Bishop Fox Blog

A space dedicated to sharing our thoughts on the latest cybersecurity news, trends, and threats

Subscribe

Subscribe to Blog via Email

Popular Posts:

WPA3 Is a Major Missed Opportunity: Here's Why

Recently, the Wi-Fi Alliance officially announced details for the WPA3 security standard, which includes a brand-new protocol: the “Enhanced Open” network. While this new technology will represent an improvement to how open networks are done today, I believe that it’s a missed opportunity to offer some real security in one of the most common Wi-Fi use-cases.

Reintroducing the Cybersecurity Style Guide: V1.1

Download the Bishop Fox Cybersecurity Style Guide (V1.1) Here

Why You Need IDontSpeakSSL in Your Life

You’ve Already Heard of testssl.sh; Now, Meet IDontSpeakSSL.

What is it? It’s a simple script designed for parsing testssl.sh results. It was created to automate the discovery of bad practices on SSL/TLS configuration, Cipher suites, and certificates. It is the most useful on projects with a broader scope; for example, it would prove highly efficient while performing internal or external network penetration testing.

My Path to Security - How Kelly Albrink Got Into Cybersecurity

Name: Kelly Albrink

Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution

Over the past year, I came across two server-side attack vectors based on CSV injection (explained well here). The first case shows an instance of data exfiltration via Google Sheets Injection, while the second case demonstrates a path from formula injection to remote code execution.

1