Bishop Fox Blog

A space dedicated to sharing our thoughts on the latest cybersecurity news, trends, and threats

Subscribe

Subscribe to Blog via Email

Popular Posts:

Your Worst Case Scenario: An Introduction to Threat Modeling

Threat modeling is an important piece of the security puzzle that may be missing in many IT organizations. Building a comprehensive model of the threats to your applications, systems, and organization will focus your security efforts where they matter most.

Stand Your Cloud #3: AWS Provisioning and Access Requests

This blog post is the closing chapter in a series about AWS security best practices. Read the first post and the second post in this series for context. 

A Bug Has No Name: Multiple Heap Buffer Overflows In the Windows DNS Client


Introduction

CVE-2017-11779 fixed by Microsoft in October of 2017, covers multiple memory corruption vulnerabilities in the Windows DNS client. The issues affect computers running Windows 8/ Server 2012 or later, and can be triggered by a malicious DNS response. An attacker can exploit this issue to gain arbitrary code execution in the context of the application that made the DNS request.

My Life at Bishop Fox

I’m picky about where I work. I don’t like companies that seem to run an internship program simply because everyone else has one. Bishop Fox proved to me that it’s possible to find an impactful, rewarding, and fun internship outside of the traditional options.

Is CORS Becoming Obsolete?

Lately, we have received a lot of questions from our clients about CORS becoming obsolete. They are rightfully concerned about this possibility because so much of Web 2.0 depends on the interoperability mechanisms that CORS provides.

Hot New ‘Anonymous’ Chat App Hijacks Millions of Contact Data

By now, you may have heard the about Sarahah, the new anonymous chat application that’s gone viral around the world.

Bug Bounties & Beyond: An Interview With HackerOne's Mårten Mickos

Mårten Mickos is the CEO of the popular bug bounty platform HackerOne. He recently chatted with Vincent Liu about his nontraditional background as well as his views on transparency and the need to democratize security.

Breaking Drone Defenses: Using Chicken Wire to Defeat Net Projectile-Based Products

The majority of practical drone defense products/solutions currently available use a net projectile of some kind.  These nets are typically very light weight, and wouldn't be heavy enough to drag down their intended targets.  Instead, they are designed to get tangled in the propellers of the 'rogue drone' being targeted in order to disable it (or make it crash).

How I Built An XSS Worm On Atmail

This blog post was authored by Senior Security Analyst Zach Julian; you can connect with him on Twitter here.

What the Newly Drafted NIST Password Guidelines Mean to You

Passwords are security’s primary pain in the neck. They are a source of stress, strife, and sometimes humor. And the debate surrounding “best practices” about them may never fully end in our lifetime.

<
1 2 3 4 5
... 8 >