Just published a new blog about using LLMs to accelerate patch diffing! We developed a semi-automated analysis workflow and benchmarked four high-impact vulns using a few different Claude models. Check out how they performed!

I made SonicWall’s hall of fame for this one. Patch your firewalls (again), folks! bishopfox.com/blog/sonicwa...

The DistrictCon talk @noperator.bsky.social and I gave on decrypting SonicWall NSv firmware is up on YouTube now: www.youtube.com/watch?v=FIYK...

Don’t miss @br4inde4d.bsky.social and @noperator.bsky.social presenting: “Tearing Down (Sonic)Walls: Reverse-Engineering SonicOSX Firmware Encryption” at @districtcon.bsky.social Feb 21 at 1:30p.m. And stop by our Coffee Cart for ☕️ & convo! More: bishopfox.com/events/bisho... #SonicWall #firewall

They got me on camera to talk about my recent SonicWall exploit 😄

As promised, our blog post on CVE-2024-53704, a session hijacking vulnerability affecting the SSL VPN component of SonicWall firewalls, has been updated to include full exploitation details. Check it out!

Successfully exploited SonicWall CVE-2024-53704, allowing active SSL VPN sessions to be hijacked on affected firewalls. We'll be withholding details for a while because there are still thousands of vulnerable appliances on the public internet.