BishopFox

@BishopFox@infosec.exchange

A leading provider of offensive #security solutions & contributor to the #infosec community. #pentesting #appsec #netsec

This profile is from a federated server and may be incomplete. Browse more on the original instance.

BishopFox, to Cybersecurity

Change can present a ripe opportunity for attackers – and when it’s broadcast to the world, they take notice. Using the recent string of high-profile X (aka Twitter) breaches, Bishop Fox Red Team Practice Director Trevin Edgeworth discusses what organizations need to consider from a lens when openly sharing company news like earnings reports and mergers & acquisitions, and even wide-reaching world events.

https://bfx.social/4bbcDAW

BishopFox, to ai

The prevalence of -generated content signals a tipping point in , requiring us to develop new tools to detect & counter malicious intent. In this recap of a recent Bishop Fox fireside chat featuring Rob Ragan, @alethe, Derek Rush, and Ben Lincoln, we explore the importance of understanding social engineering tactics and strategies, implementing technical controls, and the role of internal network testing.

https://bfx.social/47EZAVz

BishopFox, to infosec

SonicWall next-gen firewall (NGFW) series 6 and 7 devices are affected by 2 DoS #vulnerabilities that can lead to remote code execution (RCE): #CVE-2022-22274 and CVE-2023-0656. Bishop Fox research revealed that these issues are fundamentally the same, but exploitable at different HTTP URI paths. Read more & download our test script at our blog.

https://bfx.social/47Hcdzj

#SonicWall #infosec #exploitdevelopment

video/mp4

BishopFox, to opensource

Want to learn more about the Bishop Fox tool Sliver? Then make sure you attend our upcoming training session where we’re dedicated the entire time to upping your ante with this popular alternative.

https://bfx.social/3HezvSw

BishopFox, to Cybersecurity

We asked our Red Team Practice Director Trevin Edgeworth what long-standing unpatched can indicate to a Red Teamer. He uses the examples of two vulnerabilities that have gone unpatched for several years: an RCE flaw in Microsoft Office used to deliver spyware and a vulnerability in the popular framework discovered by Ben Lincoln. https://bfx.social/3RK49YE

BishopFox, to random

Organizations on average experience 700+ social engineering attacks a year.

Dardan Prebreza is your host as we explore stages from planning to execution, common techniques, and the necessity of ongoing vigilance and proactive strategies to combat this pervasive issue. Don't miss out!

https://bfx.social/3SbtRHe

BishopFox, to opensource

With the new tool Swagger Jacker, can automate analysis of response codes for each defined route, streamline manual testing capabilities with command creation, and gather routes.

https://bfx.social/48pEAmY

BishopFox, to security

Take a look into what sets the Bishop Fox approach to tabletop exercises in apart. Senior Red Team Consultant @alethe shares how our team focuses on these highly beneficial exercises as building blocks for stronger programs versus mandatory compliance tasks. https://bfx.social/3H7Ech2

BishopFox, to Cybersecurity

Ready to take on the role of ? Let us guide you through your first 100 days in this essential role with our talk track "New CISO," filled with expert insights and strategies to set you up for success.

https://bfx.social/48EqXzZ

BishopFox, to security

Join our Discord server to connect with likeminded professionals! We have a few events on the way for 2024.

https://discord.com/invite/redsec

BishopFox, to random

We'd like to wish everyone a joyous holiday season; thank you for your continued support! Looking forward to what 2024 has in store.

BishopFox, to opensource

Have you tried our tool Swagger Jacker? Use this tool to easily automate the process of analyzing response codes for each defined route. An essential for doing , read more in this tutorial. https://bfx.social/47Zubyk

You can also watch Tony West demo Swagger Jacker in this video tutorial recorded in December 2023. https://bfx.social/47ox9Mm

BishopFox, to Java

Follow along as Ben Lincoln goes through an unauthenticated deserialization vuln in web app framework . This issue has remained unpatched for 8 years; see how to set up an intentionally vulnerable GWP web app for testing.

https://bfx.social/41r6Um6

BishopFox, to infosec

Have you joined our Discord server yet? 🤔

https://discord.com/invite/redsec

BishopFox, to infosec

Ben Lincoln's research into the 8-year-old unpatched & unauthenticated that could lead to server-side remote code execution () is covered in this Dark Reading article.

https://bfx.social/3NC7vvH

BishopFox, to opensource

An 8-year-old is unpatched to this day; popular web application framework GWT contains an unauthenticated Java deserialization vulnerability previously discussed in 2015 and 2020. It’s unpatched at such a low level that securing vulnerable web apps written with this framework would likely require architectural changes to the apps or framework itself.

Ben Lincoln explains how this issue can lead to server-side request forgery, shares how to exploit a vulnerable GWT web app, explores techniques, and more.

https://bfx.social/41r6Um6

BishopFox, to opensource

Starting soon: Our training session featuring the new tool Swagger Jacker.

https://www.youtube.com/watch?v=BApO1MvA-ng

BishopFox, to opensource

Use the new tool Swagger Jacker to audit OpenAPI definition files, allowing you to identify potential vulnerabilities or misconfigurations in API routes defined within the definition document. Learn how it works, how it can make auditing API endpoints less tedious, and more in this tutorial from Tony West.

https://bfx.social/47Zubyk

BishopFox, to Discord

Hop in our server - tomorrow we'll be doing an with a member of our Cosmos team!

https://discord.com/invite/redsec

BishopFox, to Cybersecurity

Did you know the placed stringent requirements for medical devices in their new HR.2617 legislation? Bishop Fox’s Matt Twells, Senior Solutions Architect, has you covered.

Join our webcast and learn what you need to stay compliant!

https://bfx.social/3RwIdBp

BishopFox, to security

Increasingly challenging times in demand a new approach.

Purple Teaming, a symbiotic merger of Red Team offense with Blue Team defense, has emerged as a promising solution. Discover how this technique can help you achieve multiple goals for your organization – and don’t forget to stream our recording if you missed the original broadcast!

https://bfx.social/3RfQdFE

BishopFox, to random

Watch our webcast live!

https://www.youtube.com/watch?v=hhjGa4uiAco

BishopFox, to Discord

Your weekly reminder to check out our server has arrived!

https://discord.com/invite/redsec

BishopFox, to Cybersecurity

How do you get organizational buy-in to stop viewing as a cost and start seeing it as an investment? Join Ryan Basden to learn how the adoption of Purple Teaming initiatives can help demonstrate ROI and secure revenue.

https://bfx.social/3QS1dcc

BishopFox,

Happening today!

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • kavyap
  • DreamBathrooms
  • normalnudes
  • magazineikmin
  • InstantRegret
  • GTA5RPClips
  • thenastyranch
  • Youngstown
  • rosin
  • slotface
  • osvaldo12
  • ngwrru68w68
  • ethstaker
  • JUstTest
  • everett
  • Durango
  • Leos
  • cubers
  • mdbf
  • khanakhh
  • tester
  • modclub
  • cisconetworking
  • anitta
  • tacticalgear
  • provamag3
  • lostlight
  • All magazines
    •