Tune into our first episode of Tool Talk: a how-to series for hackers. REGISTER ›

Bishopfox labs logo

Bishop Fox Labs

Innovative Research. Real-World Impact.

Our Labs team is dedicated to finding creative solutions to difficult security problems and then sharing that information freely.


We believe the only way to advance the state of security is to collaborate with the broader community, and we do our best to contribute tools, research, and knowledge that can improve the security and privacy of data and systems. We hope our work has real impact on real lives. It's what inspires us every day.

Explore Tools Check Out Advisories

Driven by Mission & Vision

We're committed to innovation — and to openly sharing information.

We've invested in research from the very beginning because we believe everyone deserves to be secure online. This mission drives us to do better every day, to never stop learning, and to always be innovating. We use every tool in the box, and when we need something better, we build a new tool... and then add it to the toolbox so everyone benefits.

Our dedicated R&D team works with experts across our consulting and engineering organizations to develop new research, create novel security tools, and publish technical articles. In fact, we are proud to be the innovators and authors behind some of the most popular tools and most important findings in the offensive security space.

Add to Your Toolkit

Popular Tools from the Lab

IAM VULNERABLE

Identify IAM Misconfigurations with IAM Vulnerable

IAM Vulnerable uses the Terraform binary and your AWS credentials to deploy over 250 IAM resources into your selected AWS account. Within minutes, you can start learning how to identify and exploit vulnerable IAM configurations that allow for privilege escalation.

Learn More

Sliver

Emulate Threats and Demonstrate the Risk of a Breach

Sliver is an open source cross-platform adversary emulation/red team framework that can be used by organizations of all sizes to perform security testing. Sliver's implants support C2 over Mutual TLS (mTLS), WireGuard, HTTP(S), and DNS.

Get Sliver

GitGot

Search Through Troves of Public Data on GitHub for Sensitive Secrets

GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets.

Get GitGot

Inside Bishop Fox Labs

Meet Our Labs Lead & AVP of R&D

featured-fox

Joe Sechman

AVP of R&D at Bishop Fox

Joe brings over 20 years of experience to his role as Associate Vice President of R&D where he is responsible for nurturing a culture of innovation across Bishop Fox. Over his career, Joe has amassed many security certifications, delivered several presentations, and has co-authored multiple industry publications with groups such as ISC2, ISACA, ASIS, HP, and IEEE.

Additionally, Joe is a prolific inventor with nine granted patents in the fields of dynamic and runtime application security testing, attack surface enumeration, and coverage (U.S. Patents 10,699,017, 10,515,219, 10,516,692, 10,515,220, 10,423,793, 9,846,781, 10,650,148, 10,587,641, and 11,057,395). Prior to joining Bishop Fox, Joe held leadership positions with companies such as Cobalt Labs, HP Fortify, Royal Philips, and Sunera LLC (now Focal Point Data Risk). Earlier in his career, Joe served as the lead penetration tester within SPI Labs at SPI Dynamics where he cut his teeth alongside some of the best and brightest application security industry professionals. Joe received his Bachelor of Business Administration degree in Management Information Systems from the Terry College of Business - University of Georgia.

Interesting Reads

Recent Research from the Skulk

030821 FI Blog Post Youre Doing IOTRNG NEW
Tech

Aug 05, 2021

You're Doing IoT RNG

By Dan Petro Allan Cecil

High Risk Advisory
Advisory

Aug 13, 2021

Wodify

By Dardan Prebreza

IAM Vulnerable White
Tech

Sep 09, 2021

IAM Vulnerable - An AWS IAM Privilege Escalation Playground

By Seth Art

JSON Interoperability Vulnerabilities
Tech

Feb 25, 2021

An Exploration of JSON Interoperability Vulnerabilities

By Jake Miller

High Risk Advisory
Advisory

Jun 02, 2021

Froala Editor, Version 3.2.6 Advisory

By Chris Davis

Medium Risk Advisory Featured
Advisory

Aug 17, 2021

eCatcher Desktop, Version 6.6.4 Advisory

By Priyank Nigam

Inside Bishop Fox Labs

Meet Our Lead Researcher

featured-fox

Dan Petro

Lead Researcher at Bishop Fox

Dan Petro is a Lead Researcher at Bishop Fox and focuses on application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. Dan has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. He has developed several open-source tools including Untwister, which breaks pseudorandom number generators. Additionally, Dan has been quoted in Wired, The Guardian, Business Insider, and Mashable. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.

Featured Contributors

We are lucky to have many Foxes who contribute to our research, tools, and advisories — here are just a few.

Rob Ragan Headshot

Rob Ragan

Principal Researcher

Carl Livitt Headshot

Carl Livitt

Principal Researcher

Seth Art Headshot

Seth Art

Senior Security Consultant

Tom Eston Headshot

Tom Eston

AVP of Consulting

Francis Brown Headshot

Francis Brown

Co-founder & Board Member

Gerben Kleijn Headshot

Gerben Kleijn

Senior Security Consultant

Caleb Gross Headshot

Caleb Gross

Senior Security Engineer

Zach Julian Headshot

Zach Julian

Senior Security Consultant

Joe DeMesy Headshot

Joe DeMesy

Principal

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.