Bishop Fox Blog

A space dedicated to sharing our thoughts on the latest cybersecurity news, trends, and threats

Subscribe

Subscribe to Blog via Email

Popular Posts:

Why You Need IDontSpeakSSL in Your Life

You’ve Already Heard of testssl.sh; Now, Meet IDontSpeakSSL.

What is it? It’s a simple script designed for parsing testssl.sh results. It was created to automate the discovery of bad practices on SSL/TLS configuration, Cipher suites, and certificates. It is the most useful on projects with a broader scope; for example, it would prove highly efficient while performing internal or external network penetration testing.

What the Newly Drafted NIST Password Guidelines Mean to You

Passwords are security’s primary pain in the neck. They are a source of stress, strife, and sometimes humor. And the debate surrounding “best practices” about them may never fully end in our lifetime.

Star Wars: I Find Your Lack of Segmentation Disturbing

For a more detailed technical look at network segmentation, read this guide by Cory Johnson.

A Guide to Do-It-Yourself Network Segmentation

You may be interested in exploring the possibilities of network segmentation, but may not be sure what that looks like for your home network or the network of your small business. You don’t have the budget of a large corporation. You can’t afford the resources that they can, but nonetheless, you want to ensure your network is ultimately secure.

The Active Directory Kill Chain: Is Your Company at Risk?

In May of 2014, Microsoft released Security Bulletin MS14-025. The vulnerability described in this disclosure could allow for the elevation of privilege if Active Directory Group Policy is used to distribute local administrator passwords throughout a domain. In this blog post, we will walk through an entire attack scenario centered around the use (and abuse) of this vulnerability.

1