AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started

Resource Center

Discover offensive security resources ranging from reports and guides to our latest webcasts and livestreams.

Customer Stories Datasheets Guides Methodologies Reports Virtual Sessions View All
Featured Resources
Guides

LLM-Assisted Vulnerability Research

LLM-Assisted Vulnerability Research
Read Guide
Guides

Red Team Readiness Guide

Red Team Readiness Guide
Read Guide
Solution Briefs

Application Portfolio Penetration Testing Solution Brief

Application Portfolio Penetration Testing Solution Brief
Read Briefing
Workshops & Training

Building Tools: What, When, and How

Building Tools: What, When, and How
Watch Workshop
Guides

What to Expect of Your Nest Security Assessment

What to Expect of Your Nest Security Assessment

This guide covers what to expect when engaging Bishop Fox to perform a Google Nest Security Assessment, including timeline, scoping, scheduling, and reporting.

Read Guide
Guides

What to Expect of Your Google Partner Security Assessment

What to Expect of Your Google Partner Security Assessment

This guide covers what to expect when engaging Bishop Fox to perform a Google Partner OAuth Application security assessment, including project timeline, onboarding and scoping, and deliverables.

Read Guide
Customer Stories

Developing a New Methodology for Illumio to Measure the Power of Micro-Segmentation

Developing a New Methodology for Illumio to Measure the Power of Micro-Segmentation

Proved the impact of micro-segmentation in slowing attackers with a custom testing methodology.

Read Story
Workshops & Training

SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns

SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns

Presented at Black Hat 2020, this presentation looks at the most pragmatic ways to continuously analyze your AWS environments and operationalize that information to answer vital security questions. Demonstrations include integration between IAM Access Analyzer, Tiros Reachability API, and Bishop Fox CAST Cloud Connectors, along with a new open source tool SmogCloud to find continuously changing AWS internet-facing services.

Watch Workshop
Workshops & Training

SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns

SmogCloud: Expose Yourself Without Insecurity - Cloud Breach Patterns

Black Hat USA 2020 presentation looks at pragmatic ways to answer vital security questions in your AWS environment.

Watch Workshop
Virtual Sessions

Illumio Assessment Report: Interview with Raghu Nandakumara and Rob Ragan

Illumio Assessment Report: Interview with Raghu Nandakumara and Rob Ragan
Illumio Field CTO Raghu Nandakumara and Bishop Fox Principal Researcher Rob Ragan discuss the efficacy of microsegmentation in this interview.
Watch Session
Workshops & Training

Dufflebag Deep Dive: Uncovering Secrets in Exposed EBS Volumes

Dufflebag Deep Dive: Uncovering Secrets in Exposed EBS Volumes

In this video, Dan Petro demonstrates how the Bishop Fox open source tool Dufflebag works.

Watch Workshop
Workshops & Training

DerpCon 2020 - Demystifying Capture The Flags (CTF)s

DerpCon 2020 - Demystifying Capture The Flags (CTF)s
In the talk: Demystifying CTFs, Barrett Darnell will provide an overview of CTF formats, the skills they require and the experience they develop, and conclude with a plethora of CTF resources for those wanting to participate.
Watch Workshop
Workshops & Training

Ham Hacks: Breaking into the World of Software Defined Radio

Ham Hacks: Breaking into the World of Software Defined Radio

If you’re a hacker who has always been too afraid of RF protocols to try getting into SDRs, or you have a HackRF collecting dust in your closet, this talk will show you the ropes.

Watch Workshop
Workshops & Training

.NET Roulette: Exploiting Insecure Deserialization in Telerik UI

.NET Roulette: Exploiting Insecure Deserialization in Telerik UI
Telerik UI for ASP.NET AJAX is a widely used suite of UI components for web applications.
Watch Workshop
Workshops & Training

.Net Roulette Exploiting Insecure Deserialization in Telerik UI

.Net Roulette Exploiting Insecure Deserialization in Telerik UI

DerpCon 2020 presentation reviews how .NET deserialization works and how to get shells on real applications.

Watch Workshop
Workshops & Training

Ham Hacks: Breaking into the world of software-defined radio

Ham Hacks: Breaking into the world of software-defined radio

DerpCon 2020 presentation explores how to find, capture, and reverse-engineer RF signals.

Watch Workshop
Workshops & Training

Demystifying Capture the Flags (CTFs)

Demystifying Capture the Flags (CTFs)

DerpCon 2020 presentation on CTF formats, the skills they require, and the experience they develop.

Watch Workshop
Customer Stories

Salesflare Focuses on Application Security for the G Suite Marketplace

Salesflare Focuses on Application Security for the G Suite Marketplace
When Salesflare knew they needed to complete the new, required security assessment for the G Suite Marketplace, they chose Bishop Fox to secure their CRM product and verify their compliance.
Read Story
Customer Stories

Scaling up Google's Third-Party Security Program

Scaling up Google's Third-Party Security Program

When Google needed to ensure that their user data was being handled securely, they partnered with Bishop Fox to design a security assessment program that could validate the security posture of their 1,000+ G Suite partners. The result: the largest and most successful public third-party ecosystem testing program ever.

Read Story
Workshops & Training

Expose Yourself Without Insecurity: Cloud Breach Patterns

Expose Yourself Without Insecurity: Cloud Breach Patterns

Presentation from BSides Atlanta 2020 explores the unprecedented level of exposures in the Cloud and how they can be found.

Watch Workshop
Workshops & Training

Attacking the Data Before the Decision

Attacking the Data Before the Decision

Presentation from BSides Tampa 2020 explores the vulnerabilities of machine learning systems and how to mitigate them.

Watch Workshop
Workshops & Training

How to Write Like It's Your Job

How to Write Like It's Your Job

Presentation from BSides San Francisco 2020 offers practical advice for security writers.

Watch Workshop
Customer Stories

Sonos Makes Secure Moves with Bishop Fox

Sonos Makes Secure Moves with Bishop Fox

Secured a new voice-enabled speaker at launch by integrating security testing into every stage of development.

Read Story
Workshops & Training

Zigbee Hacking: Smarter Home Invasion with ZigDiggity

Zigbee Hacking: Smarter Home Invasion with ZigDiggity
Existing Zigbee hacking solutions have fallen into disrepair, having barely been maintained, let alone improved upon. Left without a practical way to evaluate the security of Zigbee networks, we've created ZigDiggity, a new open-source pentest arsenal from Bishop Fox.
Watch Workshop
Workshops & Training

Finding Secrets In Publicly Exposed EBS Volumes

Finding Secrets In Publicly Exposed EBS Volumes
In this talk, Ben Morris shows how he found all sorts of secrets and associated data—passwords, SSH private keys, TLS certificates, application source code, API keys, and anything else that might be stored on a server hard disk.
Watch Workshop
Workshops & Training

ZigDiggity: ZigBee Hacking Toolkit

ZigDiggity: ZigBee Hacking Toolkit

Presentation from Black Hat USA 2019 reveals an open-source pentest arsenal for Zigbee networks.

Watch Workshop
Workshops & Training

Ghost In The Browser - Broad-Scale Espionage With Bitsquatting

Ghost In The Browser - Broad-Scale Espionage With Bitsquatting

Presentation from Kapersky SAS 2019 on an unfortunate side effect to achieving HTTPS everywhere and learn what can be done to mitigate the risk.

Watch Workshop
Customer Stories

Wickr: How Bishop Fox Enables Wickr's Security Assurance

Wickr: How Bishop Fox Enables Wickr's Security Assurance

Validated products against real-world attack scenarios, delivering the transparency and assurance promised to customers.

Read Story
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.