Resource Center

In this Initial Access podcast episode, we cover AI prompt injection risks, continued social engineering via LinkedIn and QR codes, credential theft and session hijacking, patch reliability and appliance security, and how AI is being used to accelerate malware development—distinguishing meaningful risk from overhyped claims.

Application pen tests cost real time and money. Learn how to get real value from them. Bishop Fox lead researcher Dan Petro explains what good app tests include, how to evaluate AI-powered testing, and the questions that matter before and after an engagement.

Download this guide to explore key aspects of application penetration testing, questions to ask along the way, how to evaluate vendors, and our top recommendations to make the most of your pen test based on almost two decades of experience and thousands of engagements.

In our third Sliver workshop, we explore how Sliver handles traffic encoding by default and how attackers can extend its capabilities with custom Wasm-based encoders. We dive into Sliver’s encoder framework works, what’s possible with WebAssembly, and how to design and test your own encoders.

Watch Trevin Edgeworth, Red Team Practice Director at Bishop Fox, in this virtual session where he will break down how Red Teaming gives leaders the clarity, evidence, and narrative they need to make informed, high-stakes decisions in the current AI landscape.

Join Senior Security Consultant Nick Cerne for “Peeling Back the Plastic: Finding 0-Days in IoT Devices” on Tuesday, Nov. 18. Learn hands-on techniques for uncovering hidden vulnerabilities in consumer IoT devices and advancing your IoT security research skills.

The Product Security Reviews Report is a data-driven analysis that distills two years of hands-on testing across healthcare, IoT, industrial, and financial systems into a single, sobering insight: attackers don’t need sophistication when simplicity still works. This guide helps security leaders understand why fundamental flaws remain the root cause of breaches—and how to turn that reality into a roadmap for measurable improvement.

In this live virtual session, you’ll explore two years of product testing across healthcare, IoT, industrial, and financial systems—and see how “basic” vulnerabilities continue to cause the biggest damage. Learn how small oversights like default credentials, broken cryptography, and insecure configurations can be chained into full-scale breaches, and what you can do to stop them.

Understanding your exposure is essential to building secure and resilient AI systems. Bishop Fox AI/LLM security assessments provide the experience and expertise to help you navigate this emerging threat landscape.

In this hands-on workshop, Senior Security Consultant Drew Jones will break down the fundamentals of the 5G registration protocol, explore where security gaps can emerge, and walk through a live simulated lab demonstrating real-world vulnerabilities.

Two recent cyberattacks crippled global enterprises by exploiting Salesforce OAuth mechanisms. Join CISO Christie Terrill and former Salesforce security leader Brian Soby for an exclusive breakdown of these breaches and actionable defense strategies in this live fireside chat.

In this session, Mitchell Sperling, Senior Security Consultant at Bishop Fox, will demonstrate how he uses CloudFox during cloud penetration tests to quickly enumerate large cloud environments and identify interesting attack paths.

Explore Bishop Fox's experimental research into applying Large Language Models to vulnerability research and patch diffing workflows. This technical guide presents methodology, data, and insights from structured experiments testing LLM capabilities across high-impact CVEs, offering a transparent look at where AI shows promise and where challenges remain.

Join top security leaders from Bishop Fox, AppOmni, and Guidewire as they reveal how Salesforce AppExchange set the standard for scalable SaaS security—packed with real-world insights to future-proof your security strategy.

AI doesn’t crash when compromised—it complies. Join Jessica Stinson as she shares real-world AI security failures, revealing how trusted tools are silently hijacked. Learn to spot hidden risks and build resilient AI defenses before silence turns into breach.

To ensure its real-time AI platform could withstand sophisticated threats, a global SaaS company partnered with Bishop Fox for its first full red team assessment.

Ventrilo.ai partnered with Bishop Fox for application penetration testing and AI security assessments to ensure its writing assistant protects sensitive user data and withstands real-world threats.

The Red Team Readiness Guide is a practical, question-driven planning framework that helps security leaders align stakeholders, clarify objectives, and evaluate organizational readiness ahead of a Red Team engagement. Use it to avoid common pitfalls, define business-relevant goals, and set the stage for maximum impact.

Learn how expert-driven testing goes beyond automation to thoroughly assess AI and LLM applications with techniques grounded in human behavior and social engineering.

The Red Team Readiness Assessment is a guided self-assessment worksheet that helps security teams evaluate their preparedness, align stakeholders, and plan more effective Red Team engagements. Use it to define objectives, set scope, and establish the protocols needed for a successful simulation.

Learn why traditional penetration testing fails on LLMs. Join Bishop Fox’s Brian D. for a deep dive into adversarial prompt exploitation, social engineering, and real-world AI security techniques. Rethink how you test and secure today’s most powerful models.

In our second workshop, we’ll explore Sliver’s new implant staging process and demonstrate basic CLI automation features. We’ll also walk through Sliver’s supported pivot types for lateral movement, including TCP, and wrap up by exploring automation options using the SliverPy project.

With a range of approaches that simulate breach scenarios at your organization, adversarial emulation is the most effective way to know if your team is prepared to detect, respond, and recover—before a real breach happens.

Join Steven Smiley and Jessica Stinson for a deep dive into how early-stage architectural reviews can transform the effectiveness of your testing. Whether you're navigating IAM setups or preparing to tackle GenAI risks in cloud environments, this session has the clarity and direction you need to test smarter—not just harder.