Workshops & Training

Services

Cosmos

Events

Resources

About

Get Started

Pen Testing Overview

A modern approach to cybersecurity that combines automated testing tools with human expertise to identify all your vulnerabilities.

AI/LLM Security Assessment

Application Penetration Testing

• Mobile Application Assessment

• Secure Code Review

Cloud Security

Product Security

Network Security

• External Pen Testing

• Internal Pen Testing

Partner Assessments

• CASA & MASA

• Oracle Assessment

• ioXt Alliance Certification

CTEM Overview

Identify, prioritize and resolve business-impacting exposures through managed services that support and strengthen your CTEM program.

Attack Surface Discovery

Attack Surface Testing

Emerging Threats

Red Team & Readiness Overview

Get a holistic view of your ability to defend against a real-world attack.

Red Teaming

• Social Engineering

• Ransomware Readiness

IR Tabletop Exercises

Cosmos Platform

Meet Cosmos: The continuous offensive security solution designed to provide proactive defense.

Cosmos Attack Surface Management

Get Cosmos Attack Surface Management (CASM) for unmatched visibility into your changing external attack surface with continuous discovery and mapping.

Cosmos Application Penetration Testing

Cosmos Application Penetration Testing (CAPT) strengthens the security of business-critical applications with in-depth assessments.

Cosmos External Penetration Testing

Cosmos External Penetration Testing (CEPT) builds on Cosmos Attack Surface Management to provide the highest level of attack surface protection with post-exploitation activities.

Featured Report

Scoring high in the GigaOm Radar for the fourth year in a row!

Get an overview of the Attack Surface Management (ASM) market — and learn why Bishop Fox was named a Fast Mover by the analysts at GigaOm.

Get The Report

See All Events

We actively contribute to and participate in the cybersecurity community. Come see us at an upcoming industry event or tune into one of our speaking gigs, past or present!

Conferences

Technical Briefings

Virtual Sessions

Workshops & Training

Executive Briefings

Community Events

Featured Session

Red Teaming: Is your security program ready for the ultimate test?

Learn why traditional penetration testing fails on LLMs. Join Bishop Fox’s Brian D. for a deep dive into adversarial prompt exploitation, social engineering, and real-world AI security techniques. Rethink how you test and secure today’s most powerful models.

Watch Now

See All Resources

Explore offensive security resources, from detailed reports and step-by-step guides to expert-led webcasts and live sessions, all designed to keep you informed and ahead.

Blog

Customer Stories

Bishop Fox Labs

Open-Source Tools

Workshops & Training

Cybersecurity Style Guide

Featured Research

LLM-Assisted Vulnerability Research

Explore Bishop Fox's experimental research into applying Large Language Models to vulnerability research and patch diffing workflows.

View Guide

Company Overview

We’ve been in the offensive security space for almost two decades, and we’re proud to be home to the innovators, engineers, and exploit writers behind some of the most widely used and respected security tools, techniques, and research in the industry.

Customers

Partner Program

• Become a Partner

• Partner Assessment

Newsroom

Career Opportunities

Educational Programs

We’re Hiring

Want to Work with the Best Minds in Offensive Security?

Hack the Planet. Have Fun Doing It. Be part of an elite team and work on projects that have a real impact.

Explore Openings

Services

Services Overview

COSMOS

Events

Resources

About

Get Started

Featured Workshops & Training

Demystifying 5G Security: Understanding the Registration Protocol

In this hands-on workshop, Senior Security Consultant Drew Jones will break down the fundamentals of the 5G registration protocol, explore where security gaps can emerge, and walk through a live simulated lab demonstrating real-world vulnerabilities.

Type:

Topic:

Follow Our RSS Feed

Workshops & Training

CVE Spotlight: Breaking Down Zimbra’s RCE Vulnerabilities

Watch the inaugural episode of our What the Vuln livestream series as we examine Zimbra Zip Path Traversal vulnerabilities, CVE-2022-27925 and CVE-2022-37042.

Tool Talk Episode 9 webcast title in neon letters on dark background with Matt Keeley and Joe Sechman headshots presenting the security tool Spoofy.

Workshops & Training

Spoofy in Action: Advancing Domain Spoofing Detection

Learn how to efficiently identify subdomain takeover vulnerabilities using Spoofy, an open-source tool that automates the assessment process and helps protect your organization from potential subdomain spoofing attacks.

Bishop Fox Tool Talk Episode 8 asminject.py

Workshops & Training

Process Injection on Linux: A Deep Dive into asminject.py

Watch as we explore Bishop Fox’s very own asminject.py, a code injection tool that tampers with trusted Linux processes to capture sensitive data and change program behavior.

Bishop Fox Tool Talk episode 7 CloudFox to find exploitable attack paths in cloud infrastructure presented by three security consultants

Workshops & Training

CloudFox in Action: Mapping Exploitable Paths in AWS

Watch as we explore Bishop Fox’s very own CloudFox, a command line tool that helps offensive security practitioners navigate unfamiliar cloud environments and find exploitable attack paths in cloud infrastructure. Tune in to our livestream for a demo of CloudFox!

Workshops & Training

The Mind Behind Nuclei, Demo with Sandeep Singh

Join co-founder of ProjectDiscovery, Sandeep Singh, for a demo of the new Nuclei tool.

Workshops & Training

Fuzzing: Get the buzz on fuzz testing in software development

This slide deck includes:

Fuzzing Basics
How Fuzzing Works
Popular Fuzzing Tools

Screenshot of video of Dan Petro interviewing John L about the Unredacter challenge

Workshops & Training

Unredacter Challenge: John L.'s Solution

Challenge Accepted! We asked the security community to take Unredacter to the next level by decoding our secret blurred message. Watch as John L. showcases his solution.

Screenshot of video of Dan Petro interviewing Shawn A about the Unredacter challenge

Workshops & Training

Unredacter Challenge: Shawn A.'s Solution

Challenge Accepted! We asked the security community to take Unredacter to the next level by decoding our secret blurred message. Watch as Shawn A. showcases his solution.

Video screenshot of Dan Petro interviewing Alejando about the security tool challenge

Workshops & Training

Unredacter Challenge: Alejandro's Solution

Challenge Accepted! We asked the security community to take Unredacter to the next level by decoding our secret blurred message. Watch as Alejandro showcases his solution.

Cover slide of presentation: What Bad could Happen? Managing Application risk with Threat Modeling

Workshops & Training

Managing Application Security Risk with Threat Modeling

Screenshot of Yael Barsuto presenting at BSides Las Vegas Youtube on ICS Security Assessments 101

Workshops & Training

13th B-Sides Las Vegas - ICS Security Assessments 101 or How da Fox I Test Dis?

We have seen many ICS attacks both in the news and in several talks at security conferences. They show how ICS protocols are insecure by default and how we can mess with control components so easily. However, from a consulting point of view, are we really asking our ICS clients to let us mess with their critical infrastructure just to show what we already know?

Video thumbnail of Tom Eston and his agenda slide while presenting at BSides Las Vegas 2022

Workshops & Training

13th BSides Las Vegas - Management Hacking 101

Tom Eston, AVP of Consulting at Bishop Fox, shares his best advice for becoming a successful manager and leader in the security industry.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.