Featured Workshops & Training
Sliver Workshop Part 2: Staging & Automation
In our second workshop, we’ll explore Sliver’s new implant staging process and demonstrate basic CLI automation features. We’ll also walk through Sliver’s supported pivot types for lateral movement, including TCP, and wrap up by exploring automation options using the SliverPy project.
Sliver Workshop Part 1: Getting Started & 1.6 Features
Watch an interactive workshop led by Bishop Fox Senior Security Consultant, Tim Ghatas, as we dive into Sliver, the open-source C2 framework making waves in Red Team ops.
Patch Perfect: Harmonizing with LLMs to Find Security Vulns
This talk led by Bishop Fox researchers Caleb Gross & Josh Shomo cuts through the hype and offers a practical perspective that’s grounded in real-world analysis of critical bugs in widely used products.
Where there’s smoke…: How a Traeger vulnerability could have put grilling season at risk
Bishop Fox Security Consultant, Nisk Cerne discovered and worked with Traeger Grills to disclose a vulnerability in the company’s embedded Wi-Fi Controller that allows users to connect to and control their grills remotely.
Come WiFind Me: WiFi & Other RF Surveillance
Join Alissa Gilbert (dnsprincess) as she dispels myths around RF tracking, negates some fears, and gives completely new ones in its place.
Sliver Mastery: Dominating Active Directory Through Advanced Trust Exploitation
Senior security expert Jon Guild demonstrates how to use the Sliver C2 framework to develop advanced offensive security skills. Arm yourself with the knowledge and skills of enumeration, lateral movement, and escalation techniques from first-hand experience in a vulnerable lab environment.
CloudFoxable: A Practical Demo of AWS Cloud Security Misconfiguration Attacks
Watch the CloudFoxable demo to see a gamified cloud hacking sandbox where users can find latent attack paths in an intentionally vulnerable AWS environment.
Subscribe to our blog and advisories
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.
Swagger Jacker: Improved Auditing of OpenAPI Definition Files
Discover the power of Swagger Jacker, an open-source audit tool designed to improve inspection of unintentionally exposed OpenAPI definition files for penetration testers.
Ace the OSEP Exam with Sliver Framework
Unlock the secrets of passing the OSEP exam with our senior security expert, Jon Guild. Join us as Jon shares his invaluable tips and tricks for conquering this benchmark exam designed for penetration testers.
Powering Up Burp Suite: Building Custom Extensions for Advanced Web Application Testing
Learn how to power up web application security testing with tips on creating customized extensions featuring BurpCage, an extension that replaces any image proxied through Burp Suite leveraging the Montoya API.
How Attackers Slip Past EDR: A Live Look at LoLBins in Action
Watch the second episode of our What the Vuln livestream series as we explore how to bypass endpoint detection and response (EDR) with native Windows binaries to gain advanced post-exploitation control.
CVE Spotlight: Breaking Down Zimbra’s RCE Vulnerabilities
Watch the inaugural episode of our What the Vuln livestream series as we examine Zimbra Zip Path Traversal vulnerabilities, CVE-2022-27925 and CVE-2022-37042.
Spoofy in Action: Advancing Domain Spoofing Detection
Learn how to efficiently identify subdomain takeover vulnerabilities using Spoofy, an open-source tool that automates the assessment process and helps protect your organization from potential subdomain spoofing attacks.