GigaOm Radar for Attack Surface Management: Bishop Fox Named "Leader" and "Fast Mover". Read the report to learn why ›
Our Labs team is dedicated to finding creative solutions to difficult security problems and then sharing that information freely.
We believe the only way to advance the state of security is to collaborate with the broader community, and we do our best to contribute tools, research, and knowledge that can improve the security and privacy of data and systems. We hope our work has real impact on real lives. It's what inspires us every day.
We've invested in research from the very beginning because we believe everyone deserves to be secure online. This mission drives us to do better every day, to never stop learning, and to always be innovating. We use every tool in the box, and when we need something better, we build a new tool... and then add it to the toolbox so everyone benefits.
Our dedicated R&D team works with experts across our consulting and engineering organizations to develop new research, create novel security tools, and publish technical articles. In fact, we are proud to be the innovators and authors behind some of the most popular tools and most important findings in the offensive security space.
asminject.py is a code injection tool that compromises Linux-trusted processes and containers.
CloudFox is a command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. It currently supports AWS.
Unredacter focuses on pixelation – and will show you why it’s a no-good, bad, insecure, surefire way to get your sensitive data leaked. The tool takes redacted, pixelized text and reverses it back into its unredacted form.
AVP of R&D at Bishop Fox
|Joe brings over 20 years of experience to his role as Associate Vice President of R&D where he is responsible for nurturing a culture of innovation across Bishop Fox. Over his career, Joe has amassed many security certifications, delivered several presentations, and has co-authored multiple industry publications with groups such as ISC2, ISACA, ASIS, HP, and IEEE.
Additionally, Joe is a prolific inventor with nine granted patents in the fields of dynamic and runtime application security testing, attack surface enumeration, and coverage (U.S. Patents 10,699,017, 10,515,219, 10,516,692, 10,515,220, 10,423,793, 9,846,781, 10,650,148, 10,587,641, and 11,057,395). Prior to joining Bishop Fox, Joe held leadership positions with companies such as Cobalt Labs, HP Fortify, Royal Philips, and Sunera LLC (now Focal Point Data Risk). Earlier in his career, Joe served as the lead penetration tester within SPI Labs at SPI Dynamics where he cut his teeth alongside some of the best and brightest application security industry professionals. Joe received his Bachelor of Business Administration degree in Management Information Systems from the Terry College of Business - University of Georgia.
asminject.py: Compromise Trusted Linux Processes and Containers
Nov 21, 2022
Log HTTP Requests, Version 1.3.1, Advisory
By Etan Castro Aldrete
Oct 24, 2022
Atlassian Jira Align, Version 10.107.4 Advisory
By Jake Shafer
Sep 22, 2022
(In)Secure by Design
By Chris Bush, Shanni Prutchi
Sep 13, 2022
By Seth Art, Carlos Vendramini
Sep 08, 2022
Solving the Unredacter Challenge
By Shawn Asmus
Lead Researcher at Bishop Fox
|Dan Petro is a Lead Researcher at Bishop Fox and focuses on application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. Dan has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. He has developed several open-source tools including Untwister, which breaks pseudorandom number generators. Additionally, Dan has been quoted in Wired, The Guardian, Business Insider, and Mashable. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.|
Senior Security Consultant