Executive brief on how PCI DSS 4.0 affects offensive security practices, penetration testing, and segmentation testing. Watch Now

Offensive Security Arsenal: Building and Mastering Custom Security Tools

In this session, learn from Bishop Fox experts who are at the cutting-edge of developing tools, technologies, and methodologies which they use to uncover vulnerabilities and offer guidance to some of the most elite organizations worldwide.

Summary: 

Dive deep into the world of custom security tool development and optimization with insights from leading offensive security experts at DEFCON 31. Learn how professional security teams develop, modify, and chain tools together to enhance their testing capabilities. This session explores the methodology behind creating effective security tools, sharing practical examples and real-world applications that help security professionals streamline their workflows and improve testing outcomes.

Key Takeaways:

  • Best practices for security tool development
  • Techniques for customizing existing tools
  • Strategies for tool integration and automation
  • Methods for improving testing efficiency
  • Framework selection and optimization
  • Common pitfalls and how to avoid them
  • Tips for maintaining and scaling your toolkit
  • Approaches to testing and validating custom tools

Who Should Watch: 

  • Security Tool Developers
  • Penetration Testers
  • Security Engineers
  • Red Team Operators
  • Bug Bounty Hunters
  • Security Researchers
  • Automation Engineers
  • DevSecOps Professionals

Ideal for both tool creators looking to enhance their development skills and security practitioners seeking to build more efficient testing workflows through better tool mastery and integration.

Dan Petro Headshot

About the speaker, Dan Petro

Senior Security Engineer

As a senior security engineer for the Bishop Fox Capability Development team, Dan builds hacker tools, focusing on attack surface discovery. Dan has extensive experience with application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. He has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.

More by Dan
David Vargas

About the speaker, David Vargas

Senior Security Consultant I

David Vargas is a Senior Security Consultant I on Bishop Fox's Red Team, with extensive experience in social engineering and physical penetration testing. David is an active security researcher with multiple CVEs in publicly accessible web applications.

More by David
Leron Gray Headshot BF

About the speaker, Leron Gray

Senior Security Consultant

Leron Gray is a senior security consultant on Bishop Fox's Red Team. With nine years of offensive security experience, he previously served on the Azure Red Team at Microsoft, as a penetration tester, and as a Cryptologic Technician (Networks) for the U.S. Navy.

Leron holds a Masters in Cyber Defense from Dakota State University and is a PhD candidate for Cyber Operations. He has a graduate certification in penetration testing and ethical hacking from SANS Technology Institute.

More by Leron
Josh Shomo

About the speaker, Josh Shomo

Former Fox

Josh Shomo previously lead vulnerability research within the Bishop Fox Capability Development team. His passion lies at the intersection of vulnerability research and vulnerability intelligence. Josh leverages vulnerability intelligence to prioritize his research efforts and conducts in-depth technical investigations to identify vulnerable technologies more effectively. Prior to joining Bishop Fox, Josh experienced rapid growth in the NSA’s CNODP program, where he gained invaluable training and expertise. In addition to his work, Josh actively volunteers at security conferences in the Washington D.C. area, including BSides Washington D.C., BSides Charm, and MACCDC. Josh has also volunteered at Bsides London.

More by Josh

Extend Your Knowledge

Check out these related resources.

The Art of Hacking neon logo on dark background.
Virtual Session

Hacker Evolution: From Technical Mastery to Visionary Leadership

Join us Friday, August 11, 2023 for a livestream from DEF CON 31 to hear seasoned hackers and cybersecurity experts uncover the intricacies of ethical hacking and how the hacker spirit can be harnessed to push the boundaries of technology.

Learn More
Tom Hudson, Senior Security Consultant at Bishop Fox, featured in 'The Art of Hacking' cybersecurity video series.
Virtual Session

Building Better Security Tools: Inside the Mind of an Open-Source Innovator

In this session, we talk with Tom Hudson who is a Senior Security Engineer at Bishop Fox, where he is part of the Capability Development team for Cosmos.

Learn More
Chloé Messdaghi, Head of Threat Research at Protect AI, featured in Bishop Fox's 'The Art of Hacking' cybersecurity video series.
Virtual Session

The Human Side of Security: Creating Impact Through Leadership & Advocacy

In this session, hear from Chloé Messdaghi, an accomplished security executive with a proven track record of advising and developing solutions.

Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.