Guide

What to Expect of Your Nest Security Assessment

This guide covers what to expect when engaging Bishop Fox to perform a Google Nest Security Assessment, including timeline, scoping, scheduling, and reporting.

Guide

What to Expect of Your Google Partner Security Assessment

This guide covers what to expect when engaging Bishop Fox to perform a Google Partner OAuth Application security assessment, including project timeline, onboarding and scoping, and deliverables.

Customer Story

Developing a New Methodology for Illumio to Measure the Power of Micro-Segmentation

When Illumio wanted to objectively prove the value of micro-segmentation as a security control, they turned to Bishop Fox to develop an unbiased testing methodology that showed how increased segmentation meant increased time and effort for attackers.

Video

SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns

Presented at Black Hat 2020, this presentation looks at the most pragmatic ways to continuously analyze your AWS environments and operationalize that information to answer vital security questions. Demonstrations include integration between IAM Access Analyzer, Tiros Reachability API, and Bishop Fox CAST Cloud Connectors, along with a new open source tool SmogCloud to find continuously changing AWS internet-facing services.

SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns

Black Hat USA 2020 presentation looks at pragmatic ways to answer vital security questions in your AWS environment.

Video

Illumio Assessment Report: Interview with Raghu Nandakumara and Rob Ragan

Illumio Field CTO Raghu Nandakumara and Bishop Fox Principal Researcher Rob Ragan discuss the efficacy of microsegmentation in this interview.

Video

Dufflebag: Uncovering Secrets in Exposed EBS Volumes

In this video, Dan Petro demonstrates how the Bishop Fox open source tool Dufflebag works.

Video

DerpCon 2020 - Demystifying Capture The Flags (CTF)s

In the talk: Demystifying CTFs, Barrett Darnell will provide an overview of CTF formats, the skills they require and the experience they develop, and conclude with a plethora of CTF resources for those wanting to participate.

Video

DerpCon 2020 - Ham Hacks: Breaking into the World of Software Defined Radio

If you’re a hacker who has always been too afraid of RF protocols to try getting into SDRs, or you have a HackRF collecting dust in your closet, this talk will show you the ropes.

Video

DerpCon 2020 | .NET Roulette: Exploiting Insecure Deserialization in Telerik UI

Telerik UI for ASP.NET AJAX is a widely used suite of UI components for web applications.

.Net Roulette Exploiting Insecure Deserialization in Telerik UI

DerpCon 2020 presentation reviews how .NET deserialization works and how to get shells on real applications.

Ham Hacks: Breaking Into the World of Software-Defined Radio

This DerpCon 2020 presentation explores how to find, capture, and reverse-engineer RF signals.