AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Abstract cybersecurity illustration featuring servers, network nodes, and stylized attack indicators representing penetration testing and threat activity.

Offensive
Security Blog

Expert insights on offensive security, AI vulnerabilities, and emerging threats from Bishop Fox's leading security researchers and penetration testers.

Advisories Culture Industry Product Technical Research View All
Industry

Contain Your Toxic Waste: Keep Prod Out of Dev

Contain Your Toxic Waste: Keep Prod Out of Dev

Aug 29, 2019

Tony Lozano discusses the importance of avoiding the mistake of putting production data in dev environments. This common practice creates security issues.

By Tony Lozano
Industry

Every Sign Has a Story

Every Sign Has a Story

Aug 12, 2019

Thiago Campos reviews Google G Suite Developer's guide and provides some context on warnings that can go unnoticed by developers more focused on functionality than security.

By Thiago Campos
Technical Research

Meet Eyeballer: An AI-powered, Open Source Tool for Assessing External Perimeters

Meet Eyeballer: An AI-powered, Open Source Tool for Assessing External Perimeters

Aug 8, 2019

Eyeballer is an AI-powered, open-source tool designed to help assess large-scale external perimeters. Eyeballer video explainer included.

By Dan Petro, Gavin Stroy
Technical Research

A How-To Guide for Using ZigDiggity, the Zigbee Hacking Toolkit

A How-To Guide for Using ZigDiggity, the Zigbee Hacking Toolkit

Aug 7, 2019

ZigDiggity is a new, open source hacking toolkit designed for testing Zigbee-enabled systems.

By Francis Brown, Matt Gleason
Industry

How Bishop Fox Enables Wickr's Security Assurance

How Bishop Fox Enables Wickr's Security Assurance

Aug 6, 2019

Wickr enlisted Bishop Fox to perform an examination of their security including quarterly assessments, penetration testing, and source code review.

By Bishop Fox
Culture

10 Must-See Talks at Black Hat and DEF CON

10 Must-See Talks at Black Hat and DEF CON

Aug 6, 2019

These are the best talks and presentations going on at Black Hat and DEF CON 2019 in Las Vegas.

By Bishop Fox
Technical Research

A How-To Guide for Using Sliver

A How-To Guide for Using Sliver

Aug 5, 2019

Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS.

By Joe DeMesy, Ronan Kervella
Technical Research

A Need for Vigilance in Open Source Software: Dolibarr CRM Advisory Release

A Need for Vigilance in Open Source Software: Dolibarr CRM Advisory Release

Jul 31, 2019

Bishop Fox researcher Priyank Nigam highlights the need for vigilance in open source security. He provides an overview of the vulnerabilities he found in Dolibarr ERP CRM.

By Priyank Nigam
Advisory

AeroGarden Version 1.3.1 - Multiple Vulnerabilities

AeroGarden Version 1.3.1 - Multiple Vulnerabilities

Jul 30, 2019

Vulnerabilities in the Aerogarden mobile app would allow an attacker to inflict damage to plant life and/or capture traffic to access the users’ account information.

By Jason Gay
Advisory

Dolibarr Version 9.0.1 — Multiple Vulnerabilities

Dolibarr Version 9.0.1 — Multiple Vulnerabilities

Jul 25, 2019

Bishop Fox researcher Priyank Nigam identified 3 high-risk security vulnerabilities in Dolibarr version 9.0.1. These vulnerabilities include RCE + XSS.

By Priyank Nigam
Advisory

InterSystems Cache 2017.2.2.865.0 and 2018.1.2 Multiple Vulnerabilities

InterSystems Cache 2017.2.2.865.0 and 2018.1.2 Multiple Vulnerabilities

Jul 24, 2019

Chris Davis identified several high-risk security vulnerabilities in the Intersystem Cache. This security advisory details the exploits and the solutions.

By Chris Davis
Technical Research

Going Semi-Automated in an Automated World: Using Human-in-the-Loop Workflows to Improve Our Security Tools

Going Semi-Automated in an Automated World: Using Human-in-the-Loop Workflows to Improve Our Security Tools

Jul 18, 2019

GitGot is a Bishop Fox tool that browses GitHub for sensitive secrets. It's the brainchild of Jake Miller, and you can read more about it in this blog post.

By Jake Miller
Technical Research

GitGot Tool Release

GitGot Tool Release

Jul 18, 2019

GitGot is a Bishop Fox tool that browses GitHub for sensitive secrets. It's the brainchild of Jake Miller, and you can learn how to use it in this write-up.

By Jake Miller
Advisory

Tegile Intelliflash OS Version 3.7.0.8.180413 (GA) - Password Disclosure

Tegile Intelliflash OS Version 3.7.0.8.180413 (GA) - Password Disclosure

May 14, 2019

The Tegile IntelliFlash OS was affected by a password disclosure vulnerability, which is explained in Thiago Campos' advisory.

By Thiago Campos
Advisory

Greyhound Critical Vulnerabilities - Road Rewards Program

Greyhound Critical Vulnerabilities - Road Rewards Program

Apr 11, 2019

Critical vulnerabilities were identified in the Greyhound APIs primarily due to insufficient authentication controls. Exploitation of these could result in the exposure of personally identifiable information.

By Priyank Nigam
Industry

My Path to Security - How Christie Terrill Got Into Security

My Path to Security - How Christie Terrill Got Into Security

Mar 25, 2019

VP of Customer Success Christie Terrill shares her cybersecurity career journey and her life at Bishop Fox in this blog post.

By Bishop Fox
Advisory

Cantemo Portal Version 3.8.4 - Cross-Site Scripting

Cantemo Portal Version 3.8.4 - Cross-Site Scripting

Mar 8, 2019

Cantemo AB is a software systems and technology vendor for major media outlets. Chris Davis identified a high-risk vulnerability in it.

By Chris Davis
Advisory

Simple – Better Banking (Android) v. 2.45.0 – 2.45.3 - Sensitive Information Disclosure

Simple – Better Banking (Android) v. 2.45.0 – 2.45.3 - Sensitive Information Disclosure

Feb 21, 2019

The Simple – Better Banking Android application was affected by an information disclosure vulnerability, which you can read about in this advisory.

By Matt Hamilton
Advisory

Amtrak Mobile APIs - Multiple Vulnerabilities

Amtrak Mobile APIs - Multiple Vulnerabilities

Feb 19, 2019

The Amtrak mobile APIs are affected by vulnerabilities that can lead to exposed PII and partial payment data for Amtrak guests.

By Priyank Nigam
Advisory

OpenMRS - Insecure Object Deserialization

OpenMRS - Insecure Object Deserialization

Feb 4, 2019

This write-up details a critical Bishop Fox-identified vulnerability in OpenMRS, a collaborative open-source healthcare project.

By Nicolas Serra
Industry

My Path to Security - How Tom Wilhelm Got Into Security

My Path to Security - How Tom Wilhelm Got Into Security

Jan 21, 2019

See how Bishop Fox Practice Director Tom Wilhelm has enjoyed a long and rewarding career in cybersecurity in this blog post.

By Bishop Fox
Advisory

Silverpeas 5.15 To 6.0.2: Path Traversal

Silverpeas 5.15 To 6.0.2: Path Traversal

Jan 15, 2019

A Bishop Fox researcher discovered a critical vulnerability in the Silverpeas application, a popular open source WEB platform that services multiple high-profile French organizations.

By Bastien Faure
Advisory

PhpSpreadsheet Versions<=1.5.0 - XXE injection

PhpSpreadsheet Versions<=1.5.0 - XXE injection

Nov 30, 2018

Bishop Fox researcher Alex Leahu found an XML External Entity (XXE) Injection vulnerability in the PhpSpreadsheet library.

By Alex Leahu
Advisory

YunoHost 2.7.2 to 2.7.14 - Multiple Vulnerabilities

YunoHost 2.7.2 to 2.7.14 - Multiple Vulnerabilities

Oct 30, 2018

YunoHost is an application that is used to manage applications hosted on a Linux server; Florian Nivette identified several vulnerabilities in it.

By Florian Nivette
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.