unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
A Brief Look at FortiJump (FortiManager CVE-2024-47575)
CVE-2024-47575, also known as FortiJump, recently ga...
2024-11-2 00:15:0 | 阅读: 34 |
收藏
|
bishopfox.com - bishopfox.com
fortigate
ncat
47575
x509
Broken Hill: A Productionized Greedy Coordinate Gradient Attack Tool for Use Against Large Language Models
TL;DR: This blog explains the GCG attack, which tricks AI chatbots into misbehaving, and introduce...
2024-9-24 23:0:0 | 阅读: 12 |
收藏
|
bishopfox.com - bishopfox.com
llm
gcg
hill
weapon
Exploring Large Language Models: Local LLM CTF & Lab
TL;DR: Explore research on isolating functional expectations for LLMs using a controller to manage...
2024-9-12 01:0:0 | 阅读: 6 |
收藏
|
bishopfox.com - bishopfox.com
llm
llms
outputmode
phi3
patron
Product Security Review Methodology for Traeger Grill Hack
In this blog, we aim to provide additional context on how Bishop Fox staff discovered vulnerabiliti...
2024-7-3 06:22:0 | 阅读: 12 |
收藏
|
bishopfox.com - bishopfox.com
fox
bishop
grill
omitted
brevity
The Unmask IAM Permission: API Gateway Access Logging
In the era of cloud computing, where businesses leverage platforms like Amazon Web Services (AWS) f...
2024-6-7 06:26:0 | 阅读: 10 |
收藏
|
bishopfox.com - bishopfox.com
unmask
cloud
7x18l9o7og
masked
queryid
PAN-OS CVE-2024-3400: Patch Your Palo Alto Firewalls
OverviewCVE-2024-3400, a critical-severity vulnerability in PAN-OS, allows pre-authenticated remot...
2024-4-19 23:16:0 | 阅读: 13 |
收藏
|
bishopfox.com - bishopfox.com
telemetry
injection
alto
palo
payload
The iSOON Disclosure: Exploring the Integrated Operations Platform
In February, the cybersecurity community was provided with an unauthorized public information disc...
2024-3-21 18:0:0 | 阅读: 26 |
收藏
|
bishopfox.com - bishopfox.com
mission
security
analysis
network
whitepaper
Poisoned Pipeline Execution Attacks: A Look at CI-CD Environments
Continuous Integration and Continuous Deployment (CI/CD) pipelines have revolutionized how softwar...
2024-3-19 19:0:0 | 阅读: 18 |
收藏
|
bishopfox.com - bishopfox.com
repository
github
ppe
attacker
malicious
Further Adventures in Fortinet Decryption
When CVE-2024-21762 and CVE-2024-23113 were patched in February 2024, Bishop Fox analyzed the patch...
2024-3-8 19:0:0 | 阅读: 135 |
收藏
|
bishopfox.com - bishopfox.com
rootfs
fgt
flatkc
vals
kallsyms
CVE-2024-21762 Vulnerability Scanner for FortiGate Firewalls
Due to the nature in which we conduct research and penetration tests, some of our security experts p...
2024-3-1 19:0:0 | 阅读: 47 |
收藏
|
bishopfox.com - bishopfox.com
security
fortune
fox
bishop
excellence
It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable
Summary SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two...
2024-1-16 01:0:0 | 阅读: 33 |
收藏
|
bishopfox.com - bishopfox.com
snprintf
chk
22274
overflow
0656
GWT: Unpatched, Unauthenticated Java Deserialization
IntroductionHow would you react if I told you that GWT, a fairly popular open-source web applicat...
2023-12-19 01:0:0 | 阅读: 20 |
收藏
|
bishopfox.com - bishopfox.com
gwt
client
omitted
brevity
Introducing Swagger Jacker: Auditing OpenAPI Definition Files
Swagger Jacker, or “sj” for short, is an open-source tool developed to audit OpenAPI definition fi...
2023-12-12 22:0:0 | 阅读: 7 |
收藏
|
bishopfox.com - bishopfox.com
swagger
routes
security
openapi
Cloud Security Podcast Featuring Seth Art: Network Pentest 2.0
Ashish: Seth, can you tell us a bit about yourself and how you got to where you are today? Seth: S...
2023-11-8 22:0:0 | 阅读: 10 |
收藏
|
bishopfox.com - bishopfox.com
cloud
network
ashish
seth
security
Cloud Security Podcast Featuring Seth Art: Cloud Pentest of AWS
Seth Art, principal at Bishop Fox and creator of CloudFox and CloudFoxable, joined Cloud Security P...
2023-11-1 21:0:0 | 阅读: 14 |
收藏
|
bishopfox.com - bishopfox.com
cloud
seth
ashish
security
client
Building an Exploit for FortiGate Vulnerability CVE-2023-27997
BackgroundEarlier this year, Lexfo published details of a pre-authentication remote code injectio...
2023-10-28 00:0:0 | 阅读: 19 |
收藏
|
bishopfox.com - bishopfox.com
salt
seeds
scratch
0x2000
payload
Celebrating One Year of CloudFox
Seth Art (OSCP) is a Principal Security Consultant at Bishop Fox, where he currently focuses on pene...
2023-9-29 23:0:0 | 阅读: 8 |
收藏
|
bishopfox.com - bishopfox.com
security
seth
cloudfox
cloudsec
fox
Passing the OSEP Exam Using Sliver
The OSEP ExamLast October, I successfully completed and passed the OffSec Advanced Evasion and Te...
2023-9-21 21:0:0 | 阅读: 14 |
收藏
|
bishopfox.com - bishopfox.com
sliver
gemsbok
amused
shellcode
beacon
Badge of Shame - Breaking Into Secure Facilities with OSDP
Breaking into secure facilities is easily one of the most entertaining things we do here as consul...
2023-8-9 15:0:0 | 阅读: 7 |
收藏
|
bishopfox.com - bishopfox.com
osdp
encryption
security
badge
defender
Analysis and Exploitation of CVE-2023-3519
BackgroundOn July 18, Citrix announceda critical remote code execution vulnerability in Citrix A...
2023-8-5 07:0:0 | 阅读: 10 |
收藏
|
bishopfox.com - bishopfox.com
payload
shellcode
nsppe
gwtest
analysis
Previous
-14
-13
-12
-11
-10
-9
-8
-7
Next