Offensive Security Blog

Bishop Fox researchers identified three security vulnerabilities in the Eaton power management appliance manufactured by Eaton Corporation Plc.

Eaton UPS 9PX 8000 SP - Multiple Vulnerabilities

Oct 19, 2018

By Kelly Albrink

This security advisory describes several vulnerabilities found in the SV3C L-Series HD Camera, version 2.3.4.2103-S50-NTD-B20170823B and below.

SV3C L-Series HD Camera – Multiple Vulnerabilities

Oct 16, 2018

By Jefferino Siqueria

Learn how Gerben Kleijn - a Bishop Fox Managing Consultant - got his start in an infosec career, which ultimately took him to his current job at Bishop Fox.

My Path to Security - How Gerben Kleijn Got Into Security

Oct 11, 2018

By Bishop Fox

Wallabag is an open source RSS reader application, distributed under an MIT license. A Bishop Fox researcher identified a stored cross-site scripting vulnerability in it.

Wallabag 2.2.3 to 2.3.2 - Stored Cross-Site Scripting

Sep 17, 2018

By Florian Nivette

Florian Nivette identified several vulnerabilities in Subsonic, an open source web media server that enables the management of media resources.

Subsonic 6.1.1 - Multiple Vulnerabilities

Sep 17, 2018

By Florian Nivette

Two vulnerabilities were identified in CremeCRM: 29 instances of stored cross-site scripting and one instance of reflected link manipulation.

CremeCRM 1.6.12 - Multiple Vulnerabilities

Aug 30, 2018

By Florian Nivette

If you're a newcomer to the slightly intimidating world of AWS cloud security, let this primer by Bishop Fox serve as your first jump into a world that you can navigate with some time and patience.

An Introduction to AWS Cloud Security

Aug 28, 2018

By Gerben Kleijn

This Bishop Fox guide to password security will help inform your organization's password policy procedures.

Password Security: The Good, the Bad, and the "Never Should Have Happened"

Aug 16, 2018

By Candis Orr

Is red teaming right for your organization? What do you need to be successful? What's the difference between a blue team and a red team - or even a red team and a purple team? Find out in this guide

A Primer to Red Teaming

Jul 31, 2018

By MJ Keith

Read about how Senior Security Consultant Matt Frost got his start in infosec - and his start at Bishop Fox.

My Path to Security - How Matt Frost Got Into Cybersecurity

Jul 20, 2018

By Bishop Fox

In the wake of the Timehop breach, the social media aggregator chose a transparent approach in disclosure. Bishop Fox partnered with them in this guide and case study on how small cybersecurity errors

How 'Small' Security Errors Lead to a Security Breach

Jul 16, 2018

By Alex DeFreese

The blog post serving as an intro to our guide on AWS S3 buckets security best practices. Download our guide for more technical information on how you can keep your AWS environment safe.

A Guide to AWS S3 Buckets Security

Jul 10, 2018

By Gerben Kleijn

The announced WPA3 is a well-intentioned attempt at strengthening open Wi-Fi security, but it's not enough. Dan Petro describes the problem and possible solutions.

WPA3 Is a Major Missed Opportunity: Here's Why

Jun 30, 2018

By Dan Petro

Get the scoop on IDontSpeakSSL, the network pentesting tool created by Bishop Fox's Florian Nivette. To read about how it works, check out the blog post which explains the difference between it and it

Why You Need IDontSpeakSSL in Your Life

Jun 26, 2018

By Florian Nivette

Former art dealer Kelly Albrink is a self-taught infosec professional hailing from a one-of-a-kind background. Learn how she got into infosec in this blog post.

My Path to Security - How Kelly Albrink Got Into Security

Jun 15, 2018

By Kelly Albrink

Bishop Fox's Jake Miller explains server-side spreadsheet injection, an attack vector based on CSV injection, in this technical write-up based off his Empire Hacking Meetup presentation.

Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution

Jun 11, 2018

By Jake Miller

Bishop Fox researcher Florian Nivette identified multiple vulnerabilities in Jirafeau Version 3.3.0. This write-up discusses the exploits and their implications.

Jirafeau Version 3.3.0 – Multiple Vulnerabilities

Jun 6, 2018

By Florian Nivette

This security advisory describes a high-risk vulnerability found by Bishop Fox researcher Baker Hamilton in SolarWinds Serv-U Managed File Transfer.

SolarWinds Serv-U Managed File Transfer – Insufficient Session ID Entropy

May 14, 2018

By Baker Hamilton

This Bishop Fox security advisory details a denial-of-service vulnerability in SolarWinds Serv-U 15.1.6.25.

SolarWinds Serv-U Managed File Transfer – Denial of Service

May 11, 2018

By Baker Hamilton

The Bishop Fox cybersecurity style guide is a one-of-a-kind resource that bridges the gap between the infosec industry and the general public. This invaluable resource is available for download at our

Hello World! Introducing the Bishop Fox Cybersecurity Style Guide

Feb 15, 2018

By Brianne Hughes, Catherine Lu

Security Analyst Kelly Albrink got the chance to compete at SANS Rocky Mountain NetWars.

My Time at NetWars Tournament of Champions

Jan 24, 2018

By Kelly Albrink

A threat modeling how-to authored by Bishop Fox's Joe Ward. Learn how your organization can start implementing this important (but simple) process.

Your Worst Case Scenario: An Introduction to Threat Modeling

Dec 11, 2017

By Joe Ward

AWS security can often be achieved thanks to proper provisioning + access requests. In this write-up, Gerben Kleijn explores how to handle these processes.

Stand Your Cloud #3: AWS Provisioning and Access Requests

Nov 14, 2017

By Gerben Kleijn