Workshops & Training

We have seen many ICS attacks both in the news and in several talks at security conferences. They show how ICS protocols are insecure by default and how we can mess with control components so easily. However, from a consulting point of view, are we really asking our ICS clients to let us mess with their critical infrastructure just to show what we already know?

Tom Eston, AVP of Consulting at Bishop Fox, shares his best advice for becoming a successful manager and leader in the security industry.

Presented at Black Hat 2020, this presentation looks at the most pragmatic ways to continuously analyze your AWS environments and operationalize that information to answer vital security questions. Demonstrations include integration between IAM Access Analyzer, Tiros Reachability API, and Bishop Fox CAST Cloud Connectors, along with a new open source tool SmogCloud to find continuously changing AWS internet-facing services.

Black Hat USA 2020 presentation looks at pragmatic ways to answer vital security questions in your AWS environment.

In this video, Dan Petro demonstrates how the Bishop Fox open source tool Dufflebag works.

In the talk: Demystifying CTFs, Barrett Darnell will provide an overview of CTF formats, the skills they require and the experience they develop, and conclude with a plethora of CTF resources for those wanting to participate.

If you’re a hacker who has always been too afraid of RF protocols to try getting into SDRs, or you have a HackRF collecting dust in your closet, this talk will show you the ropes.

Telerik UI for ASP.NET AJAX is a widely used suite of UI components for web applications.

DerpCon 2020 presentation reviews how .NET deserialization works and how to get shells on real applications.

DerpCon 2020 presentation explores how to find, capture, and reverse-engineer RF signals.

DerpCon 2020 presentation on CTF formats, the skills they require, and the experience they develop.

Presentation from BSides Atlanta 2020 explores the unprecedented level of exposures in the Cloud and how they can be found.

Presentation from BSides Tampa 2020 explores the vulnerabilities of machine learning systems and how to mitigate them.

Presentation from BSides San Francisco 2020 offers practical advice for security writers.

Existing Zigbee hacking solutions have fallen into disrepair, having barely been maintained, let alone improved upon. Left without a practical way to evaluate the security of Zigbee networks, we've created ZigDiggity, a new open-source pentest arsenal from Bishop Fox.

In this talk, Ben Morris shows how he found all sorts of secrets and associated data—passwords, SSH private keys, TLS certificates, application source code, API keys, and anything else that might be stored on a server hard disk.

Presentation from Black Hat USA 2019 reveals an open-source pentest arsenal for Zigbee networks.

Presentation from Kapersky SAS 2019 on an unfortunate side effect to achieving HTTPS everywhere and learn what can be done to mitigate the risk.

Presentation from BSides Las Vegas 2019 demonstrates the successful exploitation of transit system mobile apps.

Presentation from Sqr00t 2019 explores the ins and outs of domain abuse, and how to prevent it.

Presentation from BSides Columbus 2019 discusses common privilege escalation paths on Linux systems.

Presentation from Day of Shecurity 2019 familiarizes you with the necessary tools to continue your ethical hacking journey.

Presentation from Day of Shecurity 2019 explores privilege escalation methods in Linux.