Bishop Fox Blog

Automating Exploitation of a Pulse SSL VPN Arbitrary File Read Vulnerability Introduction At this year’s Black Hat and DEFCON conferences, Orange Tsai and Meh Chang gave a talk entitled “Infiltrating …

Read Story

I completed an impossible hack the other day. A simple authorization bypass led me to a few hundred thousand fullz. I’m talking Social Security numbers, names, addresses, the whole deal …

Read Story

July and August are usually busy months in cybersecurity, and it was no different at Bishop Fox. We embarked on our tenth consecutive year of presenting at Black Hat, DEF …

Read Story

A Bishop Fox Guide Infosec always waits for that once-a-year opportunity to check out the latest and greatest security research (as well as rub elbows with some of the industry’s …

Read Story

Security Fatalism There’s a philosophy of thinking out there that I like to call “Cybersecurity Fatalism”, and it’s bad and wrong. It leads you down a path of buying snake …

Read Story

Used by millions of users worldwide, the Dolibarr ERP CRM has become a major integrated solution in the Open Source world. Its user and developer community is growing (source). Depended …

Read Story

GitGot is a semi-automated, feedback-driven tool that can rapidly search through troves of public data on GitHub for sensitive secrets. Read Jake Miller's other post explaining the conception of GitGot …

Read Story

What's Wrong With Scanners? Scanning tools are ubiquitous in the security industry. They can speed up manual workflows, provide security intelligence to supplement operations, and be integrated quickly in a …

Read Story

In May - June 2019, Bishop Fox's Gavin Stroy led a machine learning workshop at DEF CON China 1.0. The below is his recap of this unique event. Wait, DEF …

Read Story

Subscribe by Email