Our new SANS research takes you inside the minds & methods of modern adversaries. Get the report ›

Episode 3 of the Tool Talk series focusing on Nuclei vulnerability scanning tool

WATCH IT ON DEMAND

Traditional scanners often lack the features to allow easy-to-write custom checks on top of their engine. To help solve this issue, Nuclei was developed by Project Discovery with a core focus on simplicity, modularity, and the ability to scan on many assets. The open-source vulnerability scanner is simple enough to be used by everyone, while complex enough to integrate into the modern web with its intricacies.

And here, at Bishop Fox, we love to take advantage of innovative, community-powered tools (even creating some ourselves via Labs) to offer automated solutions for our offensive security customers.

In our third edition of the Tool Talk series, we dive into Nuclei to discover:

  • The basics – what it is and how it works
  • How it overcomes the challenges of traditional scanners
  • Why it's a favorite tool of our consultants and Cosmos team
Sandeep Singh Project Discovery Headshot

About the speaker, Sandeep Singh

Co-Founder & CTO at ProjectDiscovery.io

Sandeep Singh is an application security enthusiast with nearly 10 years of experience. He actively participated in bug bounty programs that led him to secure Top 3 positions at HackerOne. Sandeep worked as a Security Analyst at HackerOne, where he triaged reports from web and mobile domains.

In 2019, Sandeep co-founded ProjectDiscovery.io and currently serves as the organizations' Chief Technology Officer. ProjectDiscovery is a cloud based reconnaissance and continuous monitoring platform that automates the entire process of recon and provides the data in an organized and managed manner.

More by Sandeep
Matt Thoresen

About the speaker, Matt Thoreson

Senior Security Consultant

Matt Thoreson (OSCP, CISSP) is a Senior Consultant at Bishop Fox and leads the External Penetration Testing service, He currently focuses on penetration testing external and internal networks. Matt also has extensive experience in red teaming, social engineering, and mobile application testing. He has advised Fortune 500 brands and startups in industries such as technology, healthcare, energy, finance, and retail.

More by Matt
David Bravo

About the speaker, David Bravo

Security Consultant

David Bravo is a Security Consultant at Bishop Fox who focuses on application and cloud security. He has worked with Fortune 500 firms and startups in various industries to assess and improve the security of their applications and cloud environments. David holds a Bachelor of Science in Computer Science from New York University.

More by David
Zach zeitlin

About the speaker, Zach Zeitlin

Senior Operator

Zachary Zeitlin is a Senior Operator with Bishop Fox’s Cosmos (formerly CAST) team. Prior to coming to Bishop Fox, he served as an operator in the US Department of Defense's most elite computer network exploitation (CNE) unit.

More by Zach
Joe sechman

About the speaker, Joe Sechman

AVP of R&D at Bishop Fox

Joe brings over 20 years of experience to his role as Associate Vice President of R&D where he is responsible for nurturing a culture of innovation across Bishop Fox. Over his career, Joe has amassed many security certifications, delivered several presentations, and has co-authored multiple industry publications with groups such as ISC2, ISACA, ASIS, HP, and IEEE.

Additionally, Joe is a prolific inventor with nine granted patents in the fields of dynamic and runtime application security testing, attack surface enumeration, and coverage (U.S. Patents 10,699,017, 10,515,219, 10,516,692, 10,515,220, 10,423,793, 9,846,781, 10,650,148, 10,587,641, and 11,057,395). Prior to joining Bishop Fox, Joe held leadership positions with companies such as Cobalt Labs, HP Fortify, Royal Philips, and Sunera LLC (now Focal Point Data Risk). Earlier in his career, Joe served as the lead penetration tester within SPI Labs at SPI Dynamics where he cut his teeth alongside some of the best and brightest application security industry professionals. Joe received his Bachelor of Business Administration degree in Management Information Systems from the Terry College of Business - University of Georgia.
More by Joe

Related Events

Extend your knowledge with these related events and webcasts.

Bishop Fox Tool Talk Eyeballer episode 1, now on demand - Spend less time hunting and more time hacking.
Webcast

Tool Talks: Eyeballer Episode
Tool Talk episode two on fuzz testing in software development
Webcast

Tool Talks: Fuzzing Edition
Log4j Fireside Chat with security expert advice on today's biggest security threat, Zero-day CVE 2021-44228
Webcast

Log4j Vulnerability: A Fireside Chat

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.