MEET THE TEAM AT BLACK HAT - DEF CON 2026 Learn More

Art piece showing security professionel with laptop on his lap sitting relaxed in a very noisy environment with headphones on.
HACKER SUMMER CAMP 2026

Block Out The Noise with BISHOP FOX

August 3 – 9 | Las Vegas
Meet Us at Black Hat & DEFCON. 

Get dedicated time with our consultants. Unwind with our Team. Meet our Friends and Partners.

MEET US @ THE DEF CON 34 VILLAGES

Aug. 6-9, 2026 | Las Vegas Convention Center West Hall in Las Vegas, NV
Our Consultants are workshopping, presenting and demoing at various villages and community stages. We'd love to meet you there.

Homepage gallery bg 2

Brandon Kovacs, Sr. Security Consultant, will be on hand with a live demo showcase built around one of the fastest moving threats in social engineering: real-time deepfake video and voice cloning. Generative AI has handed attackers a new toolkit for impersonation, and the results are already landing in the headlines, including a case where a finance employee at a multinational company wired $25 million after what looked and sounded like a live video call with their CFO, but turned out to be a synthetic performance. 

Brandon will use a mix of open-source tooling, consumer-grade recording gear, and basic film production technique to get to a believable, broadcast-quality result. Attendees will see real-time face and voice swapping in action and get a practical read on where the technology's limits still are. 

The goal is to leave attendees with a clearer sense of how this class of attack actually gets built and what that means for how social engineering engagements and awareness programs need to evolve.

Homepage gallery bg 1

Aug 7 at 11 a.m. workshop: Weaponizing CloudFormation Lab

Samanta Aranda, Managing Senior Consultant
, will run a hands-on workshop on weaponizing CloudFormation. Attendees will start with limited IAM permissions and learn to identify and exploit misconfigured CloudFormation execution roles using iam:PassRole, service roles, and Lambda-backed Custom Resources. 

Participants will weaponize CloudFormation templates to build persistence inside service-scoped IAM paths without needing direct administrative access. 

The workshop digs into realistic cloud attack paths, delegated execution abuse, and the risks introduced by over-permissioned automation, along with rollback abuse scenarios and how these attacks surface in CloudTrail and IAM logs.

Aug 7 at 4 p.m. Cirro workshop: Extending Your Azure Graph Beyond Identities Lab

Leron Gray, Senior Security Consultant
, will lead a lab on extending Azure attack graphing beyond identity with Cirro, the spiritual successor to Stormspotter. Most Azure graph analysis tooling focuses on identity relationships: users, groups, service principals, role assignments. Modern Azure environments hold far more exploitable context in infrastructure, platform services, application configs, network relationships, managed identities, and data-plane resources. 

Cirro is an attack graphing tool that models Azure environments by combining Microsoft Graph identity data with Azure Resource Manager infrastructure data, mapping resources into Neo4j for deeper attack path and misconfiguration analysis.

This lab walks through Cirro's collection, ingestion, and analysis workflow. Attendees will enumerate and assess an Azure tenant, run Cypher queries, and use custom dashboards to interpret graph data. Prerequisites: Docker/Podman Compose, Azure CLI, a web browser, and a SQLite3 browser. Fundamental knowledge of Cypher is recommended but not required.

Homepage gallery bg 3

Dan Petro, Principal Security Engineer, joins the Village to talk about a community he's deeply embedded in: competitive Super Smash Bros. Melee. Super Smash Bros. Melee for the Nintendo GameCube is one of the oldest active fighting game communities, with a storied 25-year history. Would you believe that people try to cheat at it? Dan is the maintainer of the SLP Enforcer tool and helps with cheating investigations for the Melee community. 

In this talk, Dan'll share stories of people trying to cheat and getting caught, and along the way, break down the different ways someone could try to cheat at Melee and how detection tools actually work.

Homepage gallery bg 1

Aug ? at ? p.m.

Billy Giles, Managing Senior Consultant, will present an honest look at what red teaming actually involves, and how to start building a real path into the field. If you spend enough time online, you might think red teaming is all zero-days, custom malware, and elite operators silently dismantling networks while dramatic music plays in the background. The reality is very different: modern red team operations are less about "cool hacks" and more about planning, communication, and helping organizations improve their defenses. In many cases, the most important skills have nothing to do with hacking at all. 

This talk is designed for newcomers interested in offensive security who want an honest look at what red teamers do, how engagements are planned, what skills matter most, and how to build a realistic path into the field. Billy will break down the differences between penetration testing and red and purple teaming, discuss common misconceptions about offensive security careers, and walk through a real-world red team engagement from planning through debrief.

Homepage gallery bg 2

Sarah Muriel, Attack Surface Analyst, Cosmos, will take the stage to challenge a persistent myth: that VIPs and executives have better digital hygiene than the rest of us, and that their sensitive information isn't sitting in plain sight online. It is, and Sarah will show exactly how she finds it. How long does it actually take to find sensitive information on the executives of a major company? Not as long as you'd think. Despite the assumption that VIPs are scrubbed from people search sites and have left no dubious digital trail, that's rarely the case in practice. 

In this talk, Sarah will walk through her approach to running a vulnerability assessment on the C-suite of a multinational corporation, from the unglamorous fundamentals of note-taking and report writing to the genuinely fun part: the strange sources and unexpected findings along the way.

Homepage gallery bg 1

Panel: Is Red Teaming Dead?

Billy Giles, Managing Senior Consultant, joins moderator Ben Sadeghipour (@NahamSec) along with Ads Dawson (@0xmoose) and Ryan Montgomery (@0day) for a candid panel debate. AI is reshaping how offensive security work gets done, and red teaming is no exception. This panel brings together practitioners for a candid debate on whether AI-driven tooling and models are poised to take over red teaming, or whether the discipline's value is fundamentally human. Expect a range of perspectives on where automation helps, where it falls short, and what the future of the craft looks like.

Workshop: Design Red Team Exercises That Matter

Billy Giles, Managing Senior Consultant, will lead a drop-in workshop on designing more meaningful red team exercises. You got domain admin. No alerts fired. The red team "won." But did the exercise actually test anything that matters? Red team engagements are often judged on familiar markers like full compromise, stealth, or novel technique, outcomes that showcase operator skill but frequently fail to answer the question the engagement was meant to address.

This session challenges that pattern, pushing back on the tendency to optimize for technical achievement instead of meaningful outcomes. Through a short presentation and an interactive, drop-in workshop, participants will learn how to design red team exercises around clear defensive questions, building out real-world engagement components like objectives, starting conditions, technique selection, and success metrics. The workshop is modular, so attendees can join at any point and engage at their own pace. Whether you spend five minutes or the full session, you'll leave with a practical framework for planning red team operations that deliver actionable insight, and a clearer sense of what red teaming is supposed to accomplish in the first place.

AI VILLAGE

AI/Deepfake Live Demos Showcase

CLOUD VILLAGE

Weaponize CloudFormation & Extend Azure Graph Beyond Identities

GAME HACKING VILLAGE

Catching Cheaters in Super Smash Bros Melee

NOOB VILLAGE

The Reality Behind the Role of a Red Teamer

OSINT for Good Community Stage

How to Profile an Entire C-Suite in 10 Days

RED TEAM VILLAGE

Is Red Teaming Dead? Design Red Team Exercises That Matter

Catch up with the team

BISHOP FOX EVENTS

Event Co-sponsored by Binarly and Bishop Fox.

Invite only event hosted by Binarly & Bishop Fox

📅 Wednesday, August 5
⏰ 12:30 PM – 4:30 PM 

Step away from the chaos of Black Hat and join us for an afternoon of mini golf, games, food, drinks, and good conversation. Whether you're looking to recharge between sessions, grab a bite, charge your devices, or connect with fellow industry professionals, we've got you covered. To request an invite please email us at [email protected] or RSVP below.

Red Tail logo indicating the location of the upcoming Bishop Fox community event with views of the venue.

Bishop Fox Community Event @ RedTail

📅 Friday, August 7

⏰ 5:00 PM – 7:00 PM

Spots are limited. RSVP now.

Bishop Fox is back at RedTail for our annual community meetup, our third year hosting inside Red Tail!
Come hang out, geek out, and catch up with your industry friends while enjoying arcade games, a live DJ, great food, drinks, and karaoke.


Bishop Fox is at booth 5200 at Black Hat in the AI Zone.

Meet with us at Black Hat - Booth 5200

📅 Tuesday 4PM to Thursday

Stop by booth 5200. We'll show you what AI-powered security actually looks like under real attack conditions — live demos, no slideware — and our team will be there to talk shop.

 .d8888b.   d888
d88P  Y88b d8888
888    888   888
888    888   888
888    888   888
888    888   888
Y88b  d88P   888
 "Y8888P"  8888888

Book Time with Bishop Fox

Get time with the people who actually break into networks for a living.

Sit down with our team to talk through:

  • Where your security program actually stands (not where the last audit said it did)
  • The gaps an attacker would find before your tools do
  • How to use AI without fooling yourself about what it can catch

Grab Time with Bishop Fox Experts

By submitting this form, you indicate that you have read and agree to the terms of our Privacy Policy.