Industry Blog / Category - Technical

INTRODUCTION When it comes to pen testing projects, precisely identifying a target’s underlying technologies is trivial. Accurately identifying hundreds of thousands of technologies, on a continuous, ongoing basis, isn't. Improving …

Read Story

In late 2019, a new critical-severity vulnerability began to threaten widely used Citrix appliances. While the security community explored the issue and businesses scrambled to learn if they were exposed, …

Read Story

At Bishop Fox, we regularly run product security reviews of our clients’ hardware, many of which require the use of specialized equipment. During a recent security assessment of a device …

Read Story

In 2018, Spencer Gietzen identified 21 methods across various AWS services that could lead to privilege escalation. Since then, I’ve often referred to Spencer’s article during engagements as I look …

Read Story

I completed an impossible hack the other day. A simple authorization bypass led me to a few hundred thousand fullz. I’m talking Social Security numbers, names, addresses, the whole deal …

Read Story

A few of us Bishop Fox consultants recently read through Google’s G Suite Developer’s guide, just to see what they advised. We came across a lot of tips that left …

Read Story

Avoid Common Mistakes When Deploying Cloud-based Services Download the full PDF guide here The Threat of Poor AWS S3 Buckets Security If your organization uses Amazon Web Services (AWS), it …

Read Story

You’ve Already Heard of testssl.sh; Now, Meet IDontSpeakSSL. What is it? It’s a simple script designed for parsing testssl.sh results. It was created to automate the discovery of bad practices …

Read Story

Over the past year, I came across two server-side attack vectors based on CSV injection (explained well here). The first case shows an instance of data exfiltration via Google Sheets …

Read Story

You May Also Like

Subscribe by Email