GigaOm Radar for Attack Surface Management: Bishop Fox Named "Leader" and "Fast Mover". Read the report to learn why

Bishop Fox Labs

Innovative Research. Real-World Impact.

Our Labs team is dedicated to finding creative solutions to difficult security problems and then sharing that information freely. 

We believe the only way to advance the state of security is to collaborate with the broader community, and we do our best to contribute tools, research, and knowledge that can improve the security and privacy of data and systems. We hope our work has real impact on real lives. It's what inspires us every day.

Bishopfox labs logo

Driven by Mission & Vision

We're committed to innovation — and to openly sharing information.

We've invested in research from the very beginning because we believe everyone deserves to be secure online. This mission drives us to do better every day, to never stop learning, and to always be innovating. We use every tool in the box, and when we need something better, we build a new tool... and then add it to the toolbox so everyone benefits.

Our dedicated R&D team works with experts across our consulting and engineering organizations to develop new research, create novel security tools, and publish technical articles. In fact, we are proud to be the innovators and authors behind some of the most popular tools and most important findings in the offensive security space.

Add to Your Toolkit

Popular Tools from the Lab

asminject.py

Compromise Linux-trusted processes to capture sensitive data.

asminject.py is a code injection tool that compromises Linux-trusted processes and containers.

CLOUDFOX

Find exploitable attack paths in cloud infrastructure.

CloudFox is a command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. It currently supports AWS.

Unredacter

How to Unredact Pixelized Text

Unredacter focuses on pixelation – and will show you why it’s a no-good, bad, insecure, surefire way to get your sensitive data leaked. The tool takes redacted, pixelized text and reverses it back into its unredacted form.

Inside Bishop Fox Labs

Meet Our Labs Lead & AVP of R&D

featured-fox

Joe Sechman

AVP of R&D at Bishop Fox

Joe brings over 20 years of experience to his role as Associate Vice President of R&D where he is responsible for nurturing a culture of innovation across Bishop Fox. Over his career, Joe has amassed many security certifications, delivered several presentations, and has co-authored multiple industry publications with groups such as ISC2, ISACA, ASIS, HP, and IEEE.

Additionally, Joe is a prolific inventor with nine granted patents in the fields of dynamic and runtime application security testing, attack surface enumeration, and coverage (U.S. Patents 10,699,017, 10,515,219, 10,516,692, 10,515,220, 10,423,793, 9,846,781, 10,650,148, 10,587,641, and 11,057,395). Prior to joining Bishop Fox, Joe held leadership positions with companies such as Cobalt Labs, HP Fortify, Royal Philips, and Sunera LLC (now Focal Point Data Risk). Earlier in his career, Joe served as the lead penetration tester within SPI Labs at SPI Dynamics where he cut his teeth alongside some of the best and brightest application security industry professionals. Joe received his Bachelor of Business Administration degree in Management Information Systems from the Terry College of Business - University of Georgia.

Inside Bishop Fox Labs

Meet Our Lead Researcher

featured-fox

Dan Petro

Lead Researcher at Bishop Fox

Dan Petro is a Lead Researcher at Bishop Fox and focuses on application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. Dan has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. He has developed several open-source tools including Untwister, which breaks pseudorandom number generators. Additionally, Dan has been quoted in Wired, The Guardian, Business Insider, and Mashable. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.

Featured Contributors

We are lucky to have many Foxes who contribute to our research, tools, and advisories — here are just a few.

Rob Ragan Headshot

Rob Ragan

Principal Researcher

Carl Livitt Headshot

Carl Livitt

Principal Researcher

Seth Art Headshot

Seth Art

Senior Security Consultant

Tom Eston Headshot

Tom Eston

AVP of Consulting

Francis Brown Headshot

Francis Brown

Co-founder & Board Member

Gerben Kleijn Headshot

Gerben Kleijn

Senior Security Consultant

Caleb Gross Headshot

Caleb Gross

Senior Security Engineer

Zach Julian Headshot

Zach Julian

Senior Security Consultant

Joe DeMesy Headshot

Joe DeMesy

Principal

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.