applications, and well-known consumer products globally, the CVE-2021-44228 zero-day vulnerability impacts any organization using the Apache Log4j framework. Read our official Bishop Fox response as we unfold and report on Log4j's impact.

Log4j Vulnerability: Impact Analysis

Dec 10, 2021

By Wes Hutcherson

Misconfigured XMPP (aka Jabber) servers may not be the most common service you encounter during pen tests, but they can prove valuable. Misconfigured XMPP servers are an excellent way to retrieve sensitive data from a company, establish a foothold in their infrastructure, and inform further attacks.

XMPP: An Under-appreciated Attack Surface

Dec 6, 2021

By Zach Julian

CATIE Web version 20.04 is vulnerable to four local file disclosure vulnerabilities, which enable an unauthenticated remote attacker to read arbitrary files via four separate application endpoints.

CATIE Web - Version 20.04.0

Dec 2, 2021

By Nate Robb, Dan Ritter

Searching for a pen testing tool to put to use during a security engagement? Check out our annual list of penetration testing tools our consultants have found helpful during this past year.

The Pen Testing Tools We’re Thankful for in 2021

Nov 23, 2021

By Britt Kemp

Eyeballer, our open source AI-powered tool, just got a few updates. See what that entails and learn how to effectively use the tool.

Eyeballer 2.0 Web Interface and Other New Features

Nov 15, 2021

By Dan Petro

Threat modeling can fit in to a DevSecOps program quite well, as it’s inherently a collaborative exercise between security and development.

Continuous Security: Threat Modeling in DevSecOps

Nov 8, 2021

By Chris Bush

There’s no shortage of OSINT tools, techniques, and other resources – in fact, there’s so much stuff, it’s a little overwhelming to try and sort through it all. Writing a “best of” or otherwise “cumulative” list would be a futile endeavor, so instead, we compiled 9 OSINT tools we find useful.

9 OSINT Tools For Your Reconnaissance Needs

Oct 29, 2021

By Britt Kemp

While investigating our clients’ attack surfaces, I find myself repeating tasks frequently enough to demonstrate a need for automation, yet not frequently enough to justify the time needed to develop an automated solution.

A Snapshot of CAST in Action: Automating API Token Testing

Oct 21, 2021

By Zach Zeitlin

Chris Bush provides a review of why secure code review should be an integral part of every DevSecOps lifecycle and the strategies teams should adopt.

The Code Reveals All: Why Secure Code Review Should be an Integral Part of DevSecOps

Oct 12, 2021

By Chris Bush

I am happy to announce that the PDF version of that CTF guide is now available for download!

Behind The CTF Guide “Breaking & Entering: A Pocket Guide for Friendly Remote Admins"

Oct 6, 2021

By Andy Doering

Learn everything you need to know about fuzzing, including who should fuzz, what types of fuzzers exist, how to write a good harness, and more.

An Intro to Fuzzing (AKA Fuzz Testing)

Sep 28, 2021

By Matt Keeley

In a follow up to his IAM Vulnerable tool, Seth Art examines the identification aspect of IAM privilege escalation and reviews IAM privesc assessment tools

IAM Vulnerable - Assessing the AWS Assessment Tools

Sep 23, 2021

By Seth Art

A review of the 2021 CISA and MITRE Vulnerability Lists to understand their similarities and differences, and share our takeaways.

A Review of the 2021 CISA and MITRE Vulnerability Lists

Sep 21, 2021

By Britt Kemp

The IAM Vulnerable tool helps you learn how to identify and then exploit intentionally vulnerable IAM configurations that allow for privilege escalation.

IAM Vulnerable - An AWS IAM Privilege Escalation Playground

Sep 9, 2021

By Seth Art

A recap of some of our favorite DEF CON 29 security talks featuring Patrick Wardle, James Kettle, and Bishop Fox's own Hector Cuevas Cruz.

DEF CON 29 Recap: 9 Talks You May Have Missed

Aug 19, 2021

By Britt Kemp

An insecure filesystem permissions vulnerability was identified in eCatcher version 6.6.4 and earlier. To exploit this vulnerability, an attacker must have a user account on the same machine as the victim and have access to the machine during an active VPN connection.

eCatcher Desktop, Version 6.6.4 Advisory

Aug 17, 2021

By Priyank Nigam

The Bishop Fox team discovered three vulnerabilities that could have a severe business and reputational risk for Wodify.

Wodify

Aug 13, 2021

By Dardan Prebreza

Learn why hardware random number generators (RNG) used by billions of IoT devices to create encryption keys don't always generate random numbers.

You're Doing IoT RNG

Aug 5, 2021

By Dan Petro, Allan Cecil

Culture

10 DEF CON 29 Security Talks to Watch

Jul 27, 2021

A look at DEF CON 29 security talks featuring Ian Coldwater, Chad Rikansrud, and Matt Bryant, plus Bishop Fox's own Dan Petro, and Allan Cecil.

By Britt Kemp