BACK TO LIST

Jake Miller

Lead Researcher

Jake Miller (OSCE, OSCP) focuses on web application penetration, product security reviews, network penetration testing, and reverse engineering. As a dedicated member of the Bishop Fox research team, Jake focuses on identifying new attack techniques against the modern web.

The Latest From Jake

Tech Blog
Design Considerations for Secure Cloud Deployment
Sep 15, 2020 5:00:00 AM | By Jake Miller
Whether you are migrating an on-premise deployment to a cloud provider tasked with deploying a new cloud-hosted application, or looking to improve... continue reading
Tech Blog
h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)
Sep 8, 2020 5:00:00 AM | By Jake Miller
The revival of HTTP request smuggling has led to devastating vulnerabilities in our modern application deployments. An HTTP request smuggled past... continue reading
Industry Blog
What Makes a Good Penetration Test?
Aug 25, 2020 5:00:00 AM | By Jake Miller
One of the hardest parts about working with any professional service is evaluating whether the service was performed well. Isn’t it funny how... continue reading
Industry Blog
20 Tips on How to Make the Most of Your Pen Test
Aug 19, 2020 5:00:00 AM | By Jake Miller
Spending money on penetration tests is an investment. And as a sizable investment in your product, you’ll want to ensure you are getting your... continue reading
Advisories
OOB to RCE: Exploitation of the Hobbes Functional Interpreter
Jun 12, 2020 7:52:27 AM | By Jake Miller
ADVISORY SUMMARY CVE-2020-13656: In Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an... continue reading
Tech Blog
RMIScout: Safely and Quickly Brute-Force Java RMI Interfaces for Code Execution
May 26, 2020 5:16:07 AM | By Jake Miller
Java Remote Method Invocation (RMI) is a Java API that performs remote procedure calls and allows a client application to access or invoke the... continue reading
Advisories
Twisted Version 19.10.0
Mar 11, 2020 5:00:00 AM | By Jake Miller
ADVISORY SUMMARY The following document describes identified vulnerabilities in the Twisted application version 19.10.0. continue reading
Tech Blog
GadgetProbe: Exploiting Deserialization to Brute-Force the Remote Classpath
Feb 17, 2020 10:44:00 AM | By Jake Miller
You just found a Java deserialization bug, you ran all your ysoserial payloads, and.... you got nothing. Now what? How can you debug or build a... continue reading
Tech Blog
GitGot Tool Release
Jul 18, 2019 10:41:17 AM | By Jake Miller
GitGot is a semi-automated, feedback-driven tool that can rapidly search through troves of public data on GitHub for sensitive secrets. continue reading
Tech Blog
Going Semi-Automated in an Automated World: Using Human-in-the-Loop Workflows to Improve Our Security Tools
Jul 18, 2019 10:40:12 AM | By Jake Miller
What's Wrong With Scanners? Scanning tools are ubiquitous in the security industry. They can speed up manual workflows, provide security... continue reading
Tech Blog
Server-Side Spreadsheet Injection - Formula Injection to Remote Code Execution
Jun 11, 2018 12:50:53 PM | By Jake Miller
Over the past year, I came across two server-side attack vectors based on CSV injection (explained well here). The first case shows an instance of... continue reading
Advisories
Cisco Jabber Guest Server HTTP URL Redirection Vulnerability
Dec 21, 2016 9:29:20 AM | By Jake Miller
Patch Date Dec. 21, 2016 Vendor Cisco Systems Affected Cisco Jabber Guest Server Summary A vulnerability in the Cisco Jabber Guest Server could... continue reading