Resource Center

Defeating net-based drone defense products by using a protective chicken wire bubble: The SKYNET 12 gauge shotgun shells blew a hole right through our chicken wire protective cage.

A video teaser to Bishop Fox's "DeepHack" program, presented at DEF CON 25 on July 29th.

At risk of appearing like mad scientists, reveling in our latest unholy creation, we proudly introduce you to DeepHack: the open-source hacking AI. This bot learns how to break into web applications using a neural network, trial-and-error, and a frightening disregard for humankind.

This presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. We will then reveal several new search engine hacking techniques that have resulted in remarkable breakthroughs against both Google and Bing.

According to our research, 98 percent of the internet is not protected against email spoofing, which is a relatively easy problem to solve. If you’re concerned that your domain may be vulnerable to spoofing, check out SpoofCheck, our tool that diagnoses web and email domains.

Some quick live footage of flying the Danger Drone, a free penetration testing platform from Bishop Fox. She handles great!

Some quick live footage of flying the Danger Drone, a free penetration testing platform from Bishop Fox. She handles great!

“Super Smash Bros: Melee.” – Furrowed brows, pain in your thumbs, trash talk your Mom would blush to hear. What started as a fun coding project in response to a simple dare grew into an obsession that encompassed the wombo-combo of hacking disciplines including binary reverse engineering, AI research, and programming.

CVE-2016-1764, fixed by Apple in March of 2016, is an application-layer bug that leads to the remote disclosure of all message content and attachments in plaintext by exploiting the OS X Messages client.

It is unlikely when a bug affects almost every CDN and it becomes vulnerable, but when this happens the possibilities are endless and potentially disastrous. This is a story of exploit development with fascinating consequences.

Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance for penetration testers on hacking High Frequency (HF - 13.56 MHz) and Ultra-High Frequency (UHF – 840-960 MHz).

It’s possible for a thief to plug a USB drive into Brink’s CompuSafe Galileo, automate hacking the safe, and steal the cash inside. Our video explains this exploit in under 60 seconds.

A vulnerability in the AirDroid application’s web interface made it possible for an attacker to essentially hijack a user’s phone. This video highlights the vulnerability’s implications and how an app’s permissions can become too pervasive.

In this presentation, we explore how to (ab)use free trials to get access to vast amounts of computing power, storage, and pre-made hacking environments.

Take control over your neighbors’ TVs like in the movies! This talk will demonstrate how to hijack any Google Chromecast – even if it’s behind a secure Wi-Fi network – to do your bidding.

Untwister is a tool designed to help pentesters predict random number sequences when an application generates them using an insecure algorithm. This presentation focuses on weaponizing what used to be theoretical into our tool: untwister.

Video Demo - using Bishop Fox's "RickMote Controller" to wirelessly hijack someones nearby TV by taking over their Google Chromecast.

Secured a new voice-enabled speaker at launch by integrating security testing into every stage of development.

This presentation will demonstrate how to hijack a Google Chromecast on any network to play videos of your choosing. Let no TV be safe.

The Tastic RFID Thief can be concealed in a briefcase or messenger bag, and used to silently steal the proximity badge information from an unsuspecting employee as they physically walk near the concealed device. Learn how to get full coverage of all pockets as you walk by your target.

This presentation provides a thorough and objective review of the benefits, shortcomings, and trade-offs of static code analysis tools, black box application scanners, and expert analysis.

Threat modeling is heavily used by the Mozilla Security team in order to analyze potential threats and weaknesses in Firefox and also our other systems, such as addons.mozilla.org, browserID, etc. This video highlights the Trike methodology for threat modeling.

Learn about the differences in skill sets and qualities that make a good pen tester.

This presentation will give you actionable tips on where to start when securing a startup, and how to bridge the gap between your small company and a Fortune 1000 company you want to secure as a client.