unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Using CloudTrail to Pivot to AWS Accounts
When performing cloud penetration tests (CPTs), the goal is to find and exploit high-severity issu...
2022-6-8 00:30:0 | 阅读: 6 |
收藏
|
bishopfox.com - bishopfox.com
cloudtrail
assumedrole
assumerole
arn
ripgen: Taking the Guesswork Out of Subdomain Discovery
In our most recent Tool Talk, we featured ripgen, a super-fast tool for conducting subdomain disco...
2022-6-2 04:0:0 | 阅读: 13 |
收藏
|
bishopfox.com - bishopfox.com
subdomain
ripgen
staging
security
Call of DeFi: The Battleground of Blockchain
Last year, decentralized finance (DeFi) grew tremendously, not only in usage, but also in cybersec...
2022-5-24 20:0:0 | 阅读: 4 |
收藏
|
bishopfox.com - bishopfox.com
defi
security
wallets
hacks
Ruby Vulnerabilities: Exploiting Dangerous Open, Send and Deserialization Operations
On a recent assessment, I tested a Ruby on Rails application that was vulnerable to three of the m...
2022-5-18 00:0:0 | 阅读: 11 |
收藏
|
bishopfox.com - bishopfox.com
gem
oj
rails
tarreader
payload
Our Top 9 Favorite Fuzzers
In keeping with our new tradition of crowdsourcing pen testing tool list topics (like this cloud p...
2022-4-19 23:0:0 | 阅读: 0 |
收藏
|
bishopfox.com - bishopfox.com
fuzzer
creator
unicorn
security
libfuzzer
Nuclei: Packing a Punch with Vulnerability Scanning
Here at Bishop Fox, we love using open-source tools to outfox attackers and protect our customers’...
2022-4-6 01:0:0 | 阅读: 0 |
收藏
|
bishopfox.com - bishopfox.com
nuclei
security
bishop
fox
Reports from the Field: Part 3
In the third part of our “Reports from the Field” series, we’ll explore how attackers utilize all t...
2022-3-22 23:45:0 | 阅读: 0 |
收藏
|
bishopfox.com - bishopfox.com
security
network
attackers
determined
shortening
Reports from the Field: Part 2
In the second part of our “Reports from the Field” series, we’ll explore exposed configuration file...
2022-3-9 01:0:0 | 阅读: 0 |
收藏
|
bishopfox.com - bishopfox.com
repository
recovered
database
attacker
attackers
Reports from the Field: Part 1
To defeat and deter cyberattacks, it’s essential to study the attacker’s methods and motivations to...
2022-3-2 09:0:0 | 阅读: 0 |
收藏
|
bishopfox.com - bishopfox.com
recovered
reuse
client
loot
subsidiary
Never, Ever, Ever Use Pixelation for Redacting Text
We write a lot of reports at Bishop Fox (it’s what happens when you hack all the things). This fre...
2022-2-15 21:0:0 | 阅读: 2 |
收藏
|
bishopfox.com - bishopfox.com
letter
unredacter
guesses
redaction
letters
Creating an Exploit: SolarWinds Vulnerability CVE-2021-35211
BackgroundAs part of our work on the Cosmos platform (formerly known as CAST) we sometimes have a...
2022-1-13 21:0:0 | 阅读: 7 |
收藏
|
bishopfox.com - bishopfox.com
serv
x8b
x89
0000009d
Zero-Day Collaboration: Working With Imperva to Eliminate a Critical Exposure
During a recent investigation, the Bishop Fox Cosmos Adversarial Operations experts identified a W...
2022-1-12 07:3:0 | 阅读: 5 |
收藏
|
bishopfox.com - bishopfox.com
imperva
bypass
fox
bishop
security
How Bishop Fox Has Been Identifying and Exploiting Log4shell
If you’re like me, the big Log4j vulnerability (CVE-2021-44228 and pals) has eaten up the last wee...
2021-12-28 06:26:0 | 阅读: 0 |
收藏
|
bishopfox.com - bishopfox.com
jndi
payload
client
attacker
nuclei
XMPP: An Under-appreciated Attack Surface
IntroIn this blog post, I’ll demonstrate why XMPP is of interest to penetration testers, security...
2021-12-7 01:0:0 | 阅读: 2 |
收藏
|
bishopfox.com - bishopfox.com
xmpp
jabber
xeps
Eyeballer 2.0 Web Interface and Other New Features
So there you are on an engagement with a large external footprint. There's thousands of exposed IP...
2021-11-16 00:0:0 | 阅读: 0 |
收藏
|
bishopfox.com - bishopfox.com
eyeballer
parked
dogs
buttons
bishop
A Snapshot of CAST in Action: Automating API Token Testing
While investigating our clients’ attack surfaces, I find myself repeating tasks frequently enough t...
2021-10-22 07:16:0 | 阅读: 0 |
收藏
|
bishopfox.com - bishopfox.com
nuclei
sendgrid
github
cosmos
repeatable
An Intro to Fuzzing (AKA Fuzz Testing)
What is Fuzzing?Fuzzing, also known as fuzz testing, is a technique that allows developers and se...
2021-9-28 15:0:0 | 阅读: 2 |
收藏
|
bishopfox.com - bishopfox.com
fuzzer
fuzzers
harness
dumb
developer
IAM Vulnerable - Assessing the AWS Assessment Tools
In my previous post, I introduced IAM Vulnerable, walked through how to set it up in a playground AW...
2021-9-23 15:0:0 | 阅读: 1 |
收藏
|
bishopfox.com - bishopfox.com
privesc
deny
3awspxv1
notaction
IAM Vulnerable - An AWS IAM Privilege Escalation Playground
If you are ever in a position where you need to assess the security of an AWS environment, one of th...
2021-9-9 15:0:0 | 阅读: 3 |
收藏
|
bishopfox.com - bishopfox.com
arn
privesc
ec2
privesc1
You're Doing IoT RNG
There’s a crack in the foundation of Internet of Things (IoT) security, one that affects 35 billion...
2021-8-5 15:0:0 | 阅读: 1 |
收藏
|
bishopfox.com - bishopfox.com
rng
hardware
hal
entropy
csprng
Previous
3
4
5
6
7
8
9
10
Next