unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
PAN-OS CVE-2024-3400: Patch Your Palo Alto Firewalls
OverviewCVE-2024-3400, a critical-severity vulnerability in PAN-OS, allows pre-authenticated remot...
2024-4-19 23:16:0 | 阅读: 9 |
收藏
|
bishopfox.com - bishopfox.com
telemetry
injection
alto
palo
payload
The iSOON Disclosure: Exploring the Integrated Operations Platform
In February, the cybersecurity community was provided with an unauthorized public information disc...
2024-3-21 18:0:0 | 阅读: 26 |
收藏
|
bishopfox.com - bishopfox.com
mission
security
analysis
network
whitepaper
Poisoned Pipeline Execution Attacks: A Look at CI-CD Environments
Continuous Integration and Continuous Deployment (CI/CD) pipelines have revolutionized how softwar...
2024-3-19 19:0:0 | 阅读: 10 |
收藏
|
bishopfox.com - bishopfox.com
repository
github
ppe
attacker
malicious
Further Adventures in Fortinet Decryption
When CVE-2024-21762 and CVE-2024-23113 were patched in February 2024, Bishop Fox analyzed the patch...
2024-3-8 19:0:0 | 阅读: 66 |
收藏
|
bishopfox.com - bishopfox.com
rootfs
fgt
flatkc
vals
kallsyms
CVE-2024-21762 Vulnerability Scanner for FortiGate Firewalls
Due to the nature in which we conduct research and penetration tests, some of our security experts p...
2024-3-1 19:0:0 | 阅读: 45 |
收藏
|
bishopfox.com - bishopfox.com
security
fortune
fox
bishop
excellence
It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable
Summary SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two...
2024-1-16 01:0:0 | 阅读: 30 |
收藏
|
bishopfox.com - bishopfox.com
snprintf
chk
22274
overflow
0656
GWT: Unpatched, Unauthenticated Java Deserialization
IntroductionHow would you react if I told you that GWT, a fairly popular open-source web applicat...
2023-12-19 01:0:0 | 阅读: 19 |
收藏
|
bishopfox.com - bishopfox.com
gwt
client
omitted
brevity
Introducing Swagger Jacker: Auditing OpenAPI Definition Files
Swagger Jacker, or “sj” for short, is an open-source tool developed to audit OpenAPI definition fi...
2023-12-12 22:0:0 | 阅读: 7 |
收藏
|
bishopfox.com - bishopfox.com
swagger
routes
security
openapi
Cloud Security Podcast Featuring Seth Art: Network Pentest 2.0
Ashish: Seth, can you tell us a bit about yourself and how you got to where you are today? Seth: S...
2023-11-8 22:0:0 | 阅读: 9 |
收藏
|
bishopfox.com - bishopfox.com
cloud
network
ashish
seth
security
Cloud Security Podcast Featuring Seth Art: Cloud Pentest of AWS
Seth Art, principal at Bishop Fox and creator of CloudFox and CloudFoxable, joined Cloud Security P...
2023-11-1 21:0:0 | 阅读: 11 |
收藏
|
bishopfox.com - bishopfox.com
cloud
seth
ashish
security
client
Building an Exploit for FortiGate Vulnerability CVE-2023-27997
BackgroundEarlier this year, Lexfo published details of a pre-authentication remote code injectio...
2023-10-28 00:0:0 | 阅读: 19 |
收藏
|
bishopfox.com - bishopfox.com
salt
seeds
scratch
0x2000
payload
Celebrating One Year of CloudFox
Seth Art (OSCP) is a Principal Security Consultant at Bishop Fox, where he currently focuses on pene...
2023-9-29 23:0:0 | 阅读: 8 |
收藏
|
bishopfox.com - bishopfox.com
security
seth
cloudfox
cloudsec
fox
Passing the OSEP Exam Using Sliver
The OSEP ExamLast October, I successfully completed and passed the OffSec Advanced Evasion and Te...
2023-9-21 21:0:0 | 阅读: 9 |
收藏
|
bishopfox.com - bishopfox.com
sliver
gemsbok
amused
shellcode
beacon
Badge of Shame - Breaking Into Secure Facilities with OSDP
Breaking into secure facilities is easily one of the most entertaining things we do here as consul...
2023-8-9 15:0:0 | 阅读: 6 |
收藏
|
bishopfox.com - bishopfox.com
osdp
encryption
security
badge
defender
Analysis and Exploitation of CVE-2023-3519
BackgroundOn July 18, Citrix announceda critical remote code execution vulnerability in Citrix A...
2023-8-5 07:0:0 | 阅读: 9 |
收藏
|
bishopfox.com - bishopfox.com
payload
shellcode
nsppe
gwtest
analysis
Breaking Fortinet Firmware Encryption
IntroductionThe previous article in our Fortinet series, CVE-2023-27997 is exploitable, and 69%...
2023-8-2 21:0:0 | 阅读: 7 |
收藏
|
bishopfox.com - bishopfox.com
ciphertext
cleartext
encryption
firmware
fgt
Citrix ADC Gateway RCE: CVE-2023-3519 is Exploitable, and 53% of Servers Are Unpatched
Update Monday, July 24, 2023: After originally publishing an analysis of unpatched servers on Fri...
2023-7-22 01:55:0 | 阅读: 11 |
收藏
|
bishopfox.com - bishopfox.com
citrix
adc
netscaler
unpatched
analysis
Introducing jsluice: The Why Behind JavaScript Gold Mining (Part 1)
JavaScript. Depending on who you are it's a word that can instil fear, joy, or curiosity. Regardle...
2023-7-20 21:0:0 | 阅读: 5 |
收藏
|
bishopfox.com - bishopfox.com
guestbook
jsluice
analysis
security
Introducing jsluice: A Technical Deep-Dive for JavaScript Gold (Part 2)
A sluice box is a box lined with riffles or ridges. When you put a sluice box in flowing water tha...
2023-7-20 21:0:0 | 阅读: 4 |
收藏
|
bishopfox.com - bishopfox.com
jsluice
jq
awskey
analysis
CVE-2023-27997 Is Exploitable, and 69% of FortiGate Firewalls Are Vulnerable
TL;DR Bishop Fox internally developed an exploit for CVE-2023-27997, a heap overflow in FortiOS—t...
2023-7-1 01:0:0 | 阅读: 7 |
收藏
|
bishopfox.com - bishopfox.com
fortios
fortigate
remote
logarithmic
Previous
1
2
3
4
5
6
7
8
Next