THROUGH THE LENS OF A HACKER
Deep Dives on Emerging Vulnerabilities
Bishop Fox is committed to sharing vulnerabilities and threat intelligence our offensive security experts have uncovered over the course of thousands of engagements. We invite you to arm yourself with our research as you prepare to defend your attack surface and protect your data.
What the Vuln is a one-of-a-kind series where we shed light on vulnerabilities that could plague your organization – specifically from a hacker’s perspective. Each episode features our offensive security experts as they break down and zero in on one specific vulnerability. Insights include the origins and technical components of the vulnerability, how pen testers can find and exploit the vulnerability, and the relative business impact the vulnerability can have on an organization.
"My message to companies that think they haven't been attacked is: ‘You're not looking hard enough.’ ”
— James Snook, Deputy Director, UK Office for Cyber Securityaa
Subscribe to the What The Vuln Series
By submitting this form, you indicate that you have read and agree to the terms of our Privacy Policy.
Thank you for your interest. Watch your mailbox for the next What The Vuln episode!
What The Vuln Series
A Deep Dive on Vulnerability Intelligence
Episode 2: EDR Bypass
EDR Bypass with LoLBins
In a world of seemingly endless vulnerability threats, endpoint detection and response solutions (EDR) provide much-needed visibility into device activity with automated detection and remediation of malicious activity.
Episode 1: Zimbra
Carlos Vanez Explores Zimbra
Watch the inaugural episode of our What the Vuln livestream series as we examine Zimbra Zip Path Traversal vulnerabilities, CVE-2022-27925 and CVE-2022-37042.
Hear from our security expert on:
- A Zimbra vulnerability discovery overview
- A step-by-step demo of the exploit development in action
- How to apply exploitation techniques to other vulnerabilities
OUR RESEARCH IS YOUR RESEARCH
Expand Your Hacking Toolkit
Our team of offensive security experts use every tool in the box, and when we need something better, we build a new tool... and then add it to the toolbox, so everyone benefits. Coined like Ted Talks, our Tool Talk series spotlights new tools that are developed and/or loved by our Foxes. We showcase how and why the tool was created, demoing how security professionals can use the tool, and how the Fox Den utilizes the tool within our own projects.
Latest Tool Talk
Burp Suite Extensions: Creating Customized Extensions for Penetration Testing
Learn how to power up web application security testing with tips on creating customized extensions featuring BurpCage, an extension that replaces any image proxied through Burp Suite leveraging the Montoya API.
EXTEND YOUR KNOWLEDGE
Explore Security Bulletins & Advisories
Dec 15, 2022
FlowscreenComponents Basepack, Version 3.0.7 Advisory
By Matthew Rutledge
Jul 13, 2022
Netwrix Auditor Advisory
By Jordan Parkin
Nov 21, 2022
Log HTTP Requests, Version 1.3.1, Advisory
By Etan Castro Aldrete
Apr 13, 2023
WP Coder, Version 2.5.3 Advisory
By Etan Castro Aldrete
Apr 04, 2023
Microsoft Intune, Version 1.55.48.0 Advisory
By Ben Lincoln
Apr 04, 2023
Windows Task Scheduler Application, Version 19044.1706 Advisory
By Ben Lincoln
Are you ready? Start defending forward.
Are you ready to uncover your digital footprint and get a real-time, attacker’s view of your perimeter? Request a demo to see the Cosmos platform in action.