Jon Williams

Arista Firewall XSS to RCE Chain Arista NG Firewalls: researchers confirm real-world RCE risk and incomplete patches. Learn impact, affected setups, and mitigation steps.

Our blog post on the Arista XSS to RCE chain is now live! We withheld exploit details because the root cause has not been fully mitigated. Patch now if you haven't already, disable your captive portal to reduce the likelihood of exploitation, and stay tuned for new vulns to be disclosed soon!

My team confirmed that recently disclosed Arista NGFW vulnerabilities are fully exploitable! RCE is possible with victim interaction. More details coming soon to our blog: bishopfox.com/blog

Vulnerability Discovery with LLM-Powered Patch Diffing Read our most recent research to see how LLMs can assist in scaling patch diffing workflows, saving valuable time in a crucial race against attackers.

Just published a new blog about using LLMs to accelerate patch diffing! We developed a semi-automated analysis workflow and benchmarked four high-impact vulns using a few different Claude models. Check out how they performed!

SonicWall Sonicos Versions 7.1.x and 8.0.x Blog describes how Bishop Fox staff identified a vulnerability in SonicWall SonicOS 7.1.x and 8.0.x in the SSL VPN service and solutions for customers.

I made SonicWall’s hall of fame for this one. Patch your firewalls (again), folks!

bishopfox.com/blog/sonicwa...

YouTube video by DistrictCon - Live stream Here for day 2 DistrictCon 2025 Day 1 Talk 3 - Reverse Engineering Sonicwall Firmware Jon Williams, Caleb Gross

The DistrictCon talk @noperator.bsky.social and I gave on decrypting SonicWall NSv firmware is up on YouTube now: www.youtube.com/watch?v=FIYK...

DISTRICTCON Friday - Saturday, Feb 21-22, 2025 Yours Truly Hotel, Washington DC Tearing Down (Sonic)Walls: Reverse-Engineering SonicOSX Firmware Encryption with Jon Williams and Caleb Gross

Don’t miss @br4inde4d.bsky.social and @noperator.bsky.social presenting: “Tearing Down (Sonic)Walls: Reverse-Engineering SonicOSX Firmware Encryption” at @districtcon.bsky.social Feb 21 at 1:30p.m. And stop by our Coffee Cart for ☕️ & convo! More: bishopfox.com/events/bisho...

#SonicWall #firewall

YouTube video by Bishop Fox SonicWall CVE-2024-53704: SSL VPN Session Hijacking

They got me on camera to talk about my recent SonicWall exploit 😄

SonicWall CVE-2024-53704: SSL VPN Session Hijacking Security researchers have exploited CVE-2024-53704, an authentication bypass affecting the SSL VPN component of unpatched SonicWall firewalls. Watch demo!

As promised, our blog post on CVE-2024-53704, a session hijacking vulnerability affecting the SSL VPN component of SonicWall firewalls, has been updated to include full exploitation details. Check it out!

Successfully exploited SonicWall CVE-2024-53704, allowing active SSL VPN sessions to be hijacked on affected firewalls. We'll be withholding details for a while because there are still thousands of vulnerable appliances on the public internet.