All Blog Posts

Dark Reading - h2c Smuggling: A New 'Devastating' Kind of HTTP Request
ZOOM SECURES THEIR RAPIDLY EXPANDING ATTACK SURFACE WITH CAST
Intigriti - Bug Bytes: HTTP Request Smuggling Via HTTP/2
Design Considerations for Secure Cloud Deployment
Hackaday - Security This Week: Racoons in My TLS, Bypassing Frontends, and Obscurity
DEVELOPING A NEW METHODOLOGY FOR ILLUMIO TO MEASURE THE POWER OF MICRO-SEGMENTATION
h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)
Music to Hack To: A Bishop Fox Mixtape
Security Magazine - 5 Minutes With Daniel Wood
PortSwigger - Zamzar Springs to Action to Quickly Resolve Web Security Flaws in API
Zamzar API
What Makes a Good Penetration Test?
20 Tips on How to Make the Most of Your Pen Test
8 Recommended Talks From DEF CON 28
Dark Reading - 7 Ways to Keep Your Remote Workforce Safe
CSO - Smogcloud
Threatpost - High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
SecurityWeek - Potentially Serious Vulnerability Found in Popular WYSIWYG Editor TinyMCE
PortSwigger - TinyMCE Suffers Big XSS Flaw
The CyberWire - Newsletter: Is This IoT App Safe to Drink?
Security Boulevard - 12 Hot Takes on How Red Teaming Takes Pen Testing to the Next Level
TinyMCE — Version 5.2.1
Is This IoT App Safe to Drink?
A Look Forward to the DEF CON Red Team Village CTF
Are You Giving Out Cheat Codes if You Whitelist Pen Testers?
Built In Phoenix - 8 Phoenix Cybersecurity Companies to Know
The CyberWire - Newsletter: An Updated Guide to Do-It-Yourself Network Segmentation
Dark Reading - Block/Allow: The Changing Face of Hacker Linguistics
Dark Reading - 8 Cybersecurity Themes to Expect at Black Hat USA 2020
An Updated Guide to Do-It-Yourself Network Segmentation
Mo Hijazi to Present Trust Through Verification
Podcast: Robot Downsizing - How the Ultimate Security Solution is Human
Webinar: Tackling the Changed Landscape of Enterprise Security – An Industry Roundtable
Ankur Chowdhary Interviewed by Security Weekly
Kelly Albrink Interviewed Regarding Shadow IT
PortSwigger - Librehealth Medical Records App Exposes Sensitive Patient Data
Dark Reading - Vulns in Open Source EHR Puts Patient Health Data at Risk
LibreHealth Version 2.0.0
Security Boulevard - A Look at PAN-OS Versions with a Bit of R
Delivering Peace of Mind About New Citrix Emerging Threat
Christie Terrill to Present for NJ Cyber Threat Intelligence & Security Operations Group
SkillBridge Paves the Way for Service Members
Ankur Chowdhary to Present at DEF CON 28 Red Team Village
TechRadar - Zoom CEO Sets Out What's Next for Privacy and Security
Computer Weekly - Zoom Making Progress on Cyber Security and Privacy, Says CEO
Breaking HTTPS in the IoT: Practical Attacks For Reverse Engineers
Stop Treating Breaches Like Natural Disasters: A New Mindset for Application Security
TechBeacon - Cloud Misconfigurations and Security: 5 Ways to Avoid Your Next Fail
How to Set Up Your Hardware Lab
SecureAuth Version 9.3
PortSwigger - DigDash Fixes SSRF Flaw
A Guide to Digital Reconnaissance
Bishop Fox Named "Top Company to Work for in Arizona" for Seventh Consecutive Year
The Register - Connectwise Issues a Slightly Scary, but Unusually Significant Security Advisory
DigDash Enterprise: Versions 2018R2-2020R1
Dark Reading - 7 Must-Haves for a Rockin' Red Team
Rob Ragan to Present at Global AppSec San Francisco 2020
Rob Ragan to Present at Black Hat 2020
OOB to RCE: Exploitation of the Hobbes Functional Interpreter
The CyberWire - Quantifying the Impact of Micro-Segmentation Report Highlighted
Dark Reading - Bishop Fox, Illumio Share Microsegmentation Research Findings
Security Boulevard - Illumio and Bishop Fox Release First-of-its-kind Test Report
Lessons Learned from Years of Red Teaming
Priyank Nigam to Present at Denver ISSA Virtual Chapter Meeting
PortSwigger - RMIScout: New Hacking Tool Brute-forces Java RMI Servers for Vulnerabilities
Bishop Fox and Illumio Demonstrate the Efficacy of Micro-segmentation
Quantifying the Impact of Micro-Segmentation
Invest in Trusted Partners, Not Crowdsourcing, for Continuous Security
Bleeping Computer - Amtrak Resets User Passwords After Guest Rewards Data Breach
The CyberWire - Security Lessons From Hacker-Themed Board Games
Applying Elite Military Training to Civilian Assessments
RMIScout: Safely and Quickly Brute-Force Java RMI Interfaces for Code Execution
Security Lessons From Hacker-Themed Board Games
A Closer Look at the US-CERT Top 10 Vulnerabilities List
Bishop Fox Wins Most Pioneering Offensive Security Firm 2020
An Introduction to the OWASP IoT Top 10
ZDNet - Zoom to Revamp Bug Bounty Program, Bring in More Security Experts
Luta Security and Zoom
Wall Street Journal - Zoom Hires Security Heavyweights to Fix Flaws
Barrett Darnell, Kelly Albrink and Caleb Gross to Present at DERPCON Virtual Conference
SALESFLARE FOCUSES ON APPLICATION SECURITY FOR THE G SUITE MARKETPLACE
SCALING UP GOOGLE’S THIRD-PARTY SECURITY PROGRAM
The TL;DR on TF-IDF: Applied Machine Learning
PortSwigger - Latest Web Hacking Tools Q1 2020
PortSwigger - Twisted Programming Framework Stung by Request Smuggling Vulnerabilities
Dark Reading - Vulnerability Researchers Focus on Zoom App's Security
PortSwigger - GadgetProbe and Bug Bounties
Bishop Fox Sponsors BSides Atlanta
Support Staff: Why You Should Rock The Boat
Risky Business Information Security Podcast #574 - GadgetProbe
Pentester Land Newsletter - How To Write Like It’s Your Job
How to Keep Your Business Secure During the COVID-19 Pandemic
What Is XSS?: An Overview
Twisted Version 19.10.0
Mashable - Major Domain Name Bug Allowed Hackers to Register Malicious Domains
SecurityWeek - A Zero-Day Homograph Domain Name Attack
Breaking Badness Podcast - The Human Element with Brianne Hughes
Staying Ahead of Emerging Threats
Security Boulevard - Researcher Discovers Zero Day Vulnerability Using Homoglyph Characters
BleepingComputer - Zero-Day Bug Allowed Attackers to Register Malicious Domains
From Emoji to Zero-Day: Latin Homoglyphs in Domains and Subdomains
PortSwigger - GadgetProbe: New Tool Simplifies the Exploitation of Java Deserialization Vulnerabilities
Rhett Greenhagen and Rob Ragan to Give Opening Keynote Presentation at CanSecWest
Joe DeMesy and Dan Petro to Present at Pycon
Dark Reading - What Your Company Needs to Know About Hardware Supply Chain Security
MSSP Alert - Bishop Fox Unveils Continuous Testing Managed Security Service
Yahoo Finance - Bishop Fox Introduces First-of-its-Kind Continuous Attack Surface Testing Managed Security Service
SecurityWeek - RSA Conference 2020: Product Announcement Summary
Bishop Fox Wins Three 16th Annual Info Security Products Guide Awards
Bishop Fox Wins Three Cyber Defense Magazine InfoSec Awards for 2020
Rhett Greenhagen To Deliver Keynote at BSides Tampa
Bishop Fox Introduces First-of-its-Kind Continuous Attack Surface Testing Managed Security Service
SONOS MAKES SECURE MOVES WITH BISHOP FOX
Vinnie Liu Wins a Cybersecurity Professional of the Year Award
GadgetProbe: Exploiting Deserialization to Brute-Force the Remote Classpath
Mike Ostrowski to Speak at ASU DevilSec
How to Set Up Zniffer for Z-Wave
Pentester Land Newsletter - Dufflebag
Barrett Darnell to Present at SnowFROC
How to Prevent the OWASP Top 10
Business of Tech Podcast - Huntress Labs Discusses Disclosures
Dufflebag: Uncovering Secrets in Exposed EBS Volumes
Channele2e - ConnectWise Control: Bishop Fox and ConnectWise Perspectives
Channel Futures - Wake-Up Call: What the ConnectWise Control Security Vulnerabilities Mean
Identifying the Modern Attack Surface: Part 1
Lawrence Systems - Video: ConnectWise Control Disclosure by Bishop Fox
TIME - Should You Reconsider Using WhatsApp After the Jeff Bezos Hack?
Tech Decisions - ConnectWise Works To Resolve Vulnerabilities Identified By Testing Firm
The CyberWire - ConnectWise Adivisory Coverage
CRN - ConnectWise Control Security Issues Are Tip of Iceberg
DarkReading - Eight Flaws in MSP Software Highlight Potential Ransomware Vector
Huntress Labs - Validating the Bishop Fox Findings in ConnectWise Control
CRN - ConnectWise Exploit: 20 Questions For A Security Researcher
CRN - ConnectWise Control Security Vulnerabilities Are ‘Severe'
ConnectWise Control 19.3.25270.7185 - Eight Vulnerabilities, Including Critical
Return to NetWars: Tournament of Champions
Ars Technica - Inside TASBot’s effort to control the Nintendo Switch
Rob Ragan and Oscar Salazar Present at ACoD 2020
SecurityWeek - High Risk Vulnerabilities Addressed in Big Monitoring Fabric
PortSwigger - High Risk Vulnerabilities Found in Network Traffic Monitoring Tool
Big Monitoring Fabric Application
Dradis Pro Version 3.4.1
7 of the Most Memorable CVEs of 2019
Vice - Hackers Discuss the 'Mr. Robot' Series Finale
Brianne Hughes to Present at BSides San Francisco
Well, That Escalated Quickly
Escalator to the Cloud: 5 Privesc Attack Vectors in AWS
PortSwigger - Telerik UI for ASP.NET AJAX Vulnerable to RCE Attacks
CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI
Dark Reading - Get Organized Like a Villain
SFDC Secure Development Cheat Sheet
CSO - You Just Got Hacked…By a Drone?
Rob Ragan and Gwen Castro to Sit on Panels at IG3 West
Solismed Version 3.3SP1
The Pen Testing Tools We’re Thankful for This Season
Vice - A Roundtable of Hackers Dissects 'Mr. Robot' Season 4 Episode 8: ‘Request Timeout’
Reasonably Secure Electron
Vice - A Roundtable of Hackers Dissects 'Mr. Robot' Season 4 Episode 7: ‘Proxy Authentication Required’
Popular Mechanics - How SMS Works and Why You Shouldn't Use It
A Wolf in Fox Clothing
Bishop Fox Acquires SoNeMo Technologies; Founder Joins Barcelona Office
Vice - A Roundtable of Hackers Dissects 'Mr. Robot' Season 4 Episode 5: 'Method Not Allowed'
Bishop Fox Will be Everywhere at CactusCon 2019!
Rhett Greenhagen to Present at ACoD 2020
Scary Security Stories to Tell in the Dark
Vice - A Roundtable of Hackers Dissects 'Mr. Robot' Season 4 Episode 4: 'File Not Found'
I Programmer - Cyber.dic - Spellchecking For Tech Terms and Acronyms
Vice - A Roundtable of Hackers Dissects 'Mr. Robot' Season 4 Episode 3: 'Forbidden'
Vice - A Roundtable of Hackers Dissects 'Mr. Robot' Season 4 Episode 2: 'Payment Required'
Bishop Fox Wins Acquisition International's Best Penetration Testing Specialists Award
Vice - A Roundtable of Hackers Dissects 'Mr. Robot' Season 4 Episode 1
Duo Security - How to Monitor GitHub for Secrets
Business Insider - Bishop Fox Wins "Web Filtering and Control Solution of the Year" Award
Bishop Fox Wins “Web Filtering and Control Solution of the Year” Award
ASU DevilSec Meeting
CYBER.DIC
Introducing cyber.dic
Bishop Fox Happenings: September 2019
Dark Reading - 6 Best Practices for Performing Physical Penetration Tests
Ed Leichtnam Joins Bishop Fox as Associate VP of Project Management
Jamie Fiedrich Joins Bishop Fox as VP of IT Operations
AZ Big Media - Jackie Todd and Mark Pavlick Join Bishop Fox
Mark Pavlick Joins Bishop Fox as Head of Sales
Help Net Security - Red Teaming: Why a Forward Offense is the Best Defense
Consulting.us - Bishop Fox Appoints Two Associate VPs
MSSP Alert - Bishop Fox Discovers Medical Equipment Vulnerability
Bishop Fox is Coming to Day of Shecurity San Francisco
Kaitlin O'Neil and Kelly Albrink to Sit on Panel at Day of Shecurity San Francisco
Kate Broussard to Present at Day of Shecurity San Francisco
Breaching the Trusted Perimeter | Automating Exploitation
Bishop Fox Researchers Discover High-Risk Vulnerability in OpenEMR
OpenEMR 5.0.1(6) - Technical Advisory Release
OpenEMR 5.0.1(6) - RCE and XSS
Business Insider - Jackie Todd Joins Bishop Fox as Assciate VP of Resource Management
Jackie Todd Joins Bishop Fox as Associate VP of Resource Management
GrowthList - 20 Cyber Security Startups You Should Get To Know
DigitalMunition - Joe Sechman Joins Bishop Fox as Associate VP of Product Research and Development
ZigDiggity Featured in Bug Bytes
Joe Sechman Joins Bishop Fox as Associate VP of Product Research and Development
Cybersecurity Fatalism - How It Poisons Your Decision Making
Contain Your Toxic Waste: Keep Prod Out of Dev
Kate Broussard to Present at Day of Shecurity Toronto
Bishop Fox Happenings: July and August 2019
TechBeacon - Weaponized Machine-Learning Tool Adds Punch to Pen Testing
Enterprise IT News - Tales of the Leaky Cloud
TechCrunch - What Security Pros Need to Know from Black Hat and Def Con 2019
Security Boulevard - Amazon EBS Snapshots Exposed Leaking Sensitive Data, Security Analyst Reveals at Def Con 27
The Register - Study Probes the *Other* AWS Data Exposure Trap
Every Sign Has a Story
TechCrunch - Hundreds of Exposed Amazon Cloud Backups Found Leaking Sensitive Data
RedSec Atlanta 2: Sipping & Security
Axios - Counter-Drone Defenses
Wall Street Journal - Capital One Breach Casts Shadow Over Cloud Security
Bishop Fox Introduces New Open-Source Hacking Tool for Testing ZigBee Networks at 2019 Black Hat Arsenal
Bishop Fox Introduces New AI-Based, Open Source Pentesting Tool at 2019 Black Hat Arsenal
EYEBALLER
ZIGDIGGITY
How Bishop Fox Enables Wickr's Security Assurance
HOW BISHOP FOX ENABLES WICKR’S SECURITY ASSURANCE
Bishop Fox Uncovers Security Flaws in Mass Transit Mobile Apps
10 Must-See Talks at Black Hat and DEF CON
SLIVER
A Need for Vigilance in Open Source Software: Dolibarr CRM Advisory Release
AeroGarden Version 1.3.1 - Multiple Vulnerabilities
Dolibarr Version 9.0.1 — Multiple Vulnerabilities
Bishop Fox Researchers Discover High-Risk Vulnerability in InterSystems Application
InterSystems Cache 2017.2.2.865.0 and 2018.1.2 Multiple Vulnerabilities
GitGot Tool Release
Going Semi-Automated in an Automated World: Using Human-in-the-Loop Workflows to Improve Our Security Tools
DEF CON 27 (Demo Lab) - Zigbee Hacking: Smarter Home Invasion with ZigDiggity
DEF CON 27 - SpellCheck: The Hacker Spelling Bee
BSides Las Vegas 2019 - Reverse Engineering Mobile Apps: Never Pay for Transit Again
Black Hat USA Arsenal 2019 - Eyeballer: Weaponized Machine Learning to Target Website Screenshots
DEF CON 27 - Finding Secrets In Publicly Exposed EBS Volumes
Black Hat USA 2019 Arsenal - Smarter Home Invasion with ZigDiggity
Presenting Introduction to Machine Learning and Security at DEF CON China 1.0
SummerCon 2019 - Sliver
Kevin Brooks, CPA Joins Bishop Fox as Vice President of Finance
Ars Technica - BGP Event Sends European Mobile Traffic Through China Telecom
Cybersecurity Council of Arizona – Cybersecurity Career Conversations
The Diana Initiative - Step 2: Editing, Step 3: Profit
Bishop Fox Named a "Top Company to Work for" for Sixth Year in a Row
RedSec of Atlanta - Hacking & Hobnobbing
TIGHTENING SECURITY AT FTRACK
Steve Huffman Joins Bishop Fox Board of Directors
Help Net Security - Why It’s Time to Switch From IP to DNS
The CyberWire - Daily Briefing: May 22, 2019
Daniel Wood Joins Bishop Fox as Associate Vice President of Consulting
CircleCityCon 6.0 - What the Frida Gave Me: A Novel Take on E-Ticket Forging and E-Ticket Stealing
Insec World To Be Settled In Chengdu Permanently
Tegile Intelliflash OS Version 3.7.0.8.180413 (GA) - Password Disclosure
Bill Carroll Joins Bishop Fox as Chief Operating Officer
CircleCityCon 6.0 - Cuckoo Sandbox Setup: Malware Detection Through Detonation
The Cyberwire – Daily Briefing: May 1, 2019
Bishop Fox Sponsors Summercon 2019
Bishop Fox Sponsors Summercon 2019
Ken Green Joins Bishop Fox as Vice President of Product Management
THOTCON - What the Frida Gave Me: A Novel Take on E-Ticket Forging and E-Ticket Stealing
Channelomics - Bishop Fox Adds Managed Security Leader
The Cyberwire - Daily Briefing: April 18, 2019
Jon Rose Joins Bishop Fox as Vice President of Managed Security Services
DC480 - Cuckoo Sandbox Setup: Malware Detection Through Detonation
Crunchbase News - Investors Are Betting Early On Cybersecurity Startups
Greyhound Critical Vulnerabilities - Road Rewards Program
Dictionary Society of N. America - How I Compiled a Cybersecurity Style Guide
SC Magazine - The Bug Hall of Shame
SECURING BOOST.BEAST
Hackaday - WOPR: Security Loses Some of Its Obscurity
Back End News - Kaspersky Lab Teams Up with Cybersecurity Pros
ForgePoint Capital Promotes Will Lin to Partner
STE - How the Media Industry Can Achieve Security Success
My Path to Security - How Christie Terrill Got Into Security
Hackaday - First WOPR Summit Finds the Winning Move
STE - How the Media Industry Can Achieve Security Success
SqR00t - Twist & Shout: Ferris Bueller’s Guide to Abuse Domain Permutations
Kaspersky SAS - Ghost in the Browser: Broad-Scale Espionage with Bitsquatting
Cantemo Portal Version 3.8.4 - Cross-Site Scripting
Pulse 2.0 - Phoenix-Based Security Testing Company Bishop Fox Secures $25 Million
Nanalyze - What is Ethical Hacking? A Look at 3 Types of Startups
Help Net Security - Bishop Fox Raises $25 Million
AiThority - Bishop Fox Raises $25 Million from ForgePoint Capital to Accelerate Growth of Security Testing Services and Expansion of Research Initiatives
Phoenix Business Journal - Tempe Cybersecurity Firm Raises $25M
InvestSize - U.S. Bishop Fox Lands $25 Mln In Series A Round From ForgePoint Capital
FinSMEs - Bishop Fox Raises $25M in Series A Funding
VatorNews - Daily Funding Roundup - February 26th, 2019
Dark Reading - Bishop Fox Raises $25 Million from ForgePoint Capital to Accelerate Growth of Security Testing Services and Expansion of Research Initiatives
CityBizList - Bishop Fox Raises $25 Million from ForgePoint Capital
Fortune - Term Sheet, February 26
PE Hub - Bishop Fox Lands $25 mln Series A
Bishop Fox Raises $25 Million From Forgepoint Capital
Hackaday - Would You Like to Play a Game? WOPR Summit Is This Weekend
SqR00t - Twist & Shout: Ferris Bueller’s Guide to Abuse Domain Permutations
Simple – Better Banking (Android) v. 2.45.0 – 2.45.3 - Sensitive Information Disclosure
Cyware - Critical Vulnerabilities Spotted in the Amtrak Mobile Application
WiCyS 2019 - Red Team Your Resume: Insiders Share Secrets
Amtrak Mobile APIs - Multiple Vulnerabilities
BSides San Francisco - Twist & Shout: Ferris Bueller's Guide to Abuse Domain Permutations
University of Advancing Technology - Breaking Into a Career of Breaking In
OpenMRS - Insecure Object Deserialization
BSides Columbus 2019 - Check Your Privilege (Escalation)
WOPR Summit - Ham Hacks: Breaking Into Software Defined Radio
Bishop Fox to Speak at BSidesSF 2019
PC Magazine - Beef Up Security and Performance With Network Segmentation
Day of Shecurity - The Path to Security Has Many Branches
My Path to Security - How Tom Wilhelm Got Into Security
NPR - Shutdown Makes Government Websites More Vulnerable to Hackers, Experts Say
Bishop Fox - Live at Day of Shecurity!
Silverpeas 5.15 To 6.0.2: Path Traversal
WOPR Summit - Ham Hacks: Breaking Into Software Defined Radio
Vox - Marriott's Data Breach May Be the Biggest in History
Day of Shecurity - Network Pen Testing Tool Kit: Nmap, Netcat, and Metasploit Basics
Day of Shecurity - Introduction to Linux Privilege Escalation Methods
Gizmodo - Dual UPnP-Chromecast Exploit Allows Hacker to Hijack Devices
Techradar - Chromecast PewDiePie Hack Exposes Long-Standing Unpatched Bug
The Hacker News - Thousands of Google Chromecast Devices Hijacked to Promote PewDiePie
TechCrunch - Google Sat on a Chromecast Bug For Years
Art Into Science - Pose a Threat: How Perceptual Analysis Helps Bug Hunters
Intigriti - The Best Write-Ups 2018 Brought Us
OWASP - AppSec California 2019 - Pose a Threat: How Perceptual Analysis Helps Bug Hunters
Dark Reading - Bringing Compliance into the SecDevOps Process
The Wall Street Journal - Marriott's Starwood Missed Chance to Detect Huge Data Breach Years Earlier
PhpSpreadsheet Versions<=1.5.0 - XXE injection
Threatpost - Google's G Suite, Search and Analytics Taken Down in Hijacking
The Register - Google, why was your web traffic hijacked, routed through China, Russia?
NBT5: HackerFight - Traditional Penetration Testing vs Continuous Security & Red Teaming
YunoHost 2.7.2 to 2.7.14 - Multiple Vulnerabilities
The Register - Yahoo! $50m! hack! damages! bill!
PCI Conference - The Latest Laws and a Hacker's Perspective
Eaton UPS 9PX 8000 SP - Multiple Vulnerabilities
University of Advancing Technology - My Path to Security
RiskRecon - Third-Party Security Risk Management Practices Roundtable
SV3C L-Series HD Camera – Multiple Vulnerabilities
Practising Law Institute SFO - Cybersecurity: A Hacker's Perspective
My Path to Security - How Gerben Kleijn Got Into Security
SpecterOps - Open Source Intelligence Gathering
University of Advancing Technology - How To Get A Job Panel
The Arizona Mirror - Are Arizona Elections Safe From Hackers?
Phoenix Business Journal - Cybersecurity Experts Invited to Free Conference in Mesa
Wallabag 2.2.3 to 2.3.2 - Stored Cross-Site Scripting
Subsonic 6.1.1 - Multiple Vulnerabilities
Women in Security & Privacy - Network Penetration Test Workshop
Practising Law Institute - Cybersecurity 2018: Managing Cybersecurity Incidents
Arizona Republic - Fun Kids' Events Around Phoenix in September: CactusCon Kids
Arizona Republic - Mesa Event to Focus on Computer Basics, Internet Security
2018 Cybersecurity Symposium - Breaking Into a Career of Breaking In
University of Advancing Technology - How To Get A Job Panel
Forbes - Is Your Company Ready for a Bug Bounty Program?
University of Advancing Technology - BLTs with Bishop Fox
Wickr & Bishop Fox Report on Customer Security Promises
Bishop Fox Sponsors CactusCon 2018
Practising Law Institute NYC - Cybersecurity: A Hacker's Perspective
CactusCon 2018 - Anatomy of an AppSec Program
CremeCRM 1.6.12 - Multiple Vulnerabilities
An Introduction to AWS Cloud Security
Rocky Mountain Safety Conference: Understanding & Responding to Cybersecurity Risks
My Path to Security - How Joe Ward Got Into Cybersecurity
Threatpost - Bishop Fox on Device Threats and Layered Security
Alexa Blog - Security Best Practices for Cloud-Connected Products with Alexa Built-In
Password Security: The Good, the Bad, and the "Never Should Have Happened"
2018 Pwnie Awards - Nomination for Best Client-Side Bug
A Primer to Red Teaming
AZ Cyber Talent - Cybersecurity Internships in Arizona
My Path to Security - How Matt Frost Got Into Cybersecurity
How 'Small' Security Errors Lead to a Security Breach
DEF CON 26 - SpellCheck: The Hacker Spelling Bee
A Guide to AWS S3 Buckets Security
CSO - Duty of Care: Why [and How] Law Firms Should Up Their Security Game
Silent Break Security - ESPKey + Long Range RFID Reader = A New Tastic Thief
Black Hat USA 2018 Arsenal - Zigdiggity: Zigbee Pentest Toolkit
Peerlyst - SearchDiggity Tool - An easy way to Search Google, Bing and Shodan
Security Boulevard - Best Practices for Using Security Groups in AWS
Threatpost - Navigating an Uncharted Future, Bug Bounty Hunters Seek Safe Harbors
WPA3 Is a Major Missed Opportunity: Here's Why
Why You Need IDontSpeakSSL in Your Life
Dark Reading Virtual Event - Why Cybercriminals Attack
The Circle of HOPE - SpellCheck: The Hacker Spelling Bee
Cyber Security Summit 2018 - Hackers and Threats
The Daily Swig - Formula Injection Heads Server-Side
(ISC)2 Phoenix - Effectively Operating a Bug Bounty Program
(ISC)2 Phoenix - Developing and Testing an Effective Incident Response Program
My Path to Security - How Kelly Albrink Got Into Cybersecurity
Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution
AZCentral - Top Companies to Work for in Arizona
Bishop Fox Named a "Top Company to Work" for Fifth Consecutive Year
Jirafeau Version 3.3.0 – Multiple Vulnerabilities
COINBASE: MANAGING SECURITY THROUGH COLLABORATION
Bishop Fox Sponsors Summercon 2018
PR Web - ioTium Partners with Bishop Fox for IIoT Infrastructure Security
Day of Shecurity - Network Penetration Testing Toolkit: Netcat, Nmap, and Metasploit Basics
Chicago Manual of Style - Brianne Hughes Talks About The Cybersecurity Style Guide
Chicago Manual of Style Event - Brianne Hughes Talks About The Cybersecurity Style Guide
SolarWinds Serv-U Managed File Transfer – Insufficient Session ID Entropy
Empire Hacking NYC Meetup - Server-side Spreadsheet Injections in High Impact Attacks
SolarWinds Serv-U Managed File Transfer – Denial of Service
Naked Security - Half a Million Pacemakers Need a Security Patch
Threatpost - A Look Inside: Bug Bounties and Pen Testing
Computer Business Review - Heart Implants Recalled Over Hack Fears
SECURING MOBILE SECURITY WITH BLUEBOX
CHANGE HEALTHCARE: SECURING A COMPETITIVE ADVANTAGE
My Weekend With the Foxes
Estrella Mountain Community College/Mosaic451 - A Cyber Security Round Table
IOTIUM: SECURING AN INDUSTRIAL IoT PLATFORM
Data Science Meetup - Game Over, Man! Reversing Video Games to Create an Unbeatable AI Player
WiCyS 2018 - Build Me a World Class Security Program in Three Months
Bishop Fox Sponsors WiCyS 2018
Hello World! Introducing the Bishop Fox Cybersecurity Style Guide
Okta Rex Talks - Better Red Than Dead: Elegant Weapons for a More Civilized Age
Kaspersky SAS - 9Tail: Proactive Security Assessment
My Time at NetWars Tournament of Champions
SOURCE Mesa - Security Needs a Style Guide and Here's V1
The 12 Days of Security
ZEPHYR HEALTH: BUILDING A HEALTHY SECURITY PROGRAM
2018 Renewable Energy Law Conference - Gamification of Incident Response
Your Worst Case Scenario: An Introduction to Threat Modeling
O'Reilly Security Podcast - Christie Terrill
Stand Your Cloud #3: AWS Provisioning and Access Requests
SANS Core NetWars Tournament of Champions
O'Reilly Security Conference - Build Me a World Class Security Program in Three Months
DeadDrop SF Meetup - Better Red Than Dead: Elegant Weapons For A More Civilized Age
Windows DNS Client – Memory Corruption Vulnerabilities
A Bug Has No Name: Multiple Heap Buffer Overflows In the Windows DNS Client
CactusCon - Red Team Your Resume: Tips From An Insider
CactusCon - Chaos in the Machine: Why Security Needs a Style Guide
Smash the Record 2017 - SmashBot vs. The Baddies
My Life at Bishop Fox
Practising Law Institute – Cybersecurity: A Hacker’s Perspective
Is CORS Becoming Obsolete?
Hot New ‘Anonymous’ Chat App Hijacks Millions of Contact Data
Bug Bounties & Beyond: An Interview With HackerOne's Mårten Mickos
(ISC)2 Phoenix – Let's Play a Game: Why Incident Response Matters
Breaking Drone Defenses: Using Chicken Wire to Defeat Net Projectile-Based Products
Bishop Fox Introduces Hacking AI "DeepHack" at DEF CON 25
How I Built An XSS Worm On Atmail
atmail 7 Stored XSS Vulnerability
DEF CON 25 - Game of Drones: Putting the Emerging 'Drone Defense' Market to the Test
DEF CON 25 - Weaponizing Machine Learning: Humanity Was Overrated Anyway
Bishop Fox Sponsors SummerCon 2017
Black Hat USA 2017 Arsenal Theater Demo - Game of Drones
What the Newly Drafted NIST Password Guidelines Mean to You
How We Can Stop Email Spoofing
SolarWinds Log & Event Manager - Arbitrary Command Injection
SolarWinds Log & Event Manager - Improper Access Control
Interop ITX - Developing and Testing an Effective Incident Response Program
Bishop Fox to Speak at Interop
Estrella Mountain Community College - Breaking Into Cybersecurity
The Hacking Club at SFSU - All About Infosec
Bishop Fox to Present "Highway to the Danger Drone"
A Guide to Choosing the Right VPN
Women in Cybersecurity Conference 2017 - Cybersecurity Incident Response Panel
ISSA Phoenix - There and Back Again: A Security Consultant's Tale
We're Humbled; We're Grateful; Thank You
Bishop Fox Partner Christie Terrill to Present at Dark Reading Webinar and Conference
The CIA Leak: A Look On the Bright Side...
Interop ITX - Defeating Social Engineering, BECs & Phishing
QCon London - Continuous Dis-Integration: Red Team Attacks
QCon London - Out of the Browser Into the Fire
Bishop Fox Sponsors MITCTF 2017
82nd Annual Kentucky Society of Professional Engineers Convention - Highway to the Danger Drone
In the News: A BGP Hijacking Technical Post-Mortem
Cisco Jabber Guest Server HTTP URL Redirection Vulnerability
Star Wars: I Find Your Lack of Segmentation Disturbing
A Guide to Do-It-Yourself Network Segmentation
Telling the Security Story: An Interview with Josh Koplik
Bishop Fox to Discuss How to Create a Security Blueprint Using the CIS 20 at Cloud IT Live
2016 Kennesaw State’s Cyber Security Awareness Day – Exploiting Smart Devices
DerbyCon 6.0 - SmashBot Shoutout in Keynote
Practising Law Institute - Cybersecurity: A Hacker's Perspective
Accellion Kiteworks Multiple Vulnerabilities
What Security Leaders Can Learn About Decision-Making
Dragon Con - Women in Science and Tech Careers
Dragon Con - Hacking 101
Game Over, Man! Reversing Video Games to Create an Unbeatable AI Player
DEF CON 24 - Game Over, Man! - Reversing Video Games to Create an Unbeatable AI Player
Bishop Fox to Speak at Black Hat and DEF CON 2016
Black Hat USA 2016 Arsenal - Highway to the Danger Drone
Black Hat USA 2016 - Highway to the Danger Drone - Arsenal Theater Demo
How to Engineer Secure Things: Past Mistakes and Future Advice
The Triad Triumph: Bishop Fox Remains a Top Place to Work
The Power of 'Agile' Security at Dun & Bradstreet
Arizona Technology Council 2016 Cybersecurity Summit - Internet of Things Panel
CactusCon - Developing and Testing an Effective Incident Response Program
CactusCon - Telling Lies & Making Friends: Penetrating People's Emotional Barriers
SANS Internet Storm Center - ISC StormCast for Sunday, April 10th 2016
The Hacking Club at SFSU - Ethical Hacker Career Day
If You Can't Break Crypto, Break the Client: Recovery of Plaintext iMessage Data
OS X Messages (iMessage): XSS & File Disclosure
Bishop Fox Sponsors CactusCon 2016
Interop Las Vegas - New School Security: The Times Are A-Changin'
Interop Las Vegas - Social Engineering: The Bad, Better, and Best Incident Response Plans
On Apple, Encryption, and Privacy: A Word About Decryption
BSides Canberra - Scrutiny on the Bounty
CA Single Sign-On Software Update: Stay Secure
CA Single Sign-On Unspecified High-Risk Vulnerabilities Advisory
On Apple, Encryption, and Privacy
QCon London - Nihilist’s Guide to Wrecking Humans and Systems
(ISC)2 Phoenix - The Active Directory Kill Chain
ASU-Arkfeld eDiscovery and Digital Evidence Conference - HACKED! Not If, But When...
Burp, Collaborate, and Listen: A Pentester Reviews the Latest Burp Suite Addition
Bishop Fox Sponsors NorthSec 2016
Kiwicon 9 - The Nihilist’s Guide to Wrecking Humans and Systems
Cal Poly SWIFT - Bishop Fox Social Engineering Workshop
QCon San Francisco - Securing Code Through Social Engineering
Building a Winning Security Team From the Top Down
Fishing the AWS IP Pool for Dangling Domains
ITAC 2015 – OWASP – Internet of Things (IoT) – Top 10 Vulnerabilities List
Stand Your Cloud #2: Host Server Hardening
ITAC 2015 – CloudBots – Abusing Free Cloud Services to Build Botnets in the Cloud
ITAC 2015 – Putting Your Logs On a Diet – Network Intrusion Detection – Best Practices
The Active Directory Kill Chain: Is Your Company at Risk?
Practising Law Institute - A Hacker's Perspective
Adobe ColdFusion Reflected Cross-Site Scripting Flaw
ColdFusion Bomb: A Chain Reaction From XSS to RCE
Phoenix Security & Audit Conference 2015 - The Active Directory Kill Chain
DerbyCon 5.0 "Unity" - Bypass Surgery Abusing Content Delivery Networks
An Overview of BGP Hijacking
On the "Brink" of a Robbery
DEF CON 23 - RFIDiggity: Pentester Guide to Hacking HF/NFC and UHF RFID
Future Crimes
BSides LV 2015 - Insider Tricks for Bug Bounty Success
OWASP Atlanta - Social Engineering: Technical Controls for Emotionless Defense
NoScript Bypass
Converge Detroit - Homebrew Censorship Detection by Analysis of BGP Data
LastPass Site Password-Stealing Clickjacking Vulnerability
Bishop Fox is Still a Top Place to Work
BSidesPGH - Never Surrender: Reducing Social Engineering Risk
OWASP Phoenix - If You Like It, Then You Shouldn’t Put a Ring3 on It
Practising Law Institute - The Latest Developments in Cybersecurity Law
DEF CON 23 - Hacking Smart Safes: On the "Brink" of a Robbery
ISO 27018: The Long-Awaited Cloud Privacy Standard
Black Hat USA 2015 - Bypass Surgery Abusing Content Delivery Networks
Rethinking & Repackaging iOS Apps: Part 2
Interop Las Vegas - Where Are the Weakest Links in Cyber Security?
Security Should Be Application-Specific
RSA 2015 – That Point of Sales Is a PoS
Atlanta Tech Village - Security Compensation - How to Invest In Startup Security
Vulnerable by Design: Understanding Server-Side Request Forgery
AirDroid Web Application Authentication Flaw
AirDroid: How Much Do Your Apps Know?
Beyond Security Requirements: Secure Requirements
CactusCon – Wireless Network Risks and Controls
Rethinking & Repackaging iOS Apps: Part 1
Stand Your Cloud: A Series on Securing AWS
ISACA Phoenix – Wireless Network Risks and Controls
Seattle Security B-Sides – Shoulda, Woulda, Coulda
MIT Enterprise Forum Atlanta
Cal Poly SLO – So You Want to be a Hacker?
UAT - Lessons on Security Consulting: What I Have Learned Since Graduation
ISSA Tucson Chapter Meeting
ToorCon San Diego - If You Like It, Then You Shouldn't Put a Ring3 On It
GrrCON - Vulnerable By Design – The Backdoor That Came Through the Front
MISTI – ITAC 2014 – SCADA Hacking: Clear and Present Danger
Bishop Fox Sponsors BSides Portland
MISTI – ITAC 2014 – Mobile Application Security: Testing and Code Review
Tastic RFID Thief: Silent, But Deadly
NYU Polytechnic School of Engineering - Career Discovery in Cyber Security: A Women's Symposium
OWASP - Testing Guide 4.0
In Heartbleed’s Wake: A Password Primer
Practising Law Institute – Cybersecurity 2014: Managing the Risk
SearchDiggity: Avoid Bot Detection Issues by Leveraging Google, Bing, and Shodan APIs
44CON - Lessons Learned from Black Hat's Infrastructure: The Tweets Must Flow
IEEE Spectrum - Black Hat 2014: How to Hack the Cloud to Mine Crypto Currency
Gigaom - How Free Cloud Services Become Free, Currency-Mining, DDoS-Attacking Botnets
Untwisting the Mersenne Twister: How I Killed the PRNG
Bishop Fox Does Vegas: 2014 Style
Bishop Fox to Demonstrate Three Innovative Tools at Black Hat Tools Arsenal
Bishop Fox to Present at Black Hat 2014 and Security B-Sides in Las Vegas
Black Hat USA 2014 Tools Arsenal – iSpy
Black Hat USA 2014 – The Future of Responsible Disclosure
Black Hat USA 2014 Tools Arsenal – Oops, I RFIDID It Again
CyberTech - Securing the Internet of Things Masters Panel
The Rickmote Controller: Hacking One Chromecast at a Time
Bishop Fox is a “Top Place to Work” — And Here's Why
Black Hat USA 2014 Tools Arsenal – Rickrolling Your Neighbors With Google Chromecast
A Week in the Life of a Pen Tester
BsidesLV - Untwisting The Mersenne Twister: How I Killed The PRNG
Black Hat USA – CloudBots: Harvesting Crypto Coins like a Botnet Farmer
SyScan 360 – CloudBots: Harvesting Crypto Coins Like A Botnet Farmer
Examining The Impact Of Heartbleed
InfoSecurity - Is SSL Secure? Cutting Through The Paranoia
CactusCon - Python: Because Exploit Code Should Look Pretty
Dark Reading - Understanding And Prioritizing Today’s Threats
CactusCon - Malware and the Syrian Civil War
ISACA Phoenix - Protection of Information Assets
RSA – Cloud Ninja: Catch Me If You Can!
Greater Phoenix Economic Council – Ambassador Event: Cyber Security Panel Discussion
AUGUST: BUILT-IN SECURITY IN IoT DEVICES
MISTI - ITAC 2013 - Wireless Network Risks and Controls
MISTI - Mobile and Smart Device Security 2013
Root The Box
An Introspection On Intro Security
LinkedIn 'Intro'duces Insecurity
ToorCon San Diego - I Can Have DarkNet & MeshNet Best Practices?
ToorCon San Diego - Rickrolling Your Neighbors With Google Chromecast
CyberFest 2013 - Practical Mobile Security: Security For The Rest Of Us
Guide to Hardening Your Firefox Browser in OS X
SSL Key Generation Weaknesses
Oracle WebLogic Node Manager allows arbitrary configuration via UNC path
PGP Desktop Wipe Free Space Flaw
Windows File Time Stamp Display Flaw