BACK TO LIST

Jake Miller

Lead Researcher

Jake Miller (OSCE, OSCP) focuses on web application penetration, product security reviews, network penetration testing, and reverse engineering. As a dedicated member of the Bishop Fox research team, Jake focuses on identifying new attack techniques against the modern web.

The Latest From Jake

Advisories
OOB to RCE: Exploitation of the Hobbes Functional Interpreter
Jun 12, 2020 7:52:27 AM | By Jake Miller
ADVISORY SUMMARY CVE-2020-13656: In Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an... continue reading
Tech Blog
RMIScout: Safely and Quickly Brute-Force Java RMI Interfaces for Code Execution
May 26, 2020 5:16:07 AM | By Jake Miller,
Java Remote Method Invocation (RMI) is a Java API that performs remote procedure calls and allows a client application to access or invoke the... continue reading
Advisories
Twisted Version 19.10.0
Mar 11, 2020 5:00:00 AM | By Jake Miller
ADVISORY SUMMARY The following document describes identified vulnerabilities in the Twisted application version 19.10.0. continue reading
Tech Blog
GadgetProbe: Exploiting Deserialization to Brute-Force the Remote Classpath
Feb 17, 2020 10:44:00 AM | By Jake Miller,
You just found a Java deserialization bug, you ran all your ysoserial payloads, and.... you got nothing. Now what? How can you debug or build a... continue reading
Tech Blog
GITGOT
Jul 25, 2019 5:55:46 PM | By Jake Miller
GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets. continue reading
Tech Blog
GitGot Tool Release
Jul 18, 2019 10:41:17 AM | By Jake Miller
GitGot is a semi-automated, feedback-driven tool that can rapidly search through troves of public data on GitHub for sensitive secrets. continue reading
Tech Blog
Going Semi-Automated in an Automated World: Using Human-in-the-Loop Workflows to Improve Our Security Tools
Jul 18, 2019 10:40:12 AM | By Jake Miller
What's Wrong With Scanners? Scanning tools are ubiquitous in the security industry. They can speed up manual workflows, provide security... continue reading
Tech Blog
Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution
Jun 11, 2018 12:50:53 PM | By Jake Miller
Over the past year, I came across two server-side attack vectors based on CSV injection (explained well here). The first case shows an instance of... continue reading
Advisories
Cisco Jabber Guest Server HTTP URL Redirection Vulnerability
Dec 21, 2016 9:29:20 AM | By Jake Miller
Patch Date Dec. 21, 2016 Vendor Cisco Systems Affected Cisco Jabber Guest Server Summary A vulnerability in the Cisco Jabber Guest Server could... continue reading

Assets By Jake