<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"><channel><description>Vulnerability Researcher at Bishop Fox</description><link>https://bsky.app/profile/br4inde4d.bsky.social</link><title>@br4inde4d.bsky.social - Jon Williams</title><item><link>https://bsky.app/profile/br4inde4d.bsky.social/post/3mq7dapdsw22x</link><description>Some adventures in LLM firmware cracking!&#xA;https://bishopfox.com/blog/cracking-firmware-with-claude-senior-level-skill-junior-level-autonomy</description><pubDate>09 Jul 2026 09:32 +0000</pubDate><guid isPermaLink="false">at://did:plc:3hicryvxip2c2z4eb7wtpyvm/app.bsky.feed.post/3mq7dapdsw22x</guid></item><item><link>https://bsky.app/profile/br4inde4d.bsky.social/post/3moi2sljols2k</link><description>Sometimes a DoS really is just a DoS! Here&#39;s a look behind the curtain at the less glamorous side of vuln research, discussing (in mostly laypersons&#39; terms) how we tried in vain to turn a memory corruption bug into full RCE.&#xA;&#xA;https://bishopfox.com/blog/a-crash-not-a-shell-solarwinds-serev-u-cve-2026-28318</description><pubDate>17 Jun 2026 10:04 +0000</pubDate><guid isPermaLink="false">at://did:plc:3hicryvxip2c2z4eb7wtpyvm/app.bsky.feed.post/3moi2sljols2k</guid></item><item><link>https://bsky.app/profile/br4inde4d.bsky.social/post/3mnmfyokjuc2b</link><description>Here we GOOOOOO...! Successfully reproduced a full root unauthenticated RCE chain against UniFi OS Server 5.0.6 – with devastating impacts depending on what devices it manages. Check out our newest blog post: https://bishopfox.com/blog/popping-root-on-unifi-os-server-unauthenticated-rce-chain-detection-analysis</description><pubDate>06 Jun 2026 10:10 +0000</pubDate><guid isPermaLink="false">at://did:plc:3hicryvxip2c2z4eb7wtpyvm/app.bsky.feed.post/3mnmfyokjuc2b</guid></item><item><link>https://bsky.app/profile/br4inde4d.bsky.social/post/3mneu5fceks2p</link><description>And another one for y’all! This week I published some research into a perfect 10 arbitrary file read affecting Ubiquiti UniFi controller software. I suspect we’ll have more to say about UniFi in the near future…&#xA;&#xA;https://bishopfox.com/blog/looting-unifi-controllers-detecting-and-weaponizing-cve-2026-22557</description><pubDate>03 Jun 2026 10:02 +0000</pubDate><guid isPermaLink="false">at://did:plc:3hicryvxip2c2z4eb7wtpyvm/app.bsky.feed.post/3mneu5fceks2p</guid></item><item><link>https://bsky.app/profile/br4inde4d.bsky.social/post/3mmvsijbmb22k</link><description>Dropped some new research on the blog this week - this time we’re pulling apart a PAN-OS JWT signature bypass. Enjoy!&#xA;&#xA;https://bishopfox.com/blog/detecting-cve-2026-0265-at-scale-pan-os-cas-authentication-bypass</description><pubDate>28 May 2026 10:23 +0000</pubDate><guid isPermaLink="false">at://did:plc:3hicryvxip2c2z4eb7wtpyvm/app.bsky.feed.post/3mmvsijbmb22k</guid></item><item><link>https://bsky.app/profile/br4inde4d.bsky.social/post/3mhzypw6ljs2o</link><description>We successfully exploited CVE-2026-25075, a denial of service affecting strongSwan VPN servers! Be sure to patch ASAP and check out our blog for a technical analysis: https://bishopfox.com/blog/strongswan-cve-2026-25075-integer-underflow-in-vpn-authentication</description><pubDate>27 Mar 2026 11:19 +0000</pubDate><guid isPermaLink="false">at://did:plc:3hicryvxip2c2z4eb7wtpyvm/app.bsky.feed.post/3mhzypw6ljs2o</guid></item><item><link>https://bsky.app/profile/br4inde4d.bsky.social/post/3m7a5p5yaus2b</link><description>Our blog post on the Arista XSS to RCE chain is now live! We withheld exploit details because the root cause has not been fully mitigated. Patch now if you haven&#39;t already, disable your captive portal to reduce the likelihood of exploitation, and stay tuned for new vulns to be disclosed soon!&#xA;https://bishopfox.com/blog/arista-nextgen-firewall-xss-to-rce-chain</description><pubDate>05 Dec 2025 09:17 +0000</pubDate><guid isPermaLink="false">at://did:plc:3hicryvxip2c2z4eb7wtpyvm/app.bsky.feed.post/3m7a5p5yaus2b</guid></item><item><link>https://bsky.app/profile/br4inde4d.bsky.social/post/3m75votckms2k</link><description>My team confirmed that recently disclosed Arista NGFW vulnerabilities are fully exploitable! RCE is possible with victim interaction. More details coming soon to our blog:  bishopfox.com/blog</description><pubDate>04 Dec 2025 11:48 +0000</pubDate><guid isPermaLink="false">at://did:plc:3hicryvxip2c2z4eb7wtpyvm/app.bsky.feed.post/3m75votckms2k</guid></item><item><link>https://bsky.app/profile/br4inde4d.bsky.social/post/3lwjthvnywc2x</link><description>Just published a new blog about using LLMs to accelerate patch diffing! We developed a semi-automated analysis workflow and benchmarked four high-impact vulns using a few different Claude models. Check out how they performed!&#xA;https://bishopfox.com/blog/vulnerability-discovery-with-llm-powered-patch-diffing</description><pubDate>16 Aug 2025 16:54 +0000</pubDate><guid isPermaLink="false">at://did:plc:3hicryvxip2c2z4eb7wtpyvm/app.bsky.feed.post/3lwjthvnywc2x</guid></item><item><link>https://bsky.app/profile/br4inde4d.bsky.social/post/3lnm4gaffv22c</link><description>I made SonicWall’s hall of fame for this one. Patch your firewalls (again), folks!&#xA;&#xA;https://bishopfox.com/blog/sonicwall-sonicos-versions-7-1-x-and-8-0-x</description><pubDate>25 Apr 2025 01:53 +0000</pubDate><guid isPermaLink="false">at://did:plc:3hicryvxip2c2z4eb7wtpyvm/app.bsky.feed.post/3lnm4gaffv22c</guid></item><item><link>https://bsky.app/profile/br4inde4d.bsky.social/post/3lkqgua2fvk2l</link><description>The DistrictCon talk @noperator.bsky.social and I gave on decrypting SonicWall NSv firmware is up on YouTube now: https://www.youtube.com/watch?v=FIYKlv48f6Y</description><pubDate>19 Mar 2025 14:54 +0000</pubDate><guid isPermaLink="false">at://did:plc:3hicryvxip2c2z4eb7wtpyvm/app.bsky.feed.post/3lkqgua2fvk2l</guid></item><item><link>https://bsky.app/profile/br4inde4d.bsky.social/post/3lhwucetbu22q</link><description>They got me on camera to talk about my recent SonicWall exploit 😄&#xA;https://youtube.com/shorts/9HwZB_9-okQ?si=8HJIGH9EbTlDqGqr</description><pubDate>11 Feb 2025 23:55 +0000</pubDate><guid isPermaLink="false">at://did:plc:3hicryvxip2c2z4eb7wtpyvm/app.bsky.feed.post/3lhwucetbu22q</guid></item><item><link>https://bsky.app/profile/br4inde4d.bsky.social/post/3lhty27ofqk2q</link><description>As promised, our blog post on CVE-2024-53704, a session hijacking vulnerability affecting the SSL VPN component of SonicWall firewalls, has been updated to include full exploitation details. Check it out!&#xA;https://bishopfox.com/blog/sonicwall-cve-2024-53704-ssl-vpn-session-hijacking</description><pubDate>10 Feb 2025 20:24 +0000</pubDate><guid isPermaLink="false">at://did:plc:3hicryvxip2c2z4eb7wtpyvm/app.bsky.feed.post/3lhty27ofqk2q</guid></item><item><link>https://bsky.app/profile/br4inde4d.bsky.social/post/3lfxflscp6k2u</link><description>Successfully exploited SonicWall CVE-2024-53704, allowing active SSL VPN sessions to be hijacked on affected firewalls. We&#39;ll be withholding details for a while because there are still thousands of vulnerable appliances on the public internet.</description><pubDate>17 Jan 2025 18:14 +0000</pubDate><guid isPermaLink="false">at://did:plc:3hicryvxip2c2z4eb7wtpyvm/app.bsky.feed.post/3lfxflscp6k2u</guid></item></channel></rss>