Featured Resource
Red Teaming: Is Your Security Program Ready for the Ultimate Test?
In this webcast, Trevin Edgeworth, Red Team Practice Director, will share key insights from decades of experience to help you determine whether Red Teaming is the right next step.
Workshop: Sliver - Getting Started & 1.6 Features
Watch an interactive workshop led by Bishop Fox Senior Security Consultant, Tim Ghatas, as we dive into Sliver, the open-source C2 framework making waves in Red Team ops.
Exploiting Java Deserialization in GWT: From Detection to Command Execution
Watch our exclusive livestream with Ben Lincoln, Managing Principal at Bishop Fox, to learn about GWT web application vulnerabilities, exploitation strategies, and security enhancement recommendations.
Sliver Mastery: Dominating Active Directory Through Advanced Trust Exploitation
Senior security expert Jon Guild demonstrates how to use the Sliver C2 framework to develop advanced offensive security skills. Arm yourself with the knowledge and skills of enumeration, lateral movement, and escalation techniques from first-hand experience in a vulnerable lab environment.
Ace the OSEP Exam with Sliver Framework
Unlock the secrets of passing the OSEP exam with our senior security expert, Jon Guild. Join us as Jon shares his invaluable tips and tricks for conquering this benchmark exam designed for penetration testers.
"Mastering Your Tools Session" - DEF CON 31
In this session, learn from Bishop Fox experts who are at the cutting-edge of developing tools, technologies, and methodologies which they use to uncover vulnerabilities and offer guidance to some of the most elite organizations worldwide.
Tool Talk: jsluice
Tune in to the eleventh episode of our Tool Talk series to hear Tom Hudson speak about jsluice, an open-source, Go package and command-line tool used to extract information from JavaScript files and code.
Subscribe to our blog and advisories
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.
The Art of Hacking: Livestream from DEF CON 31
Join us Friday, August 11, 2023 for a livestream from DEF CON 31 to hear seasoned hackers and cybersecurity experts uncover the intricacies of ethical hacking and how the hacker spirit can be harnessed to push the boundaries of technology.
Powering Up Burp Suite: Building Custom Extensions for Advanced Web Application Testing
Learn how to power up web application security testing with tips on creating customized extensions featuring BurpCage, an extension that replaces any image proxied through Burp Suite leveraging the Montoya API.
Cybersecurity Style Guide v2.0
Designed for security researchers, this guide is an invaluable resource for advice on which cybersecurity terms to use in reports and how to use them correctly.
CVE Spotlight: Breaking Down Zimbra’s RCE Vulnerabilities
Watch the inaugural episode of our What the Vuln livestream series as we examine Zimbra Zip Path Traversal vulnerabilities, CVE-2022-27925 and CVE-2022-37042.
Spoofy in Action: Advancing Domain Spoofing Detection
Learn how to efficiently identify subdomain takeover vulnerabilities using Spoofy, an open-source tool that automates the assessment process and helps protect your organization from potential subdomain spoofing attacks.
Greatest Hits: A Compilation of Our Favorite Offensive Testing Tools
What’s better than a Top 10 List? An ultimate guide of all our favorite lists – from red team and cloud penetration tools TO our favorite music to hack to and the best reads for your offensive security journey. We’ve got you covered to level up your penetration testing game with this comprehensive guide of hacking goodies.