Bishop Fox Labs
Collaborative Analysis. Real-World Impact.
At Bishop Fox, we don’t just talk about advancing security, we make it happen. We put out the tools, research, and insights that push boundaries so defenders everywhere can move faster and protect what matters.
d88P Y88b d8888
888 888 888
888 888 888
888 888 888
888 888 888
Y88b d88P 888
"Y8888P" 8888888
Driven by Mission & Vision
We're Committed to Openly Sharing Information
VULNERABILITY INTELLIGENCE
Hear from our security experts on the latest happenings in the news from regulation updates to hacks around the world.
OPEN-SOURCE TOOLS
Augment your capabilities with an arsenal of tools and cutting-edge research, developed by Bishop Fox's seasoned experts.
TRAINING & WORKSHOPS
Watch our training sessions and workshops to expand your education and give you a leg-up against threat actors.
SECURITY ADVISORIES
Dive into the latest security bulletins and advisories encapsulating insights into the rapidly evolving cybersecurity landscape.
TECHNICAL BLOG
Learn how we break, build, and defend in the world of offensive security. Here, our researchers dive into real-world vulnerabilities, tool chains, and advanced security techniques.
GUIDES & REPORTS
Whether you’re preparing for a security audit, evaluating threat models, or seeking data to inform board-level decisions, you’ll find reports and guides you can rely on.
d88P Y88b d88P Y88b
888 888 888
888 888 .d88P
888 888 .od888P"
888 888 d88P"
Y88b d88P 888"
"Y8888P" 888888888
Demystifying 5G Security
JOIN OUR UPCOMING WORKSHOP
Date: Thursday, October 16
Time: 2pm EST / 7pm BST
5G is reshaping how the world connects, but with innovation comes complexity. In this hands-on workshop, Senior Security Consultant Drew Jones will break down the fundamentals of the 5G registration protocol, explore where security gaps can emerge, and walk through a live simulated lab demonstrating real-world vulnerabilities.
A Hacker's Tool Kit
Try Popular Tools from Bishop Fox
Red Team Framework
Sliver
Sliver is a cross-platform general purpose implant framework designed to be an open-source alternative to Cobalt Strike. It supports asymmetrically encrypted C2 over DNS, HTTP, HTTPS, and Mutual TLS.
A command line tool
CloudFox
CloudFox helps penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. It currently supports AWS.
ATTACK TOOL FOR LLM
Broken Hill
Broken Hill is a productionized Greedy Coordinate Gradient (CGC) attack tool for use against large language models.
Auditing of OpenAPI definition files
Swagger Jacker
Swagger Jacker is an audit tool designed to improve inspection of unintentionally exposed OpenAPI definition files.
News Insights
Expert-driven Insights into the Latest Happenings
Blog Post
Demystifying 5G Security: Understanding the Registration Protocol
5G networks face critical security gaps during device registration. Despite improved architecture, unprotected initial messages and weak encryption negotiation create attack windows. Learn how to identify and mitigate these vulnerabilities.
Blog Post
Vulnerability Discovery with LLM-Powered Patch Diffing
Read our most recent research to see how LLMs can assist in scaling patch diffing workflows, saving valuable time in a crucial race against attackers.
Blog Post
Next-Level Fingerprinting: Tools, Logic, and Tactics
Explore how combining AI-assisted research with real-world data and signature normalization can significantly improve fingerprinting capabilities.
Blog Post
You’re Pen Testing AI Wrong: Why Prompt Engineering Isn’t Enough
Conventional pen testing methods fall short with LLMs. Static prompt tests miss adversarial context manipulation and latent model behaviors. Explore how to test AI systems like an attacker.
Blog Post
Sitecore Experience Platform Vulnerabilities V10.1 to 10.3
Critical vulnerabilities in Sitecore Experience Platform versions 10.1–10.3 could allow unauthenticated attackers to gain full system access through a simple exploit chain. Learn what’s at risk—and how to defend against it.
Responsible Disclosure Program
Security Bulletins & Advisories
UNAUTHORIZED ACCESS VULNERABILITY
YoSmart YoLink Hub version 0382
Bishop Fox staff identified three vulnerabilities in the YoSmart YoLink Hub version 0382. The most severe vulnerability was an authorization controls issue that could enable an attacker to interact with other YoSmart users’ smart home devices.
DENIAL-OF-SERVICE VULNERABILITY
SonicWall Sonicos Versions 7.1.x and 8.0.x
Bishop Fox staff identified a vulnerability in SonicWall that allowed them to cause an affected NSv virtual appliance to reboot by sending unauthenticated requests to specific API endpoints, resulting in a denial-of-service condition.
INSUFFICIENT AUTHORIZATION CONTROL
Traeger Grill D2 Wi-Fi Controller, Version 2.02.04
Two vulnerabilities and two informational issues were identified that affected the Traeger Grill Wi-Fi Controller: Insufficient Authorization Controls Sensitive Information Disclosure Unencrypted Firmware Exposed Debug Ports
Cross-Site Scripting (XSS)
ExpressionEngine, Version 7.3.15
Bishop Fox staff identified two vulnerabilities in Packet Tide’s ExpressionEngine version 7.3.15. The most severe issue allowed Bishop Fox staff to obtain access to a new administrator account in an instance of ExpressionEngine.
Out-Of-Bounds Memory Read
OOB Memory Read: Netscaler ADC and Gateway
The vulnerability would enable an unauthenticated attacker to remotely obtain information from a NetScaler appliance configured as a Gateway or AAA virtual server. While similar in nature to CVE-2023-4966, this issue is much less likely to return highly sensitive information to an attacker.
Ready to Get Started in Offensive Security?
Let's Connect.
Tell us your offensive security goals. We’ll help you find the right solution and be a trusted partner every step along the way.
