Featured Workshops & Training
Sliver Workshop Part 2: Staging & Automation
In our second workshop, we’ll explore Sliver’s new implant staging process and demonstrate basic CLI automation features. We’ll also walk through Sliver’s supported pivot types for lateral movement, including TCP, and wrap up by exploring automation options using the SliverPy project.
Process Injection on Linux: A Deep Dive into asminject.py
Watch as we explore Bishop Fox’s very own asminject.py, a code injection tool that tampers with trusted Linux processes to capture sensitive data and change program behavior.
CloudFox in Action: Mapping Exploitable Paths in AWS
Watch as we explore Bishop Fox’s very own CloudFox, a command line tool that helps offensive security practitioners navigate unfamiliar cloud environments and find exploitable attack paths in cloud infrastructure. Tune in to our livestream for a demo of CloudFox!
The Mind Behind Nuclei, Demo with Sandeep Singh
Join co-founder of ProjectDiscovery, Sandeep Singh, for a demo of the new Nuclei tool.
Fuzzing: Get the buzz on fuzz testing in software development
This slide deck includes:
- Fuzzing Basics
- How Fuzzing Works
- Popular Fuzzing Tools
Unredacter Challenge: John L.'s Solution
Challenge Accepted! We asked the security community to take Unredacter to the next level by decoding our secret blurred message. Watch as John L. showcases his solution.
Unredacter Challenge: Shawn A.'s Solution
Challenge Accepted! We asked the security community to take Unredacter to the next level by decoding our secret blurred message. Watch as Shawn A. showcases his solution.
Unredacter Challenge: Alejandro's Solution
Challenge Accepted! We asked the security community to take Unredacter to the next level by decoding our secret blurred message. Watch as Alejandro showcases his solution.
Managing Application Security Risk with Threat Modeling
13th B-Sides Las Vegas - ICS Security Assessments 101 or How da Fox I Test Dis?
We have seen many ICS attacks both in the news and in several talks at security conferences. They show how ICS protocols are insecure by default and how we can mess with control components so easily. However, from a consulting point of view, are we really asking our ICS clients to let us mess with their critical infrastructure just to show what we already know?
13th BSides Las Vegas - Management Hacking 101
Tom Eston, AVP of Consulting at Bishop Fox, shares his best advice for becoming a successful manager and leader in the security industry.
SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns
Presented at Black Hat 2020, this presentation looks at the most pragmatic ways to continuously analyze your AWS environments and operationalize that information to answer vital security questions. Demonstrations include integration between IAM Access Analyzer, Tiros Reachability API, and Bishop Fox CAST Cloud Connectors, along with a new open source tool SmogCloud to find continuously changing AWS internet-facing services.
SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns
Black Hat USA 2020 presentation looks at pragmatic ways to answer vital security questions in your AWS environment.