Offensive
Security Blog

Industry

Purple Teaming: Validating Cybersecurity Investments and Enhancing Efficiency

Dec 6, 2023

Learn how Purple Teaming brings together offensive and defensive strategies for a more comprehensive and impactful cybersecurity approach.

By Ryan Basden

Industry

Healthcare: 2023 Insights from the Ponemon Institute

Nov 28, 2023

Get insights into offensive security trends in the healthcare sector with data from the Ponemon Institute’s 2023 State of Offensive Security Report.

By Beth Robinson

Advisory

Ray, Versions 2.6.3, 2.8.0

Nov 27, 2023

This Bishop Fox advisory highlights three critical severity vulnerabilities in the RAY application versions 2.6.3 and 2.8.0.

By Berenice Flores Garcia

Technical Research

Cloud Security Podcast Featuring Seth Art: Network Pentest 2.0

Nov 8, 2023

Learn about cloud security and cloud penetration testing in Part 2 of Seth Art's interview with Cloud Security Podcast.

By Seth Art

Technical Research

Cloud Security Podcast Featuring Seth Art: Cloud Pentest of AWS

Nov 1, 2023

Hear insights from Seth Art on how AWS cloud penetration testing improves cloud security and why cloud configuration reviews are not always enough.

By Seth Art

Technical Research

Building an Exploit for FortiGate Vulnerability CVE-2023-27997

Oct 27, 2023

Learn how Bishop Fox built a POC exploit for the pre-authentication remote code injection vulnerability in the Fortinet SSL VPN published by Lexfo.

By Bishop Fox Researchers

Product

Cosmos: Unleashing the Power of Perimeter Protection

Oct 24, 2023

In this blog, get a preview of the Cosmos: Protecting the Perimeter report and learn how continuous attack surface management protects digital perimeters.

By Beth Robinson

Industry

Red Teaming: 2023 Insights from the Ponemon Institute

Oct 4, 2023

Learn why mature organizations turn to Red Teaming to improve cybersecurity resiliency.

By Beth Robinson

Technical Research

Celebrating One Year of CloudFox

Sep 29, 2023

Celebrate CloudFox's one-year anniversary as we reflect on the updates and growth that have occurred over the year including the creation of CloudFoxable.

By Seth Art

Technical Research

Passing the OSEP Exam Using Sliver

Sep 21, 2023

Learn how Bishop Fox senior security expert, Jon Guild, passed the OSEP exam using Sliver.

By Jon Guild

Industry

Financial Services: 2023 Insights From the Ponemon Institute

Sep 19, 2023

Get a sneak peek into why FinServ organizations are at the forefront of offensive security.

By Beth Robinson

Industry

The Dark Side of Convenience: Understanding the Dangers of Digital Supply Chain

Sep 5, 2023

Dive into this blog for an offensive security perspective on the dangers of the digital supply chain.

By Beth Robinson

Industry

A Bishop Fox Recap - Hacker Summer Camp 2023

Aug 23, 2023

Get a Bishop Fox recap of the 2023 Hacker Summer Camp in Las Vegas.

By Beth Robinson

Technical Research

Badge of Shame - Breaking Into Secure Facilities with OSDP

Aug 9, 2023

Learn about five exploitable vulnerabilities we've identified in OSDP and share what defenders can do about them.

By Dan Petro

Technical Research

Analysis and Exploitation of CVE-2023-3519

Aug 4, 2023

Our latest blog offers additional analysis and exploitation of CVE-2023-3519, a critical remote code execution vulnerability in Citrix ADC.

By Caleb Gross

Technical Research

Breaking Fortinet Firmware Encryption

Aug 2, 2023

Check out our latest research on Fortinet products hat breaks encryption on firmware images, leading to improved detection, fingerprinting, and exploit development.

By Jon Williams

Technical Research

Citrix ADC Gateway RCE: CVE-2023-3519 is Exploitable, and 53% of Servers Are Unpatched

Jul 21, 2023

Bishop Fox developed an exploit for CVE-2023-3519, a stack overflow in Citrix ADC Gateway that allows remote code execution. There are 61,000 affected appliances exposed on the internet, and roughly 53% of them are currently unpatched.

By Caleb Gross, Jon Williams

Technical Research

Introducing jsluice: A Technical Deep-Dive for JavaScript Gold (Part 2)

Jul 20, 2023

Join us for a technical deep-dive of jsluice, an open-source mining tool for JavaScript code and files.

By Tom Hudson

Technical Research

Introducing jsluice: The Why Behind JavaScript Gold Mining (Part 1)

Jul 20, 2023

Learn how to use jsluice, an open-source, Go package and command-line tool used to extract information from JavaScript files and code.

By Tom Hudson

Industry

Cloud Offensive Security: 2023 Insights From the Ponemon Institute

Jul 18, 2023

In this blog, we explore how offensive security solutions are implemented by mature organizations to proactively protect cloud environments.

By Beth Robinson

Technical Research

CVE-2023-27997 Is Exploitable, and 69% of FortiGate Firewalls Are Vulnerable

Jun 30, 2023

Check out latest analysis for CVE-2023-27997, a heap overflow in FortiOS, the the operating system behind FortiGate firewalls, that allows remote code execution.

By Caleb Gross

Technical Research

CVE-2023-27997 Vulnerability Scanner for FortiGate Firewalls

Jun 20, 2023

Use our latest vulnerability assessment tool to check for CVE-2023-27997, a vulnerability in FortiGate firewalls.

By Caleb Gross

Advisory

TaskCafe, Version 0.3.2 Advisory

Jun 20, 2023

Learn about three vulnerabilities we discovered in TaskCafe Version 0.3.2 that result in improper access controls, stored cross-site scripting, and insecure file upload.

By Joan Bono, Luis De la Rosa Hernandez

Industry

Architecting An Offensive Security Blueprint: 2023 Insights From the Ponemon Institute

Jun 14, 2023

Learn how mature organizations are designing offensive security blueprints to defend forward against today's most advanced adversaries and threats.

By Tom Eston