Epic Fails and Heist Tales: A Red Teamer’s Journey to Deadwood Alethe Denis分享了在Wild West Hackin' Fest上的演讲内容，探讨了Red Team在实际安全测试中的经验和教训。通过案例展示了失败与成功的时刻、准备工作的关键性以及社会工程学的重要性。她强调了Red Team测试对组织安全的价值，并反思了会议带来的启发与成长。... 2025-3-31 14:0:0 | 阅读: 10 | 收藏 | bishopfox.com - bishopfox.com security teaming west deadwood pretext

Rust for Malware Development 文章探讨了使用Rust编程语言进行恶意软件开发的优势与挑战。通过与C语言的对比分析，发现Rust生成的二进制文件较大且更难被反编译工具解析。文章还展示了如何利用Rust开发一个恶意软件dropper，并成功演示了进程注入和远程代码执行的过程。... 2025-3-24 19:0:0 | 阅读: 10 | 收藏 | bishopfox.com - bishopfox.com shellcode ustack payload memory sliver

Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware Bishop Fox研究人员逆向工程了SonicWall Sonicrack的加密保护，获取底层文件系统访问权限，并发布了工具Sonicrack，用于自动提取密钥并解密VMware NSv固件镜像。... 2025-2-24 14:0:0 | 阅读: 29 | 收藏 | bishopfox.com - bishopfox.com firmware sunup scx sw crypt

SonicWall CVE-2024-53704: SSL VPN Session Hijacking Bishop Fox researchers have successfully exploited CVE-2024-53704, an authentication bypass affectin... 2025-1-22 16:0:0 | 阅读: 27 | 收藏 | bishopfox.com - bishopfox.com fox bishop client 53704

raink: Use LLMs for Document Ranking TL;DR: Bishop Fox has released raink, a command-line... 2025-1-14 16:12:0 | 阅读: 13 | 收藏 | bishopfox.com - bishopfox.com ranking llm raink llms prp

Analysis and Scanner for Ivanti CVE-2025-0282 SummaryIvanti recently released an advisoryfor CVE... 2025-1-10 21:22:0 | 阅读: 494 | 收藏 | bishopfox.com - bishopfox.com ift client crash clientip

Cyber Mirage: How AI is Shaping the Future of Social Engineering “As a Red Teamer, I’ve always believed the best defe... 2025-1-8 08:0:0 | 阅读: 19 | 收藏 | bishopfox.com - bishopfox.com deepfake brandon deepfakes vocal chris

Current State of SonicWall Exposure: Firmware Decryption Unlocks New Insights This is part two of a three-part series on SonicWall fire... 2024-12-13 14:0:0 | 阅读: 35 | 收藏 | bishopfox.com - bishopfox.com firmware security identify precision

Sonicwall Firmware Deep Dive - Part 1 At Bishop Fox, we spend a lot of time researching ne... 2024-12-2 22:0:0 | 阅读: 42 | 收藏 | bishopfox.com - bishopfox.com swi firmware sig nsv salt

The Growing Concern of API Security The Growing Concern of API SecurityAs the internet... 2024-11-27 23:0:0 | 阅读: 15 | 收藏 | bishopfox.com - bishopfox.com security attackers processes

A Brief Look at FortiJump (FortiManager CVE-2024-47575) CVE-2024-47575, also known as FortiJump, recently ga... 2024-11-2 00:15:0 | 阅读: 57 | 收藏 | bishopfox.com - bishopfox.com fortigate ncat 47575 x509

Broken Hill: A Productionized Greedy Coordinate Gradient Attack Tool for Use Against Large Language Models TL;DR: This blog explains the GCG attack, which tricks AI chatbots into misbehaving, and introduce... 2024-9-24 23:0:0 | 阅读: 23 | 收藏 | bishopfox.com - bishopfox.com llm gcg hill weapon

Exploring Large Language Models: Local LLM CTF & Lab TL;DR: Explore research on isolating functional expectations for LLMs using a controller to manage... 2024-9-12 01:0:0 | 阅读: 32 | 收藏 | bishopfox.com - bishopfox.com llm llms outputmode phi3 patron

Product Security Review Methodology for Traeger Grill Hack In this blog, we aim to provide additional context on how Bishop Fox staff discovered vulnerabiliti... 2024-7-3 06:22:0 | 阅读: 22 | 收藏 | bishopfox.com - bishopfox.com fox bishop grill omitted brevity

The Unmask IAM Permission: API Gateway Access Logging In the era of cloud computing, where businesses leverage platforms like Amazon Web Services (AWS) f... 2024-6-7 06:26:0 | 阅读: 33 | 收藏 | bishopfox.com - bishopfox.com unmask cloud 7x18l9o7og masked queryid

PAN-OS CVE-2024-3400: Patch Your Palo Alto Firewalls OverviewCVE-2024-3400, a critical-severity vulnerability in PAN-OS, allows pre-authenticated remot... 2024-4-19 23:16:0 | 阅读: 26 | 收藏 | bishopfox.com - bishopfox.com telemetry injection alto palo payload

The iSOON Disclosure: Exploring the Integrated Operations Platform In February, the cybersecurity community was provided with an unauthorized public information disc... 2024-3-21 18:0:0 | 阅读: 41 | 收藏 | bishopfox.com - bishopfox.com mission security analysis network whitepaper

Poisoned Pipeline Execution Attacks: A Look at CI-CD Environments Continuous Integration and Continuous Deployment (CI/CD) pipelines have revolutionized how softwar... 2024-3-19 19:0:0 | 阅读: 36 | 收藏 | bishopfox.com - bishopfox.com repository github ppe attacker malicious

Further Adventures in Fortinet Decryption When CVE-2024-21762 and CVE-2024-23113 were patched in February 2024, Bishop Fox analyzed the patch... 2024-3-8 19:0:0 | 阅读: 307 | 收藏 | bishopfox.com - bishopfox.com rootfs fgt flatkc vals kallsyms

CVE-2024-21762 Vulnerability Scanner for FortiGate Firewalls Due to the nature in which we conduct research and penetration tests, some of our security experts p... 2024-3-1 19:0:0 | 阅读: 69 | 收藏 | bishopfox.com - bishopfox.com security fortune fox bishop excellence