Poisoned Pipeline Execution Attacks: A Look at CI-CD Environments Continuous Integration and Continuous Deployment (CI/CD) pipelines have revolutionized how softwar... 2024-3-19 19:0:0 | 阅读: 39 | 收藏 | bishopfox.com - bishopfox.com repository github ppe attacker malicious

Further Adventures in Fortinet Decryption When CVE-2024-21762 and CVE-2024-23113 were patched in February 2024, Bishop Fox analyzed the patch... 2024-3-8 19:0:0 | 阅读: 311 | 收藏 | bishopfox.com - bishopfox.com rootfs fgt flatkc vals kallsyms

CVE-2024-21762 Vulnerability Scanner for FortiGate Firewalls Due to the nature in which we conduct research and penetration tests, some of our security experts p... 2024-3-1 19:0:0 | 阅读: 73 | 收藏 | bishopfox.com - bishopfox.com security fortune fox bishop excellence

It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable Summary SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two... 2024-1-16 01:0:0 | 阅读: 48 | 收藏 | bishopfox.com - bishopfox.com snprintf chk 22274 overflow 0656

GWT: Unpatched, Unauthenticated Java Deserialization IntroductionHow would you react if I told you that GWT, a fairly popular open-source web applicat... 2023-12-19 01:0:0 | 阅读: 38 | 收藏 | bishopfox.com - bishopfox.com gwt client omitted brevity

Introducing Swagger Jacker: Auditing OpenAPI Definition Files Swagger Jacker, or “sj” for short, is an open-source tool developed to audit OpenAPI definition fi... 2023-12-12 22:0:0 | 阅读: 22 | 收藏 | bishopfox.com - bishopfox.com swagger routes security openapi

Cloud Security Podcast Featuring Seth Art: Network Pentest 2.0 Ashish: Seth, can you tell us a bit about yourself and how you got to where you are today? Seth: S... 2023-11-8 22:0:0 | 阅读: 24 | 收藏 | bishopfox.com - bishopfox.com cloud network ashish seth security

Cloud Security Podcast Featuring Seth Art: Cloud Pentest of AWS Seth Art, principal at Bishop Fox and creator of CloudFox and CloudFoxable, joined Cloud Security P... 2023-11-1 21:0:0 | 阅读: 28 | 收藏 | bishopfox.com - bishopfox.com cloud seth ashish security client

Building an Exploit for FortiGate Vulnerability CVE-2023-27997 BackgroundEarlier this year, Lexfo published details of a pre-authentication remote code injectio... 2023-10-28 00:0:0 | 阅读: 31 | 收藏 | bishopfox.com - bishopfox.com salt seeds scratch 0x2000 payload

Celebrating One Year of CloudFox Seth Art (OSCP) is a Principal Security Consultant at Bishop Fox, where he currently focuses on pene... 2023-9-29 23:0:0 | 阅读: 22 | 收藏 | bishopfox.com - bishopfox.com security seth cloudfox cloudsec fox

Passing the OSEP Exam Using Sliver The OSEP ExamLast October, I successfully completed and passed the OffSec Advanced Evasion and Te... 2023-9-21 21:0:0 | 阅读: 58 | 收藏 | bishopfox.com - bishopfox.com sliver gemsbok amused shellcode beacon

Badge of Shame - Breaking Into Secure Facilities with OSDP Breaking into secure facilities is easily one of the most entertaining things we do here as consul... 2023-8-9 15:0:0 | 阅读: 21 | 收藏 | bishopfox.com - bishopfox.com osdp encryption security badge defender

Analysis and Exploitation of CVE-2023-3519 BackgroundOn July 18, Citrix announceda critical remote code execution vulnerability in Citrix A... 2023-8-5 07:0:0 | 阅读: 24 | 收藏 | bishopfox.com - bishopfox.com payload shellcode nsppe gwtest analysis

Breaking Fortinet Firmware Encryption IntroductionThe previous article in our Fortinet series, CVE-2023-27997 is exploitable, and 69%... 2023-8-2 21:0:0 | 阅读: 30 | 收藏 | bishopfox.com - bishopfox.com ciphertext cleartext encryption firmware fgt

Citrix ADC Gateway RCE: CVE-2023-3519 is Exploitable, and 53% of Servers Are Unpatched read file error: read notes: is a directory... 2023-7-22 01:55:0 | 阅读: 25 | 收藏 | bishopfox.com - bishopfox.com citrix adc netscaler unpatched analysis

Introducing jsluice: The Why Behind JavaScript Gold Mining (Part 1) JavaScript. Depending on who you are it's a word that can instil fear, joy, or curiosity. Regardle... 2023-7-20 21:0:0 | 阅读: 18 | 收藏 | bishopfox.com - bishopfox.com guestbook jsluice analysis security

Introducing jsluice: A Technical Deep-Dive for JavaScript Gold (Part 2) A sluice box is a box lined with riffles or ridges. When you put a sluice box in flowing water tha... 2023-7-20 21:0:0 | 阅读: 18 | 收藏 | bishopfox.com - bishopfox.com jsluice jq awskey analysis

CVE-2023-27997 Is Exploitable, and 69% of FortiGate Firewalls Are Vulnerable TL;DR Bishop Fox internally developed an exploit for CVE-2023-27997, a heap overflow in FortiOS—t... 2023-7-1 01:0:0 | 阅读: 25 | 收藏 | bishopfox.com - bishopfox.com fortios fortigate remote logarithmic

CVE-2023-27997 Vulnerability Scanner for FortiGate Firewalls TL;DRBishop Fox has developed a tool to quickly check if a remote FortiGate firewall is affected... 2023-6-21 05:0:0 | 阅读: 26 | 收藏 | bishopfox.com - bishopfox.com fortigate 27997 memory statistic overflow

Introducing CloudFoxable: A Gamified Cloud Hacking Sandbox CloudFox helps penetration testers and security professionals find exploitable attack paths in clo... 2023-6-13 22:0:0 | 阅读: 40 | 收藏 | bishopfox.com - bishopfox.com cloud security github cloudfox