AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Abstract cybersecurity illustration featuring servers, network nodes, and stylized attack indicators representing penetration testing and threat activity.

Offensive
Security Blog

Expert insights on offensive security, AI vulnerabilities, and emerging threats from Bishop Fox's leading security researchers and penetration testers.

Advisories Culture Industry Product Technical Research View All
Industry

Navigating Workplace Security: Red Team Insights for the Return to Office

Navigating Workplace Security: Red Team Insights for the Return to Office

Jan 10, 2025

Review how Red Team insights can shed light on gaps in physical security and play a pivotal role in enhancing workplace security during the continued transition back to office environments as we relearn verification, protocol, and authorization.

By Alethe Denis
Technical Research

Cyber Mirage: How AI is Shaping the Future of Social Engineering

Cyber Mirage: How AI is Shaping the Future of Social Engineering

Jan 8, 2025

Bishop Fox explores the escalating threat of AI-driven deepfakes in social engineering attacks, highlighting their potential to deceive individuals and organizations by impersonating trusted figures through hyper-realistic audio and video fabrications.

By Brandon Kovacs
Product

Cosmos Series Part 3: The Importance of Automation

Cosmos Series Part 3: The Importance of Automation

Jan 7, 2025

Discover how automation in code integration, deployment, and infrastructure management has streamlined our operations, enhanced deployment velocity, and improved the consistency of our deliverables.

By Aaron Symanski
Product

Cosmos Series Part 2: Outcome-driven for Features and Capabilities

Cosmos Series Part 2: Outcome-driven for Features and Capabilities

Dec 31, 2024

This post explores how Bishop Fox transitioned to an outcome-driven approach for Cosmos development, streamlining processes with success criteria, continuous roadmapping, and data-driven prioritization to deliver more impactful customer solutions.

By Aaron Symanski
Product

Cosmos Series Part 1: Principles for the New Platform

Cosmos Series Part 1: Principles for the New Platform

Dec 17, 2024

In 2023, Bishop Fox reengineered Cosmos to give security teams the speed, scale, and flexibility needed to tackle growing attack surface challenges.

By Aaron Symanski
Technical Research

Current State of SonicWall Exposure: Firmware Decryption Unlocks New Insights

Current State of SonicWall Exposure: Firmware Decryption Unlocks New Insights

Dec 13, 2024

Discover Bishop Fox's survey on the current state of SonicWall appliances on the public internet.

By Bishop Fox Researchers
Culture

Our Favorite Pen Testing Tools: 2024 Edition

Our Favorite Pen Testing Tools: 2024 Edition

Dec 12, 2024

It's time for another hacking tool roundup! We’ve polled our team of experts to bring you the most powerful and innovative penetration testing tools.

By Bishop Fox Researchers
Product

Bishop Fox ASM Delivers 24-Hour Head Start Against Critical PAN-OS Vulnerability

Bishop Fox ASM Delivers 24-Hour Head Start Against Critical PAN-OS Vulnerability

Dec 9, 2024

Bishop Fox ASM team gives customers a 24-hour head start against critical PAN-OS vulnerability

By Caleb Gross
Technical Research

Sonicwall Firmware Deep Dive - SWI Firmware Decryption

Sonicwall Firmware Deep Dive - SWI Firmware Decryption

Dec 2, 2024

Discover Bishop Fox in-depth analysis of SonicWall firewalls, revealing critical insights into firmware security and vulnerability.

By Bishop Fox Researchers
Technical Research

The Growing Concern of API Security

The Growing Concern of API Security

Nov 27, 2024

Explore concerns around API security, its unique vulnerabilities, and the need for tailored protection against evolving threats in an API-driven world.

By Robert Punnett, Nicholas Beacham
Industry

Application Pen Testing: Point-In-Time vs Ongoing Approaches Explained

Application Pen Testing: Point-In-Time vs Ongoing Approaches Explained

Nov 7, 2024

Take an in-depth look at multiple approaches to application penetration testing, and the organizational requirements that would favor one approach over another. This blog will explore the different approaches and share key considerations for choosing the best approach for your organization.

By Bishop Fox
Technical Research

A Brief Look at FortiJump (FortiManager CVE-2024-47575)

A Brief Look at FortiJump (FortiManager CVE-2024-47575)

Nov 1, 2024

The recent discovery of FortiJump (CVE-2024-47575) highlights a critical vulnerability exploited in the wild, prompting an urgent need to understand its impact on centralized management devices. Take a deeper look with Bishop Fox experts.

By Bishop Fox Researchers
Culture

Off the Fox Den Bookshelf: Security and Tech Books We Love

Off the Fox Den Bookshelf: Security and Tech Books We Love

Oct 15, 2024

We've polled our team and are back with our 2024 cybersecurity book recommendations to help you level up your cybersecurity skills.

By Bishop Fox Researchers
Technical Research

Broken Hill: A Productionized Greedy Coordinate Gradient Attack Tool for Use Against Large Language Models

Broken Hill: A Productionized Greedy Coordinate Gradient Attack Tool for Use Against Large Language Models

Sep 24, 2024

Walkthrough the GCG attack at a high level and be introduced to Broken Hill – Bishop Fox’s newly-released tool that can perform the GCG attack against a variety of popular LLMs.

By Ben Lincoln
Industry

Navigating DORA Compliance: A Comprehensive Approach to Threat-Led Penetration Testing

Navigating DORA Compliance: A Comprehensive Approach to Threat-Led Penetration Testing

Sep 17, 2024

Explore how organizations can strategically prepare for and execute TLPT to meet DORA compliance while strengthening overall cybersecurity resilience.

By Bishop Fox Researchers
Technical Research

Exploring Large Language Models: Local LLM CTF & Lab

Exploring Large Language Models: Local LLM CTF & Lab

Sep 11, 2024

Explore research on isolating functional expectations for LLMs using a controller to manage access between privileged and quarantined LLMs.

By Derek Rush
Industry

Offensive Security Under the EU Digital Operational Resilience Act (DORA)

Offensive Security Under the EU Digital Operational Resilience Act (DORA)

Aug 28, 2024

Explore the EU's new DORA regulation and how financial entities and their ICT vendors must promptly align their security frameworks with DORA's requirements to mitigate potential risks and ensure operational stability.

By Harley Geiger
Industry

Manipulating the Mind: The Strategy and Practice of Social Engineering

Manipulating the Mind: The Strategy and Practice of Social Engineering

Aug 13, 2024

Explore the intricacies of social engineering, explore its various forms, and describe how adversaries set, define, and achieve objectives leveraging social engineering tactics and strategies.

By Alethe Denis
Industry

Adversarial Controls Testing: A Step to Cybersecurity Resilience

Adversarial Controls Testing: A Step to Cybersecurity Resilience

Aug 1, 2024

Take an in-depth look at Adversarial Controls Testing assessments (ACT), an offensive security testing approach that evaluates the effectiveness of an organization's email, endpoint, and network security controls by simulating real-world attacks.

By Bishop Fox Researchers
Industry

Leveraging Offensive Security for Effective Post-Attack Recovery

Leveraging Offensive Security for Effective Post-Attack Recovery

Jul 17, 2024

Bishop Fox's CISO Christie Terrill and former VP of Consulting Tom Eston discuss leveraging offensive security strategies for effective post-attack recovery, providing practical steps for remediation and building long-term cyber resilience.

By Bishop Fox Researchers
Technical Research

Product Security Review Methodology for Traeger Grill Hack

Product Security Review Methodology for Traeger Grill Hack

Jul 2, 2024

Read for an in-depth analysis of the Traeger Grill hack, uncovering the vulnerabilities that could compromise your grill's security and how they were addressed.

By Nick Cerne
Advisory

Traeger Grill D2 Wi-Fi Controller, Version 2.02.04

Traeger Grill D2 Wi-Fi Controller, Version 2.02.04

Jul 2, 2024

Discover critical vulnerabilities in the Traeger Grill D2 Wi-Fi Controller that could impact your grill's security. Read our advisory to learn about the issues identified.

By Nick Cerne
Advisory

ExpressionEngine, Version 7.3.15

ExpressionEngine, Version 7.3.15

Jun 17, 2024

Bishop Fox staff identified two vulnerabilities in Packet Tide’s ExpressionEngine version 7.3.15. The most severe issue allowed Bishop Fox staff to obtain access to a new administrator account in an instance of ExpressionEngine.

By Matthieu Keller
Industry

How Does Social Engineering Work? From Planning to Execution

How Does Social Engineering Work? From Planning to Execution

Jun 14, 2024

Discover the key points from our webcast, "How Does Social Engineering Work? in this recap blog.

By Bishop Fox Researchers
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.