Bishop Fox Blog

A space dedicated to sharing our thoughts on the latest cybersecurity news, trends, and threats

Subscribe

Subscribe to Blog via Email

Popular Posts:

A Guide to AWS S3 Buckets Security


Download our corresponding how-to guide here

The Threat of Poor AWS S3 Buckets Security

If your organization uses Amazon Web Services (AWS), it is extremely important to understand AWS S3 buckets security. Configuring your S3 buckets the right way can mean the difference between business as usual and nearly catastrophic data leaks. If you’ve noticed in the past few years, AWS S3 data leaks are not uncommon – and it’s fairly probable that your organization is not immune to them. They have affected high-profile organizations like Verizon, Accenture, and several others in recent memory.

WPA3 Is a Major Missed Opportunity: Here's Why

Recently, the Wi-Fi Alliance officially announced details for the WPA3 security standard, which includes a brand-new protocol: the “Enhanced Open” network. While this new technology will represent an improvement to how open networks are done today, I believe that it’s a missed opportunity to offer some real security in one of the most common Wi-Fi use-cases.

Reintroducing the Cybersecurity Style Guide: V1.1

Download the Bishop Fox Cybersecurity Style Guide (V1.1) Here

Why You Need IDontSpeakSSL in Your Life

You’ve Already Heard of testssl.sh; Now, Meet IDontSpeakSSL.

What is it? It’s a simple script designed for parsing testssl.sh results. It was created to automate the discovery of bad practices on SSL/TLS configuration, Cipher suites, and certificates. It is the most useful on projects with a broader scope; for example, it would prove highly efficient while performing internal or external network penetration testing.

My Path to Security - How Kelly Albrink Got Into Cybersecurity

Name: Kelly Albrink

Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution

Over the past year, I came across two server-side attack vectors based on CSV injection (explained well here). The first case shows an instance of data exfiltration via Google Sheets Injection, while the second case demonstrates a path from formula injection to remote code execution.

My Weekend With the Foxes

In this write-up, Security Analyst Chris D. describes the first few months of his job at Bishop Fox. 

Hello World! Introducing the Bishop Fox Cybersecurity Style Guide

Our newest revision, Version 1.1, is now available: (Version 1.1)

My Time at NetWars Tournament of Champions


EPISODE ONE: THE CTF AWAKENS

Each and every December, some of the best and brightest hackers from around the world travel to Washington D.C. for the NetWars Tournament of Champions. Champion golfers may have their prestigious green sportscoats, but NetWars champions receive the coveted black hoodie.

The 12 Days of Security

If you've been following our actions on social media lately, you'll notice we did a "12 Days of Security" series of cybersecurity tips for how to stay secure around the holidays. The below is a recap of the updates.

<
1 2 3 4 5
... 8 >