AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started

Resource Center

Discover offensive security resources ranging from reports and guides to our latest webcasts and livestreams.

Customer Stories Datasheets Guides Methodologies Reports Virtual Sessions View All
Featured Resources
Guides

LLM-Assisted Vulnerability Research

LLM-Assisted Vulnerability Research
Read Guide
Guides

Red Team Readiness Guide

Red Team Readiness Guide
Read Guide
Solution Briefs

Application Portfolio Penetration Testing Solution Brief

Application Portfolio Penetration Testing Solution Brief
Read Briefing
Workshops & Training

Building Tools: What, When, and How

Building Tools: What, When, and How
Watch Workshop
Workshops & Training

How to Write Like It's Your Job

How to Write Like It's Your Job

Presentation from BSides San Francisco 2020 offers practical advice for security writers.

Watch Workshop
Customer Stories

Sonos Makes Secure Moves with Bishop Fox

Sonos Makes Secure Moves with Bishop Fox

Secured a new voice-enabled speaker at launch by integrating security testing into every stage of development.

Read Story
Workshops & Training

Zigbee Hacking: Smarter Home Invasion with ZigDiggity

Zigbee Hacking: Smarter Home Invasion with ZigDiggity
Existing Zigbee hacking solutions have fallen into disrepair, having barely been maintained, let alone improved upon. Left without a practical way to evaluate the security of Zigbee networks, we've created ZigDiggity, a new open-source pentest arsenal from Bishop Fox.
Watch Workshop
Workshops & Training

Finding Secrets In Publicly Exposed EBS Volumes

Finding Secrets In Publicly Exposed EBS Volumes
In this talk, Ben Morris shows how he found all sorts of secrets and associated data—passwords, SSH private keys, TLS certificates, application source code, API keys, and anything else that might be stored on a server hard disk.
Watch Workshop
Workshops & Training

ZigDiggity: ZigBee Hacking Toolkit

ZigDiggity: ZigBee Hacking Toolkit

Presentation from Black Hat USA 2019 reveals an open-source pentest arsenal for Zigbee networks.

Watch Workshop
Workshops & Training

Ghost In The Browser - Broad-Scale Espionage With Bitsquatting

Ghost In The Browser - Broad-Scale Espionage With Bitsquatting

Presentation from Kapersky SAS 2019 on an unfortunate side effect to achieving HTTPS everywhere and learn what can be done to mitigate the risk.

Watch Workshop
Customer Stories

Wickr: How Bishop Fox Enables Wickr's Security Assurance

Wickr: How Bishop Fox Enables Wickr's Security Assurance

Validated products against real-world attack scenarios, delivering the transparency and assurance promised to customers.

Read Story
Workshops & Training

Reverse Engineering Mobile Apps

Reverse Engineering Mobile Apps

Presentation from BSides Las Vegas 2019 demonstrates the successful exploitation of transit system mobile apps.

Watch Workshop
Customer Stories

Securing Boost.Beast

Securing Boost.Beast
A Non-Traditional Source Code Review Securing the Foundation of Thousands of Web Applications.
Read Story
Workshops & Training

Twist & Shout: Ferris Bueller's Guide to Abuse Domain Permutations

Twist & Shout: Ferris Bueller's Guide to Abuse Domain Permutations

Presentation from Sqr00t 2019 explores the ins and outs of domain abuse, and how to prevent it.

Watch Workshop
Workshops & Training

Check Your Privilege (Escalation)

Check Your Privilege (Escalation)

Presentation from BSides Columbus 2019 discusses common privilege escalation paths on Linux systems.

Watch Workshop
Workshops & Training

Network Penetration Testing Toolkit: Netcat, Nmap, and Metasploit Basics

Network Penetration Testing Toolkit: Netcat, Nmap, and Metasploit Basics

Presentation from Day of Shecurity 2019 familiarizes you with the necessary tools to continue your ethical hacking journey.

Watch Workshop
Workshops & Training

Introduction to Linux - Privilege Escalation Methods

Introduction to Linux - Privilege Escalation Methods

Presentation from Day of Shecurity 2019 explores privilege escalation methods in Linux.

Watch Workshop
Workshops & Training

Pose a Threat: How Perceptual Analysis Helps Bug Hunters

Pose a Threat: How Perceptual Analysis Helps Bug Hunters

Presentation from OWASP AppSec California 2019 offers up dirty tricks to optimize the hunt for security exposures.

Watch Workshop
Customer Stories

Coinbase: Managing Security Through Collaboration

Coinbase: Managing Security Through Collaboration
Combining the HackerOne Platform with Bishop Fox Security Consultants.
Read Story
Customer Stories

Change Healthcare: Securing a Competitive Advantage

Change Healthcare: Securing a Competitive Advantage
As their business expanded, we were there to help Change Healthcare grow and evolve their security posture.
Read Story
Customer Stories

Securing Mobile Security with Bluebox

Securing Mobile Security with Bluebox
Software Security Meets Cybersecurity. Bluebox needed a vendor to conduct a mobile security assessment of their solution. Bishop Fox established that security was the foundation of their software.
Read Story
Customer Stories

Iotium: Securing an Industrial IoT Platform

Iotium: Securing an Industrial IoT Platform

IoTium, a solution designed for the Industrial Internet of Things (IIoT), enlisted Bishop Fox to verify the security of their product offering.

Read Story
Workshops & Training

Drone Hacking: Wireless Mouse Flyby Hijack with DangerDrone

Drone Hacking: Wireless Mouse Flyby Hijack with DangerDrone

Some quick live footage of flying the Danger Drone, a free penetration testing platform from Bishop Fox.

Watch Workshop
Customer Stories

Zephyr Health: Building a Healthy Security Program

Zephyr Health: Building a Healthy Security Program

Designed a security program that meets the highest privacy standards to protect sensitive patient health data.

Read Story
Workshops & Training

Weaponizing Machine Learning

Weaponizing Machine Learning
At risk of appearing like mad scientists, reveling in our latest unholy creation, we proudly introduce you to DeepHack: the open-source hacking AI. This bot learns how to break into web applications using a neural network, trial-and-error, and a frightening disregard for humankind.
Watch Workshop
Workshops & Training

DEF CON 25 (2017) - Game of Drones

DEF CON 25 (2017) - Game of Drones
We’ve taken a MythBusters-style approach to testing the effectiveness of a variety of drone defense solutions, pitting them against our DangerDrone. Videos demonstrating the results should be almost as fun for you to watch as they were for us to produce. Expect to witness epic aerial battles against an assortment of drone defense types.
Watch Workshop
Workshops & Training

Drone Hacking: Defeating Net Defense Products with a Protective Chicken Wire Cage

Drone Hacking: Defeating Net Defense Products with a Protective Chicken Wire Cage
Defeating net-based drone defense products by using a protective chicken wire bubble would defeat the majority of net drone defensive products which rely on the net getting caught in the propellers to take down the drone.
Watch Workshop
Workshops & Training

Drone Hacking: SKYNET Shotgun Shells - Drone Net Shell Testing

Drone Hacking: SKYNET Shotgun Shells - Drone Net Shell Testing
Defeating net-based drone defense products by using a protective chicken wire bubble: The SKYNET 12 gauge shotgun shells blew a hole right through our chicken wire protective cage.
Watch Workshop
Load More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.