Offensive Security Blog

In this blog, learn how Bishop Fox discovered vulnerabilities in Kosovo's Avicena Medical Laboratory revealing patients' COVID-19 records.

160K COVID-19 Records: Vulnerability in Avicena Medical Laboratory

Dec 9, 2022

By Dardan Prebreza

Get a CISO's perspective on testing your security defenses against real-world ransomware playbooks.

A CISO's Approach to Ransomware Playbooks

Nov 29, 2022

By Beth Robinson

Advisory

Log HTTP Requests, Version 1.3.1, Advisory

Nov 21, 2022

Read this medium risk advisory to learn details about CVE-2022-3402.

By Etan Castro Aldrete

In this blog, learn how veterans bridge the career gap between active duty service and civilian cybersecurity.

How to Go from Active Duty to Civilian Cybersecurity

Nov 17, 2022

By Beth Robinson

In this blog, we share our recommendations for improving technical documentation guidelines and strategies for security teams.

Don't Get Caught in the Dark: How to Build Better Documentation for Security Teams

Oct 31, 2022

By Andy Doering

Get inside the mind of a hacker with highlights from our webcast, Hacker Insights Revealed; New SANS Survey Results

Behind the Scenes, New Insights from SANS Hacker Survey

Oct 27, 2022

By Beth Robinson

Advisory

Atlassian Jira Align, Version 10.107.4 Advisory

Oct 24, 2022

Read to learn details about the Atlassian Jira Align, Version 10.107.4 Advisory

By Jake Shafer

Is your organization concerned with security vulnerabilities? Read on as we examine publicly disclosed reports to understand the most frequent vulnerability types, the highest-disclosed bounties, and more.

The State of Vulnerabilities in 2022

Oct 19, 2022

By Carlos Yanez

In honor of Cybersecurity Awareness Month, we've gathered our top tips to help your family, friends, and community members stay safer in the virtual world.

Sharing the Power of Cybersecurity Awareness

Oct 5, 2022

By Beth Robinson

We partnered with SANS to bring you a groundbreaking report that explores the minds and methodologies of modern cyber adversaries. See what inspired our research and get access to the full report.

Know Your Enemy, Know Yourself: Examining the Mind of a Cyber Attacker

Sep 28, 2022

By Wes Hutcherson

Learn how your organization can improve application security by applying secure design patterns, avoiding anti-patterns, and adding security architecture analysis.

(In)Secure by Design

Sep 22, 2022

By Chris Bush, Shanni Prutchi

Introducing CloudFox, a command line tool created to help offensive security professionals find exploitable attack paths in cloud infrastructure.

Introducing: CloudFox

Sep 13, 2022

By Seth Art, Carlos Vendramini

We asked you to take our Unredacter Challenge, in which we asked you to get creative and devise a way to solve our blurred secret message! Watch as Shawn A., one of our Unredacter Challenge winners, showcases his solution.

Solving the Unredacter Challenge

Sep 8, 2022

By Shawn Asmus

Level up your knowledge of university, military and STEM pathways into the cybersecurity industry to start planning your career journey.

Pathways to Security: A Look at University, Military and STEM Programs

Aug 29, 2022

By Beth Robinson

In this blog, we follow up on the systemic problem of insecure use of random number generators (RNGs) in the Internet of Things (IoT) industry.

You're (Still) Doing IoT RNG

Aug 24, 2022

By Dan Petro

What happened in Vegas stays in Vegas... or does it? See our recap of our Fox adventures at B-Sides LV, The Diana Initiative, Black Hat USA, and DEF CON 30.

What the Fox Happened in Las Vegas?

Aug 18, 2022

By Britt Kemp

Going to DEF CON for the first time? Check our recommendations for making the most of your inaugural DEF CON experience.

A Guide to Your First DEF CON

Aug 5, 2022

By Britt Kemp

Learn why Bishop Fox has been ranked No. 21 on Fast Company’s Fourth Annual List of the 100 Best Workplaces for Innovators.

Creating Innovation in the Workplace

Aug 3, 2022

By Beth Robinson

In this blog, find out what security experts are excited for during this year's Black Hat and DEF CON week.

Our Favorite Week of the Year

Jul 26, 2022

By Britt Kemp

In this blog, learn about the transformations that cybercrime groups have undergone and why potential victims should pay attention.

Organized: The Kingpins of Cybercrime

Jul 14, 2022

By Beth Robinson

Advisory

Netwrix Auditor Advisory

Jul 13, 2022

The Netwrix Auditor application is affected by an insecure object deserialization issue that allows an attacker to execute arbitrary code with the privileges of the affected service.

By Jordan Parkin

In this blog, learn why our Foxes enjoy participating in Capture the Flag (CTF) competitions and how it complements their career goals.

Capture the Flag to Advance Your Hacking Skills

Jul 12, 2022

By Carlos Cañedo

Today (and everyday) is the perfect occasion to celebrate our Veterans of the Fox Den. Learn how our veterans served their nation and found cybersecurity as a civilian career path.

Veterans of the Fox Den

Jul 4, 2022

By Beth Robinson