Meet the Author
Rob Ragan Principal Researcher
Rob Ragan is a Principal Researcher at Bishop Fox. Rob focuses on pragmatic solutions for clients and technology. He oversees strategy for continuous security automation. Rob has presented at Black Hat, DEF CON, and RSA. He is also a contributing author to Hacking Exposed Web Applications 3rd Edition. His writing has appeared in Dark Reading and he has been quoted in publications such as Wired.
Rob has more than a decade of security experience and once worked as a Software Engineer at Hewlett-Packard's Application Security Center. Rob was also with SPI Dynamics where he was a software engineer on the dynamic analysis engine for WebInspect and the static analysis engine for DevInspect.
Rob holds a Bachelor of Science from Pennsylvania State University with a major in Information Sciences and Technology and a focus on System Development.
Articles Written:
- Help Net Security - "Is Your Perimeter Inventory Leaving You Exposed? Why It’s time to Switch From IP to DNS"
- Dark Reading - "Get Organized Like a Villain"
- Help Net Security - "Red Teaming: Why a Forward Offense is the best defense
Past Speaking Engagements:
- 2019 Kaspersky SAS - "Ghost in the Browser: Broad-Scale Espionage With Bitsquatting"
- 2019 BSides San Francisco - "Twist & Shout: Ferris Buellers Guide to Abuse Domain Permutations"
- 2019 AppSec California - "Pose a Threat: How Perceptual Analysis Helps Bug Hunters"
- 2019 Art into Science, A Conference for Defense aka ACoD - "Pose a Threat: How Perceptual Analysis Helps Bug Hunters"
- 2016 Interop Las Vegas - "Social Engineering: The Bad, Better, and Best Incident Response Plans"
- 2015 BSides Pittsburgh, In The Burgh - "Never Surrender: Reducing Social Engineering Risk"
- 2014 Black Hat USA - "CloudBots: Harvesting Crypto Coins like a Botnet Farmer"
- 2014 RSA USA - "Cloud Ninja: Catch Me if You Can"
- 2011 Black Hat USA - "Pulp Google Hacking: The Next Generation Search Engine Hacking Arsenal"
- 2010 Black Hat USA - “Lord of the Bing: Taking Back Search Engine Hacking From Google and Bing.”
Subject Matter Expertise:
- Red Teaming
- Threat Modeling
- Web App
- IoT
- Social Engineering
- Startups/small business security
- High-level topical breaches
- Incidence Response
- CloudBots
- Attack Chaining
- Botnets
Resources from Rob Ragan
SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns
Presented at Black Hat 2020, this presentation looks at the most pragmatic ways to continuously analyze your AWS environments and operationalize that information to answer vital security questions. Demonstrations include integration between IAM Access Analyzer, Tiros Reachability API, and Bishop Fox CAST Cloud Connectors, along with a new open source tool SmogCloud to find continuously changing AWS internet-facing services.
SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns
Black Hat USA 2020 presentation looks at pragmatic ways to answer vital security questions in your AWS environment.
Illumio Assessment Report: Interview with Raghu Nandakumara and Rob Ragan
Ghost In The Browser - Broad-Scale Espionage With Bitsquatting
Presentation from Kapersky SAS 2019 on an unfortunate side effect to achieving HTTPS everywhere and learn what can be done to mitigate the risk.
Twist & Shout: Ferris Bueller's Guide to Abuse Domain Permutations
Presentation from Sqr00t 2019 explores the ins and outs of domain abuse, and how to prevent it.
Pose a Threat: How Perceptual Analysis Helps Bug Hunters
Presentation from OWASP AppSec California 2019 offers up dirty tricks to optimize the hunt for security exposures.