Jon Williams's Avatar

Jon Williams

@br4inde4d

Vulnerability Researcher at Bishop Fox

14
Followers 10
Following 8
Posts 18.11.2024
Joined
Posts Following

Latest posts by Jon Williams @br4inde4d

Preview
Arista Firewall XSS to RCE Chain Arista NG Firewalls: researchers confirm real-world RCE risk and incomplete patches. Learn impact, affected setups, and mitigation steps.

Our blog post on the Arista XSS to RCE chain is now live! We withheld exploit details because the root cause has not been fully mitigated. Patch now if you haven't already, disable your captive portal to reduce the likelihood of exploitation, and stay tuned for new vulns to be disclosed soon!

05.12.2025 09:17 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Video thumbnail

My team confirmed that recently disclosed Arista NGFW vulnerabilities are fully exploitable! RCE is possible with victim interaction. More details coming soon to our blog: bishopfox.com/blog

04.12.2025 11:48 πŸ‘ 2 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Preview
Vulnerability Discovery with LLM-Powered Patch Diffing Read our most recent research to see how LLMs can assist in scaling patch diffing workflows, saving valuable time in a crucial race against attackers.

Just published a new blog about using LLMs to accelerate patch diffing! We developed a semi-automated analysis workflow and benchmarked four high-impact vulns using a few different Claude models. Check out how they performed!

16.08.2025 16:54 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
SonicWall Sonicos Versions 7.1.x and 8.0.x Blog describes how Bishop Fox staff identified a vulnerability in SonicWall SonicOS 7.1.x and 8.0.x in the SSL VPN service and solutions for customers.

I made SonicWall’s hall of fame for this one. Patch your firewalls (again), folks!

bishopfox.com/blog/sonicwa...

25.04.2025 01:53 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
DistrictCon 2025 Day 1 Talk 3 - Reverse Engineering Sonicwall Firmware Jon Williams, Caleb Gross
DistrictCon 2025 Day 1 Talk 3 - Reverse Engineering Sonicwall Firmware Jon Williams, Caleb Gross YouTube video by DistrictCon - Live stream Here for day 2

The DistrictCon talk @noperator.bsky.social and I gave on decrypting SonicWall NSv firmware is up on YouTube now: www.youtube.com/watch?v=FIYK...

19.03.2025 14:54 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
DISTRICTCON Friday - Saturday, Feb 21-22, 2025 Yours Truly Hotel, Washington DC Tearing Down (Sonic)Walls: Reverse-Engineering SonicOSX Firmware Encryption with Jon Williams and Caleb Gross

DISTRICTCON Friday - Saturday, Feb 21-22, 2025 Yours Truly Hotel, Washington DC Tearing Down (Sonic)Walls: Reverse-Engineering SonicOSX Firmware Encryption with Jon Williams and Caleb Gross

Don’t miss @br4inde4d.bsky.social and @noperator.bsky.social presenting: β€œTearing Down (Sonic)Walls: Reverse-Engineering SonicOSX Firmware Encryption” at @districtcon.bsky.social Feb 21 at 1:30p.m. And stop by our Coffee Cart for β˜•οΈ & convo! More: bishopfox.com/events/bisho...

#SonicWall #firewall

17.02.2025 16:12 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
SonicWall CVE-2024-53704: SSL VPN Session Hijacking
SonicWall CVE-2024-53704: SSL VPN Session Hijacking YouTube video by Bishop Fox

They got me on camera to talk about my recent SonicWall exploit πŸ˜„

11.02.2025 23:55 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
SonicWall CVE-2024-53704: SSL VPN Session Hijacking Security researchers have exploited CVE-2024-53704, an authentication bypass affecting the SSL VPN component of unpatched SonicWall firewalls. Watch demo!

As promised, our blog post on CVE-2024-53704, a session hijacking vulnerability affecting the SSL VPN component of SonicWall firewalls, has been updated to include full exploitation details. Check it out!

10.02.2025 20:24 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Video thumbnail

Successfully exploited SonicWall CVE-2024-53704, allowing active SSL VPN sessions to be hijacked on affected firewalls. We'll be withholding details for a while because there are still thousands of vulnerable appliances on the public internet.

17.01.2025 18:14 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0