AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started
Abstract cybersecurity illustration featuring servers, network nodes, and stylized attack indicators representing penetration testing and threat activity.

Offensive
Security Blog

Expert insights on offensive security, AI vulnerabilities, and emerging threats from Bishop Fox's leading security researchers and penetration testers.

Advisories Culture Industry Product Technical Research View All
Technical Research

Introducing CloudFoxable: A Gamified Cloud Hacking Sandbox

Introducing CloudFoxable: A Gamified Cloud Hacking Sandbox

Jun 13, 2023

Introducing CloudFoxable, an intentionally vulnerable AWS environment created specifically to teach the art of AWS cloud penetration testing, while highlighting CloudFox to help find latent attack paths more effectively.

By Seth Art
Culture

Geek Out: Technology Museums to Visit This Summer

Geek Out: Technology Museums to Visit This Summer

Jun 6, 2023

Check out our recommendations for technology museums to visit this summer.

By Shanni Prutchi
Technical Research

Power Up Your Pen Tests: Creating Burp Suite Extensions with the New Montoya API

Power Up Your Pen Tests: Creating Burp Suite Extensions with the New Montoya API

May 25, 2023

Learn how to power up your pen tests by using the new Montoya API to create Burp Suite extensions from scratch.

By Christopher Cerne
Technical Research

A More Complete Exploit for Fortinet CVE-2022-42475

A More Complete Exploit for Fortinet CVE-2022-42475

May 17, 2023

Learn about our unique research focused on CVE-2022-42475 and how an exploit can be built to target a single specific FortiGate appliance running a single specific version of FortiOSbug.

By Carl Livitt, Jon Williams
Culture

Using LinkedIn to Land Your Dream Cybersecurity Job

Using LinkedIn to Land Your Dream Cybersecurity Job

Apr 18, 2023

Learn how to get recruiters' attention on LinkedIn with expert tips from a Bishop Fox recruiting manager.

By Kaitlin O'Neil
Advisory

WP Coder, Version 2.5.3 Advisory

WP Coder, Version 2.5.3 Advisory

Apr 13, 2023

In this advisory learn about the WP Coder plugin that is affected by a time-based SQL injection vulnerability via the the ‘id’ parameter in versions up to, and including, 2.5.3.

By Etan Castro Aldrete
Advisory

Windows Task Scheduler Application, Version 19044.1706 Advisory

Windows Task Scheduler Application, Version 19044.1706 Advisory

Apr 4, 2023

Learn about CVE-2023-21541, a Windows Task Scheduler vulnerability discovered by Ben Lincoln.

By Ben Lincoln
Advisory

Microsoft Intune, Version 1.55.48.0 Advisory

Microsoft Intune, Version 1.55.48.0 Advisory

Apr 4, 2023

Learn about the latest Microsoft Intune vulnerability discovered by Ben Lincoln.

By Ben Lincoln
Technical Research

What the Vuln: EDR Bypass with LoLBins

What the Vuln: EDR Bypass with LoLBins

Mar 23, 2023

Learn more about EDR bypass techniques with Lindsay Von Tish in the second blog of our What the Vuln series.

By Lindsay Von Tish
Industry

Bank Vault or Screen Door? How Attackers View Financial Services

Bank Vault or Screen Door? How Attackers View Financial Services

Mar 20, 2023

Bank vault or screen door? Learn how FinServ attack surfaces appear to a hacker, how they prefer to exploit, and where they look for vulnerabilities.

By Beth Robinson
Culture

Women of the Fox Den - A Unique Hacking Perspective

Women of the Fox Den - A Unique Hacking Perspective

Mar 12, 2023

Get highlights from our International Women's Day livestream roundtable, Defend Like a Girl: Hacking Your Way to Cyber Success.

By Beth Robinson
Culture

The Women Behind the Writing

The Women Behind the Writing

Mar 9, 2023

Get to the know a few of the women behind the technical editorial team at Bishop Fox and learn about the criticality of clear, continuous, and consistent communication with customers.

By Beth Robinson
Technical Research

What the Vuln: Zimbra

What the Vuln: Zimbra

Feb 21, 2023

Take a deep dive into Zimbra Zip Path Traversal vulnerability with Carlos Yanez in the first blog of our What the Vuln series.

By Carlos Yanez
Industry

Red Teaming: The Ultimate Sanity Check for Security Teams

Red Teaming: The Ultimate Sanity Check for Security Teams

Feb 16, 2023

Learn how to take control of security program investments with Red Teaming.

By Trevin Edgeworth, Mark MacDonald
Culture

The Top 12 Hacking Influencers to Follow

The Top 12 Hacking Influencers to Follow

Feb 9, 2023

Check out this blog to learn about our favorite influencers to follow on the hacker scene.

By Britt Kemp
Technical Research

Spoofy: An Email Domain Spoofing Tool

Spoofy: An Email Domain Spoofing Tool

Feb 1, 2023

In this blog, take a deep dive into Spoofy, an opensource tool that offers bulk domain lookup based on DMARC and SPF records.

By Matt Keeley
Advisory

EzAdsPro BlackBox Advisory

EzAdsPro BlackBox Advisory

Jan 25, 2023

Read this high risk advisory to learn how EzAdsPro "BlackBox" application allowed directory listing resulting in unauthorized information disclosure.

By Dan Petro
Industry

8 Network Pen Testing Tools for Your Hacker Arsenal

8 Network Pen Testing Tools for Your Hacker Arsenal

Jan 17, 2023

Check out our recommendations for top network pen testing tools to level up your hacking skills.

By Britt Kemp
Technical Research

Cloud Penetration: Not Your Typical Internal Testing

Cloud Penetration: Not Your Typical Internal Testing

Jan 10, 2023

Learn what it is like to be a cloud penetration tester from our expert, Seth Art.

By Seth Art
Culture

2023 Offensive Security Resolutions from the Fox Den

2023 Offensive Security Resolutions from the Fox Den

Jan 4, 2023

Get familiar with Bishop Fox's most important offensive security resolutions for 2023.

By Beth Robinson
Industry

Our Favorite Tools of the Year: 2022 Edition

Our Favorite Tools of the Year: 2022 Edition

Dec 27, 2022

Check out out favorite pen testing tools that we loved using in 2022!

By Britt Kemp
Culture

A Hacker Holiday Gift Guide

A Hacker Holiday Gift Guide

Dec 20, 2022

Need gift ideas for your favorite hackers? We've got you covered with our Hacker Holiday Gift Guide.

By Shanni Prutchi
Advisory

FlowscreenComponents Basepack, Version 3.0.7 Advisory

FlowscreenComponents Basepack, Version 3.0.7 Advisory

Dec 15, 2022

In this advisory, read about a cross-site scripting (XSS) vulnerability in the FlowscreenComponents Basepack, Version 3.0.7.

By Matthew Rutledge
Industry

The Latest in Ransomware: A Path of Cyber Destruction

The Latest in Ransomware: A Path of Cyber Destruction

Dec 12, 2022

In this blog, we share a roundup of recent ransomware events, how ransomware continues to forge a path of destruction, and shed light on efforts to slow the pace of attacks.

By Beth Robinson
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.