Offensive Security Blog

Didn't make it to RSA 2022? Or haven't had a chance to use your virtual pass? No problem! Check out our blog recap highlighting our favorite sessions and what we loved about them.

A 2022 RSA Conference Recap: IRL Edition

Jun 21, 2022

By Britt Kemp

In this blog, we share tips and tricks for how to get involved at security conferences, including which events are our favorite, how to submit CFPs, and tips for enhancing speaking presentations.

Stepping into the Spotlight at Security Conferences

Jun 13, 2022

By Britt Kemp

In this blog, we look at how we can utilize the AWS CloudTrail service to discover other AWS accounts that we could pivot to.

Using CloudTrail to Pivot to AWS Accounts

Jun 7, 2022

By Gerben Kleijn

ripgen is a super-fast subdomain permutation discovery tool that helps map the full scope of an attack surface. Learn how our Cosmos team uses ripgen to uncover unknown subdomain findings in our clients' environments.

ripgen: Taking the Guesswork Out of Subdomain Discovery

Jun 1, 2022

By Justin Rhinehart, Joe Sechman

Last year, decentralized finance (DeFi) grew tremendously, not only in usage, but also in cybersecurity attack. To understand the risks of these new blockchain technologies and use cases, we analyzed the main hacks that occurred in 2021.

Call of DeFi: The Battleground of Blockchain

May 24, 2022

By Dylan Dubief

Managing Sr. Consultant Ben Lincoln tested a Ruby on Rails application that was vulnerable to three of the most common types of Ruby-specific RCE vulnerabilities. Here is a walkthrough and new test harness that you can use to enable more efficient web application exploitation.

Ruby Vulnerabilities: Exploiting Dangerous Open, Send and Deserialization Operations

May 17, 2022

By Ben Lincoln

Advisory

CVE-2022-1388: Scan BIG-IP for Exact Release Versions

May 10, 2022

Worried about your BIG-IP devices and if they are impacted by CVE-2022-1388? We built a scanner that can help you quickly determine if they are running versions that need to be patched. Check it out!

By Caleb Gross

We recently launched Bishop Fox Academy, a company-wide career development and continuous learning program to uphold our position as an offensive security leader.

Getting Schooled in Security: Bishop Fox Academy

May 10, 2022

By Andrew Wilson

In honor of Dia del Trabajo (Labor Day) on May 1, we talked to Foxes in Mexico about their cybersecurity journeys, life at Bishop Fox, Mexico as a tech leader, and any advice they have to fellow Mexicans who want to join the industry.

The Foxes of Mexico: A Security Roundtable

May 1, 2022

By Beth Robinson

During the last few years, no other cyber threat has dominated headlines as much as ransomware, with SANS even declaring 2020 and 2021 “the years of ransomware”. Explore the latest ransomware trends, including ransomware as decoys, RaaS, and attacks on supply chains.

Ransomware: How Adversaries are Upping the Ante

Apr 27, 2022

By Trevin Edgeworth

In keeping with our new tradition of crowdsourcing pen testing tool topics, it became clear that you wanted more on fuzzing! Learn which fuzzing tools are our pen testers' favorites to add to your security toolbox.

Our Top 9 Favorite Fuzzers

Apr 19, 2022

By Britt Kemp

We dispel some misconceptions of finding a mentor and provide some straightforward ideas for developing a mentor-mentee relationship, no matter the stage of your career.

Cybersecurity Mentors: Why & How to Find Your Match

Apr 12, 2022

By Britt Kemp

Nuclei is one of our favorite tools to run more speedy, efficient, customized, AND accurate multi-protocol vulnerability scanning. Learn how our teams use this tool to uncover risks in our clients' environments.

Nuclei: Packing a Punch with Vulnerability Scanning

Apr 5, 2022

By Matt Thoreson, David Bravo, Zach Zeitlin, Sandeep Singh

See how talent shortage and the Great Resignation movement is impacting the cybersecurity workforce, and learn how Bishop Fox approaches recruiting and retention of cybersecurity talent.

Cyber Talent: Exploring the Ongoing Shortage & Great Resignation

Mar 29, 2022

By Beth Robinson

In the third part of our “Reports from the Field” series, we’ll explore how attackers utilize all tools available (including open source) to dig for an exploit.

Reports from the Field: Part 3

Mar 22, 2022

By Wes Hutcherson

In honor of Women’s History Month and the paths ladies are forging in cybersecurity, we talked to Foxes about their cybersecurity journeys, their experiences at Bishop Fox, and any advice they have to other women who may be new to the field.

Women of the Fox Den: A Security Roundtable

Mar 15, 2022

By Britt Kemp

In the second part of our “Reports from the Field” series, we’ll explore exposed configuration files. If you want to check out our first part on reused credentials, visit: Reports from the Field, Part 1.

Reports from the Field: Part 2

Mar 8, 2022

By Wes Hutcherson

In this three-part series, we’ll describe real-world examples that showcase how perceived ‘low-risk’ vulnerabilities can turn into critical, business-impacting issues – especially through attack chaining.

Reports from the Field: Part 1

Mar 1, 2022

By Wes Hutcherson

You spoke, and we listened! Earlier this year, we asked what pen testing tool list we should publish next. A list that focused on the cloud was the clear crowd favorite. So that being said, here are nine of our favorite tools for cloud pen tests.

Cloud 9: Top Cloud Penetration Testing Tools

Feb 24, 2022

By Britt Kemp

You can’t read what pixelated text says... right? Think again; Dan Petro explains how pixelation works, why it’s a terrible redaction technique, and how our tool Unredacter can actually reverse pixelated text.

Never, Ever, Ever Use Pixelation for Redacting Text

Feb 15, 2022

By Dan Petro

Check out a few of our favorite talks from CatcusCon 10.

CactusCon 10: Five Security Talks to Watch

Feb 10, 2022

By Britt Kemp

We open-sourced our list by asking some of our Discord members to contribute their favorites in addition to folks in the Fox Den.

Music To Hack To: Volume 2

Feb 2, 2022

By Britt Kemp