Mastodawn

Bishop Fox Jan 31, 2024

Renaud Lifchitz

Jan 31, 2024

A Practical Guide to PrintNightmare in 2024
https://itm4n.github.io/printnightmare-exploitation/
#infosec

A Practical Guide to PrintNightmare in 2024

Although PrintNightmare and its variants were theoretically all addressed by Microsoft, it is still affecting organizations to this date, mainly because of quite confusing group policies and settings. In this blog post, I want to shed a light on those configuration issues, and hopefully provide clear guidance on how to remediate them.

itm4n’s blog

Bishop Fox Jan 24, 2024

Change can present a ripe opportunity for attackers – and when it’s broadcast to the world, they take notice. Using the recent string of high-profile X (aka Twitter) breaches, Bishop Fox Red Team Practice Director Trevin Edgeworth discusses what organizations need to consider from a #cybersecurity lens when openly sharing company news like earnings reports and mergers & acquisitions, and even wide-reaching world events.

https://bfx.social/4bbcDAW

News Insights: Does X Mark a Target? with Trevin Edgeworth, Director…

Regarding Bitcoin and SEC’s X account, Red Team Practice Director Trevin Edgeworth analyzes the role of fluctuating security programs in these incidents.

Bishop Fox

Bishop Fox Jan 19, 2024

The prevalence of #AI-generated content signals a tipping point in #socialengineering, requiring us to develop new tools to detect & counter malicious intent. In this recap of a recent Bishop Fox fireside chat featuring Rob Ragan, @alethe, Derek Rush, and Ben Lincoln, we explore the importance of understanding social engineering tactics and strategies, implementing technical controls, and the role of internal network testing.

https://bfx.social/47EZAVz

Adopting Proactive Social Engineering and Network Testing Strategies

Get insights from Bishop Fox experts on social engineering tactics, implementing technical controls, and the importance of internal network testing.

Bishop Fox

Bishop Fox Jan 16, 2024

CpyJx 🍉Jan 16, 2024

Ostorlab KEV: a one-command tool to detect most remotely known exploitable vulnerabilities 🐞🔍

https://github.com/Ostorlab/KEV

#infosec #security #cybersecurity #CISA

GitHub - Ostorlab/KEV: Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.

Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs. - GitHub - Ostorla...

GitHub

Bishop Fox Jan 15, 2024

SonicWall next-gen firewall (NGFW) series 6 and 7 devices are affected by 2 DoS #vulnerabilities that can lead to remote code execution (RCE): #CVE-2022-22274 and CVE-2023-0656. Bishop Fox research revealed that these issues are fundamentally the same, but exploitable at different HTTP URI paths. Read more & download our test script at our blog.

https://bfx.social/47Hcdzj

#SonicWall #infosec #exploitdevelopment

It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly…

Learn about SonicWall NGFW series 6 and 7 impacted by unauthenticated denial-of-service vulnerabilities with the potential for remote code execution.

Bishop Fox

Bishop Fox Jan 12, 2024

The Verge Jan 12, 2024

Bitconned is a scammer’s guide to crypto https://www.theverge.com/24035066/bitconned-ray-trapani-centra-tech?utm_content=buffera35a4&utm_medium=social&utm_source=bufferapp.com&utm_campaign=buffer

Bitconned is a scammer’s guide to crypto

In the movie Bitconned, Ray Trapani tells the story of the Centra Tech scam. Director Bryan Storkel is, wittingly or not, among the people who Trapani manages to play.

The Verge

Bishop Fox Jan 12, 2024

Want to learn more about the Bishop Fox #opensource tool Sliver? Then make sure you attend our upcoming #BFLive training session where we’re dedicated the entire time to upping your #pentesting ante with this popular #CobaltStrike alternative.

https://bfx.social/3HezvSw

Pwning the Domain with Sliver Framework

Senior security expert Jon Guild demonstrates how to use the Sliver C2 framework to develop advanced offensive security skills from first-hand experience.

Bishop Fox

Bishop Fox Jan 10, 2024

We asked our Red Team Practice Director Trevin Edgeworth what long-standing unpatched #vulnerabilities can indicate to a Red Teamer. He uses the examples of two vulnerabilities that have gone unpatched for several years: an RCE flaw in Microsoft Office used to deliver spyware and a vulnerability in the popular #GWT framework discovered by Ben Lincoln. https://bfx.social/3RK49YE

#offensivesecurity #redteaming #cybersecurity

News Insights: Patch Procrastination with Trevin Edgeworth, Director…

Bishop Fox's Trevin Edgeworth, spotlights notable vulnerabilities - left unpatched for years and discusses how unpatched vulnerabilities can wreak havoc.

Bishop Fox

Bishop Fox Jan 8, 2024

Organizations on average experience 700+ social engineering attacks a year.

Dardan Prebreza is your host as we explore #socialengineering stages from planning to execution, common #phishing techniques, and the necessity of ongoing vigilance and proactive strategies to combat this pervasive issue. Don't miss out!

https://bfx.social/3SbtRHe

How Does Social Engineering Work?

YouTube

Bishop Fox Jan 5, 2024

With the new #opensource tool Swagger Jacker, #pentesters can automate analysis of response codes for each #API defined route, streamline manual testing capabilities with #curl command creation, and gather #endpoint routes.

#OSINT #pentestingtool #infosec

https://bfx.social/48pEAmY

Swagger Jacker

Swagger Jacker is an audit tool designed to improve inspection of unintentionally exposed OpenAPI definition files. Learn more here!

Bishop Fox

Website	https://bishopfox.com
Blog	https://bishopfox.com/blog
Twitter	https://twitter.com/bishopfox
LinkedIn	https://www.linkedin.com/company/bishop-fox
Discord	https://discord.com/invite/redsec
Reddit	https://www.reddit.com/r/RedSec