A Brief Look at FortiJump (FortiManager CVE-2024-47575) CVE-2024-47575, also known as FortiJump, recently ga... 2024-11-2 00:15:0 | 阅读: 41 | 收藏 | bishopfox.com - bishopfox.com fortigate ncat 47575 x509

Broken Hill: A Productionized Greedy Coordinate Gradient Attack Tool for Use Against Large Language Models TL;DR: This blog explains the GCG attack, which tricks AI chatbots into misbehaving, and introduce... 2024-9-24 23:0:0 | 阅读: 12 | 收藏 | bishopfox.com - bishopfox.com llm gcg hill weapon

Exploring Large Language Models: Local LLM CTF & Lab TL;DR: Explore research on isolating functional expectations for LLMs using a controller to manage... 2024-9-12 01:0:0 | 阅读: 6 | 收藏 | bishopfox.com - bishopfox.com llm llms outputmode phi3 patron

Product Security Review Methodology for Traeger Grill Hack In this blog, we aim to provide additional context on how Bishop Fox staff discovered vulnerabiliti... 2024-7-3 06:22:0 | 阅读: 12 | 收藏 | bishopfox.com - bishopfox.com fox bishop grill omitted brevity

The Unmask IAM Permission: API Gateway Access Logging In the era of cloud computing, where businesses leverage platforms like Amazon Web Services (AWS) f... 2024-6-7 06:26:0 | 阅读: 10 | 收藏 | bishopfox.com - bishopfox.com unmask cloud 7x18l9o7og masked queryid

PAN-OS CVE-2024-3400: Patch Your Palo Alto Firewalls OverviewCVE-2024-3400, a critical-severity vulnerability in PAN-OS, allows pre-authenticated remot... 2024-4-19 23:16:0 | 阅读: 13 | 收藏 | bishopfox.com - bishopfox.com telemetry injection alto palo payload

The iSOON Disclosure: Exploring the Integrated Operations Platform In February, the cybersecurity community was provided with an unauthorized public information disc... 2024-3-21 18:0:0 | 阅读: 26 | 收藏 | bishopfox.com - bishopfox.com mission security analysis network whitepaper

Poisoned Pipeline Execution Attacks: A Look at CI-CD Environments Continuous Integration and Continuous Deployment (CI/CD) pipelines have revolutionized how softwar... 2024-3-19 19:0:0 | 阅读: 20 | 收藏 | bishopfox.com - bishopfox.com repository github ppe attacker malicious

Further Adventures in Fortinet Decryption When CVE-2024-21762 and CVE-2024-23113 were patched in February 2024, Bishop Fox analyzed the patch... 2024-3-8 19:0:0 | 阅读: 139 | 收藏 | bishopfox.com - bishopfox.com rootfs fgt flatkc vals kallsyms

CVE-2024-21762 Vulnerability Scanner for FortiGate Firewalls Due to the nature in which we conduct research and penetration tests, some of our security experts p... 2024-3-1 19:0:0 | 阅读: 49 | 收藏 | bishopfox.com - bishopfox.com security fortune fox bishop excellence

It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable Summary SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two... 2024-1-16 01:0:0 | 阅读: 33 | 收藏 | bishopfox.com - bishopfox.com snprintf chk 22274 overflow 0656

GWT: Unpatched, Unauthenticated Java Deserialization IntroductionHow would you react if I told you that GWT, a fairly popular open-source web applicat... 2023-12-19 01:0:0 | 阅读: 20 | 收藏 | bishopfox.com - bishopfox.com gwt client omitted brevity

Introducing Swagger Jacker: Auditing OpenAPI Definition Files Swagger Jacker, or “sj” for short, is an open-source tool developed to audit OpenAPI definition fi... 2023-12-12 22:0:0 | 阅读: 7 | 收藏 | bishopfox.com - bishopfox.com swagger routes security openapi

Cloud Security Podcast Featuring Seth Art: Network Pentest 2.0 Ashish: Seth, can you tell us a bit about yourself and how you got to where you are today? Seth: S... 2023-11-8 22:0:0 | 阅读: 10 | 收藏 | bishopfox.com - bishopfox.com cloud network ashish seth security

Cloud Security Podcast Featuring Seth Art: Cloud Pentest of AWS Seth Art, principal at Bishop Fox and creator of CloudFox and CloudFoxable, joined Cloud Security P... 2023-11-1 21:0:0 | 阅读: 14 | 收藏 | bishopfox.com - bishopfox.com cloud seth ashish security client

Building an Exploit for FortiGate Vulnerability CVE-2023-27997 BackgroundEarlier this year, Lexfo published details of a pre-authentication remote code injectio... 2023-10-28 00:0:0 | 阅读: 19 | 收藏 | bishopfox.com - bishopfox.com salt seeds scratch 0x2000 payload

Celebrating One Year of CloudFox Seth Art (OSCP) is a Principal Security Consultant at Bishop Fox, where he currently focuses on pene... 2023-9-29 23:0:0 | 阅读: 8 | 收藏 | bishopfox.com - bishopfox.com security seth cloudfox cloudsec fox

Passing the OSEP Exam Using Sliver The OSEP ExamLast October, I successfully completed and passed the OffSec Advanced Evasion and Te... 2023-9-21 21:0:0 | 阅读: 14 | 收藏 | bishopfox.com - bishopfox.com sliver gemsbok amused shellcode beacon

Badge of Shame - Breaking Into Secure Facilities with OSDP Breaking into secure facilities is easily one of the most entertaining things we do here as consul... 2023-8-9 15:0:0 | 阅读: 7 | 收藏 | bishopfox.com - bishopfox.com osdp encryption security badge defender

Analysis and Exploitation of CVE-2023-3519 BackgroundOn July 18, Citrix announceda critical remote code execution vulnerability in Citrix A... 2023-8-5 07:0:0 | 阅读: 10 | 收藏 | bishopfox.com - bishopfox.com payload shellcode nsppe gwtest analysis