Offensive
Security Blog

Culture

Spark Your Curiosity With These Security Podcasts

Jun 27, 2021

Bishop Fox shares our favorite security podcasts.

By Britt Kemp

Industry

Free Tools and Add-Ons to Explore for Applying DevSecOps in Your Organization

Jun 24, 2021

List of free, built-in, or open-source tools & reference material when planning a move to DevSecOps. It’s a starting point to try within your environment. 

By Tom Eston

Industry

Our Position on the Digital Millennium Copyright Act (DMCA) and the Need to Safeguard Tools for Responsible Security Researchers

Jun 23, 2021

Bishop Fox is joining our peers in the security industry in cautioning against Section 1201 of the Digital Millennium Copyright Act (DMCA).

By Bishop Fox

Technical Research

LEXSS: Bypassing Lexical Parsing Security Controls

Jun 22, 2021

Technical details of achieving cross-site scripting (XSS) attacks by using HTML parsing logic where lexical parsers are used to nullify dangerous content.

By Chris Davis

Industry

Why You Need Continuous Testing to Detect Emerging Threats and Discover the Unknowns

Jun 16, 2021

Learn why continuous testing will become a requirement for most organizations in the near future.

By Bishop Fox

Advisory

RetroArch for Windows, Versions 1.9.0 - 1.9.4 Advisory

Jun 15, 2021

One high risk XSS vulnerability was identified within the the RetroArch for Windows application version 1.9.0.

By Daniel Fulford

Industry

Applying DevSecOps in Your Organization

Jun 10, 2021

Tom Eston describes the entire DevSecOps lifecycle and what aspects of tooling and testing you can build into the way your organization develops applications.

By Tom Eston

Industry

New Insights on Supply Chain and Ransomware Attacks From Our Chat With Alex Stamos and Charles Carmakal

Jun 10, 2021

Alex Stamos, Charles Carmakal, & Vinnie Liu discussed the challenges facing supply chain post Solarwinds & Colonial Pipeline attacks. Read their takeaways.

By Bishop Fox, Vincent Liu

Industry

SCOTUS CFAA Ruling: What does it mean for pen testers and security?

Jun 4, 2021

Bishop Fox Lead Researcher Dan Petro provides his insights into how the latest CFAA Supreme Court ruling impacts pen testers and security research.

By Dan Petro

Advisory

Froala Editor, Version 3.2.6 Advisory

Jun 2, 2021

One high risk XSS vulnerability was identified within the Froala application.

By Chris Davis

Industry

Prepare for Scoping: The Technical Side

May 25, 2021

Scoping is an important precursor to a successful security test. Explore the technical considerations needed when choosing a vendor for a network pen test.

By Claire Tills

Culture

Security Certifications: Choose Your Own Adventure

May 20, 2021

This Bishop Fox resource will help security professionals understand the pros and cons of obtaining an OSCP, CISSP, SANS GIAC, or other security cert.

By Britt Kemp

Industry

CVE Digest for March and April 2021: Exploits Gone Wild

May 6, 2021

In this CVE recap of March and April 2021, we review more notable unpatched security vulnerabilities attackers are continuing to target in the wild.

By Britt Kemp

Industry

Ham Hacks: Breaking Into Software-defined Radio

Apr 29, 2021

Expand hacking skills for software defined radio (SDR), learn radio basics and hardware/software setup, perform demos, and reverse engineer radio signals.

By Kelly Albrink

Industry

9 Red Team Tools For a Successful Red Teaming Engagement

Apr 13, 2021

Nine tools we’ve found useful for our red teaming engagements including CursedChrome, Sliver, Githound, Stormspotter, DumpsterFire, Overlord, and more.

By Britt Kemp

Industry

Don’t Shortchange Your Organization’s Security With URL Shortener Services

Apr 6, 2021

URL shortening services can compromise system security and weaken the attack surface. Protect infrastructure and critical data by not using these services.

By Ori Zigindere

Culture

Selections From the Fox Den: Security and Tech Books We Recommend (and Enjoy!)

Apr 2, 2021

Hone your hacking, and soft skills with a Bishop Fox curated list of fiction and non-fiction cybersecurity, pen testing, and tech books to keep learning.

By Britt Kemp

Culture

How to Write a CFP That Actually Gets Read

Mar 25, 2021

Learn to write a winning abstract that gets selected when competitive calls for presentations open for conferences like DEF CON, BSides and Black Hat.

By Britt Kemp

Industry

If Your Scope Is Bad, Your Pen Test Will Be Bad

Mar 23, 2021

The quality of an engagement is entirely dependent on the quality of the scoping. If a penetration test doesn’t start with goals, it won't be as successful

By Jessica La Bouve

Culture

How To Make Remote Work Not Suck: The Bishop Fox WFH Guide

Mar 16, 2021

Security professionals working remotely temporarily or permanently need a home workstation or lab that makes them feel productive and comfortable.

By Britt Kemp

Advisory

Emerging Threat Notification: F5 Networks Vulnerabilities for BIG-IP and BIG-IQ Products

Mar 11, 2021

F5 Networks released security advisories for critical vulnerabilities affecting the BIG-IP and BIG-IQ products. Install the security update immediately.

By Justin Rhinehart

Industry

ProxyLogon (CVE-2021-26855): 2021’s Top Contender for Vulnerability for the Year (It’s March...)

Mar 10, 2021

The attack on Microsoft Exchange servers encompasses several unique vulnerabilities in an attack chain. The impact is critical for multiple reasons.

By Barrett Darnell

Industry

Understanding the Driving Factors of a Pen Test

Mar 9, 2021

How a pen tester will perform an assessment and determine what assets to attack depends on what’s important to a company's security strategy and investment.

By Dan Petro

Industry

The Evolution of the Red Team

Mar 3, 2021

Bishop Fox believes Red Teams can deliver even more value and prevent attacks by integrating Red Teaming services with risk analysis and threat modeling.

By Todd Kendall