BACK TO LIST

Jake Miller

Lead Researcher

Jake Miller (OSCE, OSCP) focuses on web application penetration, product security reviews, network penetration testing, and reverse engineering. As a dedicated member of the Bishop Fox research team, Jake focuses on identifying new attack techniques against the modern web.

The Latest From Jake

Tech Blog
An Exploration of JSON Interoperability Vulnerabilities
Feb 25, 2021 5:00:00 AM | By Jake Miller
  TL;DR The same JSON document can be parsed with different values across microservices, leading to a variety of potential security risks. If you... continue reading
Industry Blog
Google Partner Program – GPP Top 10
Jan 26, 2021 5:00:00 AM | By Jake Miller
Bishop Fox works closely with Google to design the Partner security program, so we know what’s needed for you to pass the testing requirements.... continue reading
Tech Blog
Lessons Learned on Brute-forcing RMI-IIOP With RMIScout
Dec 8, 2020 5:00:00 AM | By Jake Miller
I'm excited to announce some new features that have been added to RMIScout. RMIScout is a tool to perform wordlist and brute-force attacks against... continue reading
Industry Blog
The Pen Testing Tools We’re Thankful for in 2020
Nov 23, 2020 6:00:00 AM | By Britt Kemp Jake Miller,
Around this time last year, we released a list of our favorite pen testing tools for client engagements and in our own research. This year, we’re... continue reading
Industry Blog
Defining the Scope of Your Pen Test
Oct 6, 2020 5:00:00 AM | By Jake Miller
This article will walk you through the various decisions you’ll need to make when planning a penetration test. It will focus on high-level... continue reading
Tech Blog
Design Considerations for Secure GraphQL APIs
Sep 28, 2020 5:00:00 AM | By Jake Miller
In this article, we are going to discuss a variety of security risks to GraphQL deployments and migrations that we’ve seen during our client... continue reading
Tech Blog
Design Considerations for Secure Cloud Deployment
Sep 15, 2020 5:00:00 AM | By Jake Miller
Whether you are migrating an on-premise deployment to a cloud provider tasked with deploying a new cloud-hosted application, or looking to improve... continue reading
Tech Blog
h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)
Sep 8, 2020 5:00:00 AM | By Jake Miller
The revival of HTTP request smuggling has led to devastating vulnerabilities in our modern application deployments. An HTTP request smuggled past... continue reading
Industry Blog
What Makes a Good Penetration Test?
Aug 25, 2020 5:00:00 AM | By Jake Miller
One of the hardest parts about working with any professional service is evaluating whether the service was performed well. Isn’t it funny how... continue reading
Industry Blog
20 Tips on How to Make the Most of Your Pen Test
Aug 19, 2020 5:00:00 AM | By Jake Miller
Spending money on penetration tests is an investment. And as a sizable investment in your product, you’ll want to ensure you are getting your... continue reading
Advisories
OOB to RCE: Exploitation of the Hobbes Functional Interpreter
Jun 12, 2020 7:52:27 AM | By Jake Miller
ADVISORY SUMMARY CVE-2020-13656: In Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an... continue reading
Tech Blog
RMIScout: Safely and Quickly Brute-Force Java RMI Interfaces for Code Execution
May 26, 2020 5:16:07 AM | By Jake Miller
Java Remote Method Invocation (RMI) is a Java API that performs remote procedure calls and allows a client application to access or invoke the... continue reading
Advisories
Twisted Version 19.10.0
Mar 11, 2020 5:00:00 AM | By Jake Miller
ADVISORY SUMMARY The following document describes identified vulnerabilities in the Twisted application version 19.10.0. continue reading
Tech Blog
GadgetProbe: Exploiting Deserialization to Brute-Force the Remote Classpath
Feb 17, 2020 10:44:00 AM | By Jake Miller
You just found a Java deserialization bug, you ran all your ysoserial payloads, and.... you got nothing. Now what? How can you debug or build a... continue reading
Tech Blog
GitGot Tool Release
Jul 18, 2019 10:41:17 AM | By Jake Miller
GitGot is a semi-automated, feedback-driven tool that can rapidly search through troves of public data on GitHub for sensitive secrets. continue reading
Tech Blog
Going Semi-Automated in an Automated World: Using Human-in-the-Loop Workflows to Improve Our Security Tools
Jul 18, 2019 10:40:12 AM | By Jake Miller
What's Wrong With Scanners? Scanning tools are ubiquitous in the security industry. They can speed up manual workflows, provide security... continue reading
Tech Blog
Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution
Jun 11, 2018 12:50:53 PM | By Jake Miller
Over the past year, I came across two server-side attack vectors based on CSV injection (explained well here). The first case shows an instance of... continue reading
Advisories
Cisco Jabber Guest Server HTTP URL Redirection Vulnerability
Dec 21, 2016 9:29:20 AM | By Jake Miller
Patch Date Dec. 21, 2016 Vendor Cisco Systems Affected Cisco Jabber Guest Server Summary A vulnerability in the Cisco Jabber Guest Server could... continue reading

MANAGED SERVICES

CONSULTING SERVICES

PARTNER PROGRAMS

LABS | RESEARCH & RESOURCES

CAREERS

COMPANY

COMMUNITY

CONTACT

ADDRESS

8240 S. Kyrene Rd.
Suite A113
Tempe, AZ
85284
United States

Copyright © 2021   Bishop Fox Privacy Statement