Resource Center

In this session, we investigate how applications are the beating heart of the digital realm, and as hackers, we know just how to make them skip a beat.

In this session, we take a deep dive into the cloud's underbelly, exploring its vulnerabilities and exploiting its weaknesses.

In this session, learn from Bishop Fox experts who are at the cutting-edge of developing tools, technologies, and methodologies which they use to uncover vulnerabilities and offer guidance to some of the most elite organizations worldwide.

In this session, learn the secrets of stealthy infiltration, master the latest attack vectors, and discover how to communicate your findings like a true hacker.

In this session, hear from Chris Kirsch, CEO and co-founder of runZero.

In this session, we talk with Tom Hudson who is a Senior Security Engineer at Bishop Fox, where he is part of the Capability Development team for Cosmos.

In this session, hear from Chloé Messdaghi, an accomplished security executive with a proven track record of advising and developing solutions.

In this session, hear from John Hammond who is a cybersecurity researcher, educator and content creator.

In this session, hear from Phillip Wylie, a cybersecurity expert with over 25 years of experience in IT and cybersecurity.

Tune in to the eleventh episode of our Tool Talk series to hear Tom Hudson speak about jsluice, an open-source, Go package and command-line tool used to extract information from JavaScript files and code.

Join us Friday, August 11, 2023 for a livestream from DEF CON 31 to hear seasoned hackers and cybersecurity experts uncover the intricacies of ethical hacking and how the hacker spirit can be harnessed to push the boundaries of technology.

Download our guide to discover the current challenges in securing the cloud, the approach offensive security takes through cloud penetration testing, and the differences and advantages of investing in CPTs as part of a cloud security program.

In a new study conducted with Bishop Fox, the Ponemon Institute surveyed nearly 700 security and IT practitioners who actively employ offensive security practices. The analysis explores where enterprises are focusing offensive security efforts and the drivers behind them.

Watch the third episode of our What the Vuln technical series as we share the most intriguing vulnerabilities that we encountered in Q2 2023 and how we hacked them.

Hear from experts Larry Ponemon & Tom Eston, as they reveal our findings from a joint report with the Ponemon Institute on the 'State of Offensive Security' in 2023.

Read our eBook to learn how Red Teaming can provide the ultimate training ground for your defenses, assessing how well (or not) intrusions are detected and how an attacker can move throughout your network to achieve exfiltration.

Join Bishop Fox for a fireside chat with renowned cybersecurity experts – Evan Wolff & Justin Greis. We’ll discuss how new proposed regulations will impact offensive security initiatives, both short- and long-term.

In this technical guide, offensive security expert Shanni Prutchi provides analysis of the entire 278 verification requirements listed in OWASP's ASVS standard to assist in the generation of test cases and provide context to companies looking to test their applications against the standard.

Get new analyst insights on the benefits of continuous testing.

Join our offensive security experts as they share insights gleaned from analyzing twelve months of findings captured in Cosmos, our award-winning attack surface management platform.

Learn how to power up web application security testing with tips on creating customized extensions featuring BurpCage, an extension that replaces any image proxied through Burp Suite leveraging the Montoya API.

Get Bishop Fox's social engineering testing methodology. See how we simulate phishing, vishing, and physical attacks to strengthen your security awareness.

Download Bishop Fox's IR tabletop exercise methodology to understand how we develop realistic attack scenarios, facilitate collaborative exercises, and assess your organization's incident response readiness.

Designed for security researchers, this guide is an invaluable resource for advice on which cybersecurity terms to use in reports and how to use them correctly.