Offensive Security Blog

Email spoofing is an antiquated attack that 98 percent of the internet is vulnerable to - even in the modern age. Defend yourself with our tool, SpoofCheck.

How We Can Stop Email Spoofing

May 23, 2017

By Alex DeFreese

An improper access control vulnerability was discovered by Baker Hamilton in the SolarWinds’ Log & Event Manager (LEM) management console (CMC).

SolarWinds Log & Event Manager - Improper Access Control

May 12, 2017

By Baker Hamilton

The Bishop Fox assessment team discovered an arbitrary command injection vulnerability within the SolarWinds’ Log & Event Manager (LEM) management console (CMC).

SolarWinds Log & Event Manager - Arbitrary Command Injection

May 12, 2017

By Baker Hamilton

Read Bishop Fox's VPN guide before making a VPN choice for the privacy of your browsing experience.

A Guide to Choosing the Right VPN

Apr 6, 2017

By Kevin Sugihara

A closer examination of the CIA Leak: Don’t get lost in the hype. There is a bright side to strife...

The CIA Leak: A Look On the Bright Side...

Mar 8, 2017

By Dan Petro

BGP hijacking was utilized by the Iranian government in early January 2016. In this microblog, Zach Julian analyzes the technical implications of the event.

In the News: A BGP Hijacking Technical Post-Mortem

Jan 18, 2017

By Zach Julian

A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts.

Cisco Jabber Guest Server HTTP URL Redirection Vulnerability

Dec 21, 2016

By Jake Miller

Was a lack of network segmentation what foiled the Empire? According to Fran Brown, it was. Right in time for "Star Wars: Rogue One," here is his take.

Star Wars: I Find Your Lack of Segmentation Disturbing

Dec 4, 2016

By Francis Brown

Want to keep your network secure? Working with a shoestring budget? Check out our do-it-yourself network segmentation guide.

A Guide to Do-It-Yourself Network Segmentation

Nov 30, 2016

By Cory Johnson

Josh Koplik is the CISO for IAC as well as the subject of Vincent Liu's latest cybersecurity expert interview. Read their conversation here.

Telling the Security Story: An Interview with Josh Koplik

Nov 10, 2016

By Vincent Liu

Three vulnerabilities were discovered in the Accellion Kiteworks appliance. The three vulnerabilities are described in this Bishop Fox security advisory.

Accellion Kiteworks Multiple Vulnerabilities

Sep 8, 2016

By Shubham Shah

In our latest cybersecurity leaders feature, Richard Seiersen from GE Healthcare shares his decision making philosophy with Bishop Fox's Vincent Liu.

What Security Leaders Can Learn About Decision-Making

Aug 24, 2016

By Vincent Liu

Bishop Fox's Dan Petro explains the creation of his SmashBot AI character and how he implemented time-honored hacker techniques in the development process.

Game Over, Man! Reversing Video Games to Create an Unbeatable AI Player

Aug 10, 2016

By Dan Petro

Internet of Things security often is an afterthought. Nathan Elendt chronicles the do's and do nots of how engineers can create secure connected devices.

How to Engineer Secure Things: Past Mistakes and Future Advice

Jun 15, 2016

By Nathan Elendt

Dun & Bradstreet CSO dishes on agile security and how it transformed his security program - and eventually, the entire business.

The Power of 'Agile' Security at Dun & Bradstreet

Jun 1, 2016

By Vincent Liu

CVE-2016-1764, fixed by Apple in March of 2016, is an application-layer bug that leads to the remote disclosure of all message content and attachments in plaintext by exploiting the OS X Messages clie

If You Can't Break Crypto, Break the Client: Recovery of Plaintext iMessage Data

Apr 8, 2016

By Joe DeMesy, Shubham Shah, and Matthew Bryant

This is the official Bishop Fox security advisory for the OS X Messages (iMessage) vulnerability, discovered in early 2016 and subsequently patched by Apple.

OS X Messages (iMessage): XSS & File Disclosure

Apr 8, 2016

By Joe DeMesy, Shubham Shah, and Matthew Bryant

The FBI's decision to pursue decryption on an Apple iPhone without their buy-in has far-reaching consequences for consumer privacy.

On Apple, Encryption, and Privacy: A Word About Decryption

Mar 31, 2016

By Carl Livitt

Bishop Fox's Mike Brooks discovered two vulnerabilities in the CA Single Sign-On application. If you use CA Single Sign-On, update your software immediately.

CA Single Sign-On Software Update: Stay Secure

Mar 23, 2016

By Bishop Fox

Two high-risk vulnerabilities were discovered in CA Technologies Single Sign-On (formerly CA SiteMinder®) application. A denial-of-service attack and ...

CA Single Sign-On Unspecified High-Risk Vulnerabilities Advisory

Mar 23, 2016

By Mike Brooks

Resident iPhone and iOS experts Joe DeMesy and Carl Livitt discuss Apple's stance on privacy + encryption in this Bishop Fox blog post.

On Apple, Encryption, and Privacy

Mar 2, 2016

By Joe DeMesy and Carl Livitt

Bishop Fox pentesters analyze the implications and benefits of Burp Suite's newest penetration testing feature, Collaborator. Read our take at our blog.

Burp, Collaborate, and Listen: A Pentester Reviews the Latest Burp Suite Addition

Feb 3, 2016

By Max Zinkus

Growing your security team? Dropbox Head of Trust & Security Patrick Heim shares his insights with Bishop Fox Partner Vincent Liu in this blog post.

Building a Winning Security Team From the Top Down

Oct 20, 2015

By Vincent Liu