AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Customer header bg dark

Offensive
Security Blog

Expert insights on offensive security, AI vulnerabilities, and emerging threats from Bishop Fox's leading security researchers and penetration testers.

Advisories Culture Security Perspectives Product Technical Research View All
Technical Research

Rethinking & Repackaging iOS Apps: Part 2

Rethinking & Repackaging iOS Apps: Part 2

May 4, 2015

In Part 2, Carl Livitt introduces a toolchain for enabling iOS application hacking tools on non-jailbroken devices and includes a step-by-step guide.

By Carl Livitt
Security Perspective

Security Should Be Application-Specific

Security Should Be Application-Specific

Apr 27, 2015

Security is dependent on the nature of the application in question, and must be taken into consideration when constructing security objectives.

By Bishop Fox
Technical Research

Vulnerable by Design: Understanding Server-Side Request Forgery

Vulnerable by Design: Understanding Server-Side Request Forgery

Apr 18, 2015

Learn the basics of server-side request forgery vulnerabilities - and how to protect against them - in this blog post by Mike Brooks.

By Mike Brooks
Security Perspective

AirDroid: How Much Do Your Apps Know?

AirDroid: How Much Do Your Apps Know?

Apr 15, 2015

The vulnerability discovery in the AirDroid web application leads to a far greater question: Are you aware of the permissions you grant your apps?

By Matt Bryant
Advisory

AirDroid Web Application Authentication Flaw

AirDroid Web Application Authentication Flaw

Apr 15, 2015

This technical write-up details an AirDroid vulnerability discovered by former Bishop Fox researcher Matt Bryant.

By Matt Bryant
Security Perspective

Beyond Security Requirements: Secure Requirements

Beyond Security Requirements: Secure Requirements

Mar 17, 2015

How do secure requirements differ from security requirements? And how do you create strong ones? Bishop Fox's Brenda Larcom explains in this blog post.

By Bishop Fox
Technical Research

Rethinking & Repackaging iOS Apps: Part 1

Rethinking & Repackaging iOS Apps: Part 1

Feb 24, 2015

Learn how to modify App Store apps on jailed iOS devices. We'll show you how in this two-part series, complete with code and more.

By Carl Livitt
Security Perspective

Stand Your Cloud: A Series on Securing AWS

Stand Your Cloud: A Series on Securing AWS

Feb 13, 2015

Bishop Fox's Ruihai Fang covers several AWS security best practices in this three-part series. In Part 1, he addresses data loss and security risk.

By Ruihai Fang
Technical Research

Tastic RFID Thief: Silent, But Deadly

Tastic RFID Thief: Silent, But Deadly

Sep 24, 2014

Silence your Tastic RFID Thief; our blog post shows how you can avoid the loud beep when turning on the RFID hacking tool during your next physical pentest.

By Francis Brown
Security Perspective

In Heartbleed’s Wake: A Password Primer

In Heartbleed’s Wake: A Password Primer

Sep 16, 2014

Heartbleed left many people on edge about their passwords. Christie Terrill discusses proper password security in this Bishop Fox blog post.

By Christie Terrill
Technical Research

SearchDiggity: Avoid Bot Detection Issues by Leveraging Google, Bing, and Shodan APIs

SearchDiggity: Avoid Bot Detection Issues by Leveraging Google, Bing, and Shodan APIs

Aug 29, 2014

Google Hacking with SearchDiggity. Leveraging the official APIs of Google, Bing, and SHODAN to avoid bot detection while performing automated scans.

By Francis Brown
Technical Research

Untwisting the Mersenne Twister: How I Killed the PRNG

Untwisting the Mersenne Twister: How I Killed the PRNG

Aug 5, 2014

The Untwister is a penetration testing tool that cracks random number generators. To learn the specifics as well as how it works, read the Bishop Fox blog post today.

By Dan Petro
Technical Research

The Rickmote Controller: Hacking One Chromecast at a Time

The Rickmote Controller: Hacking One Chromecast at a Time

Jul 16, 2014

Chromecast hacking is easy with the Rickmote Controller. Hijack your neighbors' TVs and let the rickrolling begin! Our blog post has the details you need.

By Dan Petro
Security Perspective

Examining The Impact Of Heartbleed

Examining The Impact Of Heartbleed

Apr 10, 2014

Heartbleed is one of the most significant Internet security vulnerabilities. Security Analyst Tim Sapio explains what led to the breach & how to stay safe.

By Tim Sapio
Technical Research

An Introspection On Intro Security

An Introspection On Intro Security

Nov 1, 2013

Our response to the LinkedIn Intro reaction - reflecting on lessons learned and our experience working with LinkedIn.

By Bishop Fox
Security Perspective

LinkedIn 'Intro'duces Insecurity

LinkedIn 'Intro'duces Insecurity

Oct 23, 2013

LinkedIn Intro was released in 2013 - and came with a lot of security issues. We investigated the mobile app's security shortcomings in this blog post.

By Carl Livitt
Technical Research

Quick Intro to NotInMyBackYard Diggity

Quick Intro to NotInMyBackYard Diggity

Sep 1, 2013

NotInMyBackYard Diggity is part of the larger Google Hacking Diggity Project. Read our blog post to learn what it can do for you.

By Francis Brown
Security Perspective

Guide to Hardening Your Firefox Browser in OS X

Guide to Hardening Your Firefox Browser in OS X

May 22, 2013

Our Firefox Hardening Guide for OS X has some tips to help you stay more secure as you browse the web. Updates coming soon!

By Carl Livitt
Technical Research

SSL Key Generation Weaknesses

SSL Key Generation Weaknesses

Mar 8, 2012

SSL key generation weaknesses can be avoided (or at least mitigated) - and Carl Livitt from Bishop Fox shows you how in this write-up.

By Carl Livitt
Advisory

Oracle WebLogic Node Manager allows arbitrary configuration via UNC path

Oracle WebLogic Node Manager allows arbitrary configuration via UNC path

Oct 12, 2010

Oracle WebLogic Node Manager 10.3.3 and earlier versions contain a remote file inclusion vulnerability that could allow a remote attacker to execute arbitrary commands on an affected system.

By Carl Livitt
Advisory

PGP Desktop Wipe Free Space Flaw

PGP Desktop Wipe Free Space Flaw

Dec 8, 2005

This Bishop Fox security advisory details a vulnerability Vincent Liu found in PGP Desktop. The vulnerability was presented at Black Hat 2005.

By Vincent Liu
Advisory

Windows File Time Stamp Display Flaw

Windows File Time Stamp Display Flaw

Dec 7, 2005

This security advisory details a vulnerability Vincent Liu identified in 2005.

By Vincent Liu

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.