Offensive Security Blog

Discover the key points from our webcast, "How Does Social Engineering Work? in this recap blog.

How Does Social Engineering Work? From Planning to Execution

Jun 14, 2024

By Bishop Fox Researchers

Unlock the secrets to securing your AWS environment! Learn the intricacies of IAM permissions and how to protect your Amazon API Gateway access logs.

The Unmask IAM Permission: API Gateway Access Logging

Jun 6, 2024

By Chris Scrivana

Explore highlights from a recent webcast where special guest Anirban Banerjee, CEO and co-founder of partner Riscosity, and Matt Twells, senior solutions architect, explore critical considerations for developing a security program that prioritizes third-party risk reduction.

Strengthen Security to Mitigate Third-Party Risks

May 29, 2024

By Matt Twells

Advisory

OOB Memory Read: Netscaler ADC and Gateway

May 6, 2024

The affected Citrix NetScaler components are used for Authentication, Authorization, and Auditing (AAA), and remote access. The latest version of NetScaler is 14.1-21.15, released on April 23, 2024.

By Bishop Fox Researchers

We’re asking the big question: Which Star Wars Characters Would Make Great Cybersecurity Professionals?

Which Star Wars Character Fits Your Cybersecurity Style?

Apr 30, 2024

By Sean McMillan

Bishop Fox shares limited details about mitigation bypasses for PAN-OS CVE-2024-3400 in an effort to be maximally useful for defenders, while minimally useful for opportunistic attackers.

PAN-OS CVE-2024-3400: Patch Your Palo Alto Firewalls

Apr 19, 2024

By Bishop Fox Researchers

Gain cutting edge insights into offensive security strategies used by the Technology & Software industry.

Technology and Software: 2023 Insights From the Ponemon Institute

Apr 2, 2024

By Beth Robinson

Gain insights into how enterprises can take a pragmatic and informed approach to AI and LLM technology adoption, ensuring reduced security risks.

Practical Measures for AI and LLM Security: Securing the Future for Enterprises

Apr 1, 2024

By Bishop Fox Researchers

In this blog, examine the iSoon data disclosure from an offensive security perspective.

The iSOON Disclosure: Exploring the Integrated Operations Platform

Mar 21, 2024

By Bishop Fox Researchers

In this blog, we examine three types of poisoned pipeline execution (PPE) attacks, methods to exploit these types of vulnerabilities, and recommended preventive measures.

Poisoned Pipeline Execution Attacks: A Look at CI-CD Environments

Mar 19, 2024

By Sebastian Guerrero

Gain actionable tips to operationalize the FDA's 2023 legislation, H.R. 2617 Section 524B product security requirements for medical devices.

Implementing the FDA's 2023 Requirements for Medical Device Cybersecurity

Mar 12, 2024

By Matt Twells

In this blog, we examine how the new Fortinet encryption scheme works and provide a tool to decrypt the root filesystem for x86-based FortiOS images.

Further Adventures in Fortinet Decryption

Mar 8, 2024

By Bishop Fox Researchers

Discover vulnerable FortiGate firewalls with the Bishop Fox CVE-2024-21762 vulnerability scanner.

CVE-2024-21762 Vulnerability Scanner for FortiGate Firewalls

Mar 1, 2024

By Bishop Fox Researchers

Learn how to upgrade your job search in LinkedIn with helpful AI prompts and tips from an industry-leading recruiter.

Unlocking Job Opportunities with LinkedIn and Artificial Intelligence

Feb 28, 2024

By Kaitlin O'Neil

En Bishop Fox, siempre estamos buscando crear la próxima generación de Avengers de la seguridad ofensiva a través de nuestro innovador internship program.

El Programa de Interns de Bishop Fox: Foxes de México Assemble!

Feb 16, 2024

By Lesley Mugford

Learn about our internship program for Mexico-based penetration testers.

The Bishop Fox Internship Program: Mexico Foxes Assemble!

Feb 15, 2024

By Lesley Mugford

Gain actionable insights on how to maximize external penetration testing to develop comprehensive PCI security strategies.

Enabling Proper PCI Testing with External Penetration Tests

Feb 14, 2024

By Derek Rush

Interested in finding new ways to learn about the cybersecurity industry? Check this list of our must-listen top podcasts to hear from industry leading experts!

Must-Listen Top Cybersecurity Podcasts

Feb 7, 2024

By Beth Robinson

Get insights from Bishop Fox experts on social engineering tactics, implementing technical controls, and the importance of internal network testing.

Navigating Threats: Adopting Proactive Social Engineering and Network Testing Strategies

Jan 16, 2024

By Beth Robinson

Learn about SonicWall NGFW series 6 and 7 impacted by unauthenticated denial-of-service vulnerabilities with the potential for remote code execution.

It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable

Jan 15, 2024

By Jon Williams

In this blog, learn how Bishop Fox Red Team tabletop exercises help organizations test Incident Response plans against tactics, techniques, and procedures used by attackers.

Strengthening Cybersecurity Defenses: Validating Incident Response Plans with Red Team Tabletop Exercises

Jan 4, 2024

By Alethe Denis

In this blog, learn about an eight year old unpatched and unauthenticated Java deserialization vulnerability in GWT.

GWT: Unpatched, Unauthenticated Java Deserialization

Dec 18, 2023

By Ben Lincoln