Featured Workshops & Training
Workshop: Sliver - Getting Started & 1.6 Features
Watch an interactive workshop led by Bishop Fox Senior Security Consultant, Tim Ghatas, as we dive into Sliver, the open-source C2 framework making waves in Red Team ops.
Patch Perfect: Harmonizing with LLMs to Find Security Vulns
This talk led by Bishop Fox researchers Caleb Gross & Josh Shomo cuts through the hype and offers a practical perspective that’s grounded in real-world analysis of critical bugs in widely used products.
Where there’s smoke…: How a Traeger vulnerability could have put grilling season at risk
Bishop Fox Security Consultant, Nisk Cerne discovered and worked with Traeger Grills to disclose a vulnerability in the company’s embedded Wi-Fi Controller that allows users to connect to and control their grills remotely.
Come WiFind Me: WiFi & Other RF Surveillance
Join Alissa Gilbert (dnsprincess) as she dispels myths around RF tracking, negates some fears, and gives completely new ones in its place.
Sliver Mastery: Dominating Active Directory Through Advanced Trust Exploitation
Senior security expert Jon Guild demonstrates how to use the Sliver C2 framework to develop advanced offensive security skills. Arm yourself with the knowledge and skills of enumeration, lateral movement, and escalation techniques from first-hand experience in a vulnerable lab environment.
CloudFoxable: A Practical Demo of AWS Cloud Security Misconfiguration Attacks
Watch the CloudFoxable demo to see a gamified cloud hacking sandbox where users can find latent attack paths in an intentionally vulnerable AWS environment.
Ace the OSEP Exam with Sliver Framework
Unlock the secrets of passing the OSEP exam with our senior security expert, Jon Guild. Join us as Jon shares his invaluable tips and tricks for conquering this benchmark exam designed for penetration testers.
Subscribe to our blog and advisories
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.
How Attackers Slip Past EDR: A Live Look at LoLBins in Action
Watch the second episode of our What the Vuln livestream series as we explore how to bypass endpoint detection and response (EDR) with native Windows binaries to gain advanced post-exploitation control.
CVE Spotlight: Breaking Down Zimbra’s RCE Vulnerabilities
Watch the inaugural episode of our What the Vuln livestream series as we examine Zimbra Zip Path Traversal vulnerabilities, CVE-2022-27925 and CVE-2022-37042.
Spoofy in Action: Advancing Domain Spoofing Detection
Learn how to efficiently identify subdomain takeover vulnerabilities using Spoofy, an open-source tool that automates the assessment process and helps protect your organization from potential subdomain spoofing attacks.
Process Injection on Linux: A Deep Dive into asminject.py
Watch as we explore Bishop Fox’s very own asminject.py, a code injection tool that tampers with trusted Linux processes to capture sensitive data and change program behavior.
CloudFox in Action: Mapping Exploitable Paths in AWS
Watch as we explore Bishop Fox’s very own CloudFox, a command line tool that helps offensive security practitioners navigate unfamiliar cloud environments and find exploitable attack paths in cloud infrastructure. Tune in to our livestream for a demo of CloudFox!
The Mind Behind Nuclei, Demo with Sandeep Singh
Join co-founder of ProjectDiscovery, Sandeep Singh, for a demo of the new Nuclei tool.