Executive brief on how PCI DSS 4.0 affects offensive security practices, penetration testing, and segmentation testing. Watch Now

Featured Workshops & Training

Sliver Workshop Part 2: Staging & Automation

In our second workshop, we’ll explore Sliver’s new implant staging process and demonstrate basic CLI automation features. We’ll also walk through Sliver’s supported pivot types for lateral movement, including TCP, and wrap up by exploring automation options using the SliverPy project.

Bishop Fox Tool Talk Episode 8 asminject.py
Workshops & Training

Process Injection on Linux: A Deep Dive into asminject.py

Watch as we explore Bishop Fox’s very own asminject.py, a code injection tool that tampers with trusted Linux processes to capture sensitive data and change program behavior.

Bishop Fox Tool Talk episode 7 CloudFox to find exploitable attack paths in cloud infrastructure presented by three security consultants
Workshops & Training

CloudFox in Action: Mapping Exploitable Paths in AWS

Watch as we explore Bishop Fox’s very own CloudFox, a command line tool that helps offensive security practitioners navigate unfamiliar cloud environments and find exploitable attack paths in cloud infrastructure. Tune in to our livestream for a demo of CloudFox!

Sandeep Singh featured headshot for exclusive session on the Nuclei security tool demo.
Workshops & Training

The Mind Behind Nuclei, Demo with Sandeep Singh

Join co-founder of ProjectDiscovery, Sandeep Singh, for a demo of the new Nuclei tool.

Illustration of computer exporting data
Workshops & Training

Fuzzing: Get the buzz on fuzz testing in software development

This slide deck includes:

  • Fuzzing Basics
  • How Fuzzing Works
  • Popular Fuzzing Tools
Screenshot of video of Dan Petro interviewing John L about the Unredacter challenge
Workshops & Training

Unredacter Challenge: John L.'s Solution

Challenge Accepted! We asked the security community to take Unredacter to the next level by decoding our secret blurred message. Watch as John L. showcases his solution.

Screenshot of video of Dan Petro interviewing Shawn A about the Unredacter challenge
Workshops & Training

Unredacter Challenge: Shawn A.'s Solution

Challenge Accepted! We asked the security community to take Unredacter to the next level by decoding our secret blurred message. Watch as Shawn A. showcases his solution.

Video screenshot of Dan Petro interviewing Alejando about the security tool challenge
Workshops & Training

Unredacter Challenge: Alejandro's Solution

Challenge Accepted! We asked the security community to take Unredacter to the next level by decoding our secret blurred message. Watch as Alejandro showcases his solution.

Cover slide of presentation: What Bad could Happen? Managing Application risk with Threat Modeling
Workshops & Training

Managing Application Security Risk with Threat Modeling

Screenshot of Yael Barsuto presenting at BSides Las Vegas Youtube on ICS Security Assessments 101
Workshops & Training

13th B-Sides Las Vegas - ICS Security Assessments 101 or How da Fox I Test Dis?

We have seen many ICS attacks both in the news and in several talks at security conferences. They show how ICS protocols are insecure by default and how we can mess with control components so easily. However, from a consulting point of view, are we really asking our ICS clients to let us mess with their critical infrastructure just to show what we already know?

Video thumbnail of Tom Eston and his agenda slide while presenting at BSides Las Vegas 2022
Workshops & Training

13th BSides Las Vegas - Management Hacking 101

Tom Eston, AVP of Consulting at Bishop Fox, shares his best advice for becoming a successful manager and leader in the security industry.

SmogCloud video thumbnail with overlay play button.
Workshops & Training

SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns

Presented at Black Hat 2020, this presentation looks at the most pragmatic ways to continuously analyze your AWS environments and operationalize that information to answer vital security questions. Demonstrations include integration between IAM Access Analyzer, Tiros Reachability API, and Bishop Fox CAST Cloud Connectors, along with a new open source tool SmogCloud to find continuously changing AWS internet-facing services.

Cover slide deck expose yourself without insecurity blackhat arsenal 2020
Workshops & Training

SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns

Black Hat USA 2020 presentation looks at pragmatic ways to answer vital security questions in your AWS environment.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.