New from Ponemon Institute: The State of Offensive Security in 2023. Read the Report ›

Tool Talk Logo 2023 04 07

Technical Series

Arm Yourself with Offensive Security Tools

Tool Talk is a one-of-a-kind series where we shed light on tools and research that could help protect your organization – specifically from an offensive security perspective. Each episode features our offensive security experts as they break down and demo one specific tool. Insights include the origins and technical components of the tool, how pen testers can leverage them to find and exploit vulnerabilities, and how to integrate them in their tool box.

"My message to companies that think they haven't been attacked is: ‘You're not looking hard enough.’ ”
— James Snook, Deputy Director, UK Office for Cyber Securityaa

Subscribe to the Tool Talk Series

By submitting this form, you indicate that you have read and agree to the terms of our Privacy Policy.

Add to Your Toolkit

Tool Talk Series: Episode Breakdown

Bishop Fox Livestream Tool Talk FI 2

Episode 10: Burp Suite

Creating Customized Extensions for Penetration Testing

Learn how to power up web application security testing with tips on creating customized extensions featuring BurpCage, an extension that replaces any image proxied through Burp Suite leveraging the Montoya API.

Bishop Fox Tool Talk Spoofy

Episode 9: Spoofy

Bulk Domain Lookup Based on SPF & DMARC Records

Watch to see security expert Matt Keeley share why Spoofy was developed, how Spoofy enables security professionals, and a Spoofy demo to find out if your domain is spoofable.

Bishop Fox Tool Talk asminject

Episode 8: asminject.py

Compromise Trusted Linux Processes & Containers

Watch about asminject.py, a Bishop Fox code injection tool that tampers with trusted Linux processes to capture sensitive data and change program behavior. We explore why the tool was developed and how it interacts with the target process to capture sensitive data.

Tool Talk Cloud Fox

Episode 7: Cloudfox

Find Exploitable Attack Paths in Cloud Infrastructure

Watch as we explore CloudFox, a Bishop Fox command line tool that helps offensive security practitioners navigate unfamiliar cloud environments and find exploitable attack paths in cloud infrastructure.

Bishop Fox Tool Talk Ruby Exploits OD

Episode 6: Ruby

Ruby on Rails: Replicable Web Application Attack Emulations

Learn a new test harness for debugging Ruby exploits, why this technique improves hacking prowess, and how to use this application for attack emulation.

Bishop Fox Tool Talk ripgen

Episode 5: Ripgen

On the Hunt for Subdomain Permutation

Watch to see ripgen, a Bishop Fox open-source tool, in action and learn how to stretch your knowledge of subdomain permutations.

Bishop Fox Tool Talk Episode 4 Unredacter

Episode 4: Unredacter

Easily Reverse Redacted Pixelized Text

Tune in as we cover best practices for redacting sensitive text - and why pixelation isn't one of them. Deep dive into the basics of Unredacter – what it is and how it works, why it is tricky to beat redaction, how to make sure redacted text is hidden, and a demo showcasing the tool in action.

Bishop Fox Tool Talk Episode 3 Nuclei

Episode 3: NUCLEI

Community-Built Scanner for Simplicity and Modularity

Join Bishop Fox as we dive into ProjectDiscorery's open-source tool Nuclei, a fast and customizable vulnerability scanner based on simple YAML-based DSL.

Fuzzing Tool Talk Card with Title

Episode 2: FUZZING

Get the Buzz on Fuzz Testing in Software Development

Watch how fuzzing is a great way to spot vulnerabilities and bugs in your software. Learn more about fuzzing, see it in action, and start using it.

Bishop Fox Video Tool Talk Eyeballer

Episode 1: EYEBALLER

Spend Less Time Hunting & More Time Hacking

Watch Dan Petro give a demonstration of Eyeballer, a Bishop Fox open-source penetration testing tool powered by artificial intelligence that assesses a repository of screenshots for indications of potential vulnerabilities, supplements automated scanning methods to close gaps in coverage, and improves testing times and accuracy.

DISCOVER AN AWARD-WINNING DIFFERENCE

See why we've been recognized as a leader in offensive security.

Global Infosec Awards Winner 2023
Bishop Fox winner of the 2021 SC award for best emerging technology.
Bishop Fox winner of the Stevie Silver Awards 2022.
FastCompany Logo on yellow background with Best Workplaces for Innovators 2022 award
Global Infosec Awards winner Cyber Defense Magazine 2022 logo.
Info Sec Award Cyberdefense Magazine 2020

Are you ready? Start defending forward.

Are you ready to uncover your digital footprint and get a real-time, attacker’s view of your perimeter? Request a demo to see the Cosmos platform in action.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.