Offensive
Security Blog

Technical Research

GitGot Tool Release

Jul 18, 2019

GitGot is a Bishop Fox tool that browses GitHub for sensitive secrets. It's the brainchild of Jake Miller, and you can learn how to use it in this write-up.

By Jake Miller

Technical Research

Going Semi-Automated in an Automated World: Using Human-in-the-Loop Workflows to Improve Our Security Tools

Jul 18, 2019

GitGot is a Bishop Fox tool that browses GitHub for sensitive secrets. It's the brainchild of Jake Miller, and you can read more about it in this blog post.

By Jake Miller

Advisory

Tegile Intelliflash OS Version 3.7.0.8.180413 (GA) - Password Disclosure

May 14, 2019

The Tegile IntelliFlash OS was affected by a password disclosure vulnerability, which is explained in Thiago Campos' advisory.

By Thiago Campos

Advisory

Greyhound Critical Vulnerabilities - Road Rewards Program

Apr 11, 2019

Critical vulnerabilities were identified in the Greyhound APIs primarily due to insufficient authentication controls. Exploitation of these could result in the exposure of personally identifiable information.

By Priyank Nigam

Industry

My Path to Security - How Christie Terrill Got Into Security

Mar 25, 2019

VP of Customer Success Christie Terrill shares her cybersecurity career journey and her life at Bishop Fox in this blog post.

By Bishop Fox

Advisory

Cantemo Portal Version 3.8.4 - Cross-Site Scripting

Mar 8, 2019

Cantemo AB is a software systems and technology vendor for major media outlets. Chris Davis identified a high-risk vulnerability in it.

By Chris Davis

Advisory

Simple – Better Banking (Android) v. 2.45.0 – 2.45.3 - Sensitive Information Disclosure

Feb 21, 2019

The Simple – Better Banking Android application was affected by an information disclosure vulnerability, which you can read about in this advisory.

By Matt Hamilton

Advisory

Amtrak Mobile APIs - Multiple Vulnerabilities

Feb 19, 2019

The Amtrak mobile APIs are affected by vulnerabilities that can lead to exposed PII and partial payment data for Amtrak guests.

By Priyank Nigam

Advisory

OpenMRS - Insecure Object Deserialization

Feb 4, 2019

This write-up details a critical Bishop Fox-identified vulnerability in OpenMRS, a collaborative open-source healthcare project.

By Nicolas Serra

Industry

My Path to Security - How Tom Wilhelm Got Into Security

Jan 21, 2019

See how Bishop Fox Practice Director Tom Wilhelm has enjoyed a long and rewarding career in cybersecurity in this blog post.

By Bishop Fox

Advisory

Silverpeas 5.15 To 6.0.2: Path Traversal

Jan 15, 2019

A Bishop Fox researcher discovered a critical vulnerability in the Silverpeas application, a popular open source WEB platform that services multiple high-profile French organizations.

By Bastien Faure

Advisory

PhpSpreadsheet Versions<=1.5.0 - XXE injection

Nov 30, 2018

Bishop Fox researcher Alex Leahu found an XML External Entity (XXE) Injection vulnerability in the PhpSpreadsheet library.

By Alex Leahu

Advisory

YunoHost 2.7.2 to 2.7.14 - Multiple Vulnerabilities

Oct 30, 2018

YunoHost is an application that is used to manage applications hosted on a Linux server; Florian Nivette identified several vulnerabilities in it.

By Florian Nivette

Advisory

Eaton UPS 9PX 8000 SP - Multiple Vulnerabilities

Oct 19, 2018

Bishop Fox researchers identified three security vulnerabilities in the Eaton power management appliance manufactured by Eaton Corporation Plc.

By Kelly Albrink

Advisory

SV3C L-Series HD Camera – Multiple Vulnerabilities

Oct 16, 2018

This security advisory describes several vulnerabilities found in the SV3C L-Series HD Camera, version 2.3.4.2103-S50-NTD-B20170823B and below.

By Jefferino Siqueria

Industry

My Path to Security - How Gerben Kleijn Got Into Security

Oct 11, 2018

Learn how Gerben Kleijn - a Bishop Fox Managing Consultant - got his start in an infosec career, which ultimately took him to his current job at Bishop Fox.

By Bishop Fox

Advisory

Wallabag 2.2.3 to 2.3.2 - Stored Cross-Site Scripting

Sep 17, 2018

Wallabag is an open source RSS reader application, distributed under an MIT license. A Bishop Fox researcher identified a stored cross-site scripting vulnerability in it.

By Florian Nivette

Advisory

Subsonic 6.1.1 - Multiple Vulnerabilities

Sep 17, 2018

Florian Nivette identified several vulnerabilities in Subsonic, an open source web media server that enables the management of media resources.

By Florian Nivette

Advisory

CremeCRM 1.6.12 - Multiple Vulnerabilities

Aug 30, 2018

Two vulnerabilities were identified in CremeCRM: 29 instances of stored cross-site scripting and one instance of reflected link manipulation.

By Florian Nivette

Technical Research

An Introduction to AWS Cloud Security

Aug 28, 2018

If you're a newcomer to the slightly intimidating world of AWS cloud security, let this primer by Bishop Fox serve as your first jump into a world that you can navigate with some time and patience.

By Gerben Kleijn

Industry

Password Security: The Good, the Bad, and the "Never Should Have Happened"

Aug 16, 2018

This Bishop Fox guide to password security will help inform your organization's password policy procedures.

By Candis Orr

Industry

A Primer to Red Teaming

Jul 31, 2018

Is red teaming right for your organization? What do you need to be successful? What's the difference between a blue team and a red team - or even a red team and a purple team? Find out in this guide

By MJ Keith

Industry

My Path to Security - How Matt Frost Got Into Cybersecurity

Jul 20, 2018

Read about how Senior Security Consultant Matt Frost got his start in infosec - and his start at Bishop Fox.

By Bishop Fox

Industry

How 'Small' Security Errors Lead to a Security Breach

Jul 16, 2018

In the wake of the Timehop breach, the social media aggregator chose a transparent approach in disclosure. Bishop Fox partnered with them in this guide and case study on how small cybersecurity errors

By Alex DeFreese