Technical Briefing

A breakdown of CVE-2025-24813 in Apache Tomcat—what it is, who’s actually at risk, and why most users likely aren’t affected. Keep calm and patch your servers.

Researchers walk through cracking SonicOSX: extracting keys, decrypting firmware, and analyzing its architecture at DistrictCon 2025.

Security researcher Jon Williams reveals how attackers can silently compromise enterprise networks by hijacking legitimate VPN sessions on vulnerable SonicWall firewalls—no credentials required. Despite patches being available since January 2025, thousands of devices remain exposed, creating significant risk for organizations that haven't prioritized updates.

Red Team Practice Director Trevin Edgeworth reveals how attackers leverage periods of organizational flux—from mergers to technology migrations—to breach defenses. Learn how recent high-profile compromises demonstrate the security vulnerabilities that emerge during times of change.

Bishop Fox client briefing: Insights into PAN-OS vulnerability (CVE-2024-0012) with Q&A and advanced threat detection strategies.

Tune into our webcast to learn more about Attack Surface Management and tips for evaluating solutions. GigaOm analyst Chris Ray joins us to share his insights!

In our sixth edition of the Tool Talk series, we explore a new test harness for discovering and crafting Ruby exploits.

Uncover your organization’s unique cost savings and risk mitigation strategy for a continuous offensive testing solution with our customized ROI calculation. 

Examine your organization’s level of ransomware preparedness through the lens of offensive security considerations.

In the hands of skilled attackers, many "low risk" exposures serve as launching pads or steppingstones to more complex and destructive attacks. Watch our webcast as we dive into real-world examples and how you can proactively address these innocuous exposures with a modernized approach.

Join our panelists as they dive into the attacker’s perspective and how you can identify unusual activity and harden systems against further compromise.

What if security could become an integral framework within the software development process? Join Tom Eston and Chris Bush to learn how Threat Modeling is changing the way organizations manage application security risks.

On-demand webcast offers an in-depth look at how DevOps can integrate both automated and manual code review into the software development lifecycle.

On-demand webcast provides an in-depth look at using Continuous Attack Surface Testing (CAST) to identify and close attack windows before it’s too late.

Explore how the right DevSecOps strategy empowers both your security and development teams with Tom Eston, AVP of Consulting at Bishop Fox.

On-demand webcast features security experts discussing recent attacks at SolarWinds, Colonial Pipeline, and more.

Tom Eston, AVP of Consulting at Bishop Fox, dives into the role of application penetration testing in today’s software development lifecycle (SDLC).