Join us for a live webcast with industry experts to learn how newly proposed cybersecurity regulations will impact you. Register Now

Bishop Fox Labs

Innovative Research. Real-World Impact.

Our Labs team is dedicated to finding creative solutions to difficult security problems and then sharing that information freely. 

We believe the only way to advance the state of security is to collaborate with the broader community, and we do our best to contribute tools, research, and knowledge that can improve the security and privacy of data and systems. We hope our work has real impact on real lives. It's what inspires us every day.

Explore Tools Check Out Advisories
Bishopfox labs logo
Montage of research and development at Bishop Fox

Driven by Mission & Vision

We're committed to innovation — and to openly sharing information.

We've invested in research from the very beginning because we believe everyone deserves to be secure online. This mission drives us to do better every day, to never stop learning, and to always be innovating. We use every tool in the box, and when we need something better, we build a new tool... and then add it to the toolbox so everyone benefits.

Our dedicated R&D team works with experts across our consulting and engineering organizations to develop new research, create novel security tools, and publish technical articles. In fact, we are proud to be the innovators and authors behind some of the most popular tools and most important findings in the offensive security space.

Add to Your Toolkit

Popular Tools from the Lab

asminject.py

Compromise Linux-trusted processes to capture sensitive data.

asminject.py is a code injection tool that compromises Linux-trusted processes and containers.

Get asminject.py

CLOUDFOX

Find exploitable attack paths in cloud infrastructure.

CloudFox is a command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. It currently supports AWS.

Get CloudFox

Unredacter

How to Unredact Pixelized Text

Unredacter focuses on pixelation – and will show you why it’s a no-good, bad, insecure, surefire way to get your sensitive data leaked. The tool takes redacted, pixelized text and reverses it back into its unredacted form.

Get Unredacter

Interesting Reads

Recent Research from the Skulk

Preview cover page of the asminject.py technical guide highlighting the capabilities of it, a Linux code injection security tool.
Guide

asminject.py: Compromise Trusted Linux Processes and Containers

This step-by-step technical guide highlights the capabilities of asminject.py, a code injection tool used to compromise Linux processes and containers.
Gauge with medium severity reading for FlowscreenComponents Basepack, Version 3.0.7 Advisory. Mautic Version <=3.2.2 Advisory. eCatcher Desktop, Version 6.6.4 Advisory.
Advisory

Nov 21, 2022

Log HTTP Requests, Version 1.3.1, Advisory

By Etan Castro Aldrete

Gauge showing high severity reading. CATIE Web - Version 20.04.0.
Advisory

Oct 24, 2022

Atlassian Jira Align, Version 10.107.4 Advisory

By Jake Shafer

Dark purple background with text Application Security Anti-Patterns (In)secure by Design
Tech

Sep 22, 2022

(In)Secure by Design

By Chris Bush, Shanni Prutchi

Dark purple background with CloudFox text. Fox face wearing old fashioned aviator helmet.
Tech

Sep 13, 2022

Introducing: CloudFox

By Seth Art, Carlos Vendramini

How one winner solved the Bishop Fox Unredacter Challenge
Tech

Sep 08, 2022

Solving the Unredacter Challenge

By Shawn Asmus

Featured Contributors

We are lucky to have many Foxes who contribute to our research, tools, and advisories — here are just a few.

Tom Eston Headshot

Tom Eston

AVP of Consulting

Rob Ragan Headshot

Rob Ragan

Principal Researcher

Seth Art Headshot

Seth Art

Senior Security Consultant

Francis Brown Headshot

Francis Brown

Co-founder & Board Member

Gerben Kleijn Headshot

Gerben Kleijn

Senior Security Consultant

Caleb Gross Headshot

Caleb Gross

Senior Security Engineer

Zach Julian Headshot

Zach Julian

Senior Security Consultant

Joe DeMesy Headshot

Joe DeMesy

Principal

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.