Want to go deeper with red teaming, tools, and offensive security? Join the Bishop Fox RedSec #Discord and connect with #researchers, practitioners, and #cybersecurity pros pushing the boundaries. ? Ask questions ? Share tools ? Attend live workshops ? Learn with the community
关于我们
Bishop Fox is recognized as the leading authority in offensive security, providing solutions ranging from continuous penetration testing, red teaming, and attack surface management to product, cloud, and application security assessments. Enterprises have been told that breaches are inevitable. But we don’t accept that. We focus on offensive security because we believe securing modern organizations requires a "forward defense" approach that proactively uncovers and eliminates exposures before they are exploited. Over the past 16 years, we’ve worked with more than 25% of the Fortune 100, 8 of the top 10 global tech companies, and hundreds of other organizations to improve their security. Our award-winning Cosmos platform was named Best Emerging Technology in the 2021 SC Media Awards and our offerings are consistently ranked as “world class” in customer experience surveys. Security isn’t just a job to us. We do this because we love it — and because we're committed to the common good. In fact, we have authored 15 open-source tools, shared groundbreaking research, and published more than 50 security advisories in the last 5 years. Learn more about us at bishopfox.com or follow us on Twitter @bishopfox for the latest updates.
- 网站
-
https://bishopfox.com
Bishop Fox的外部链接
- 所属行业
- 计算机和网络安全
- 规模
- 201-500 人
- 总部
- Tempe,Arizona
- 类型
- 私人持股
- 创立
- 2005
- 领域
- Computer Security、Risk Assessment、Pentesting、Information Security、Architecture Security、Penetration Testing、Network Security、Application Security、Red Teaming、Continuous Penetration Testing、Mobile Security、Cybersecurity、Physical Penetration Testing、Application Assessment、Product Security Review、Mobile Application Assessment、Attack Surface Testing、Social Engineering、External Penetration Testing、Internal Penetration Testing、Cloud Security、Attack Surface Management和Threat Modeling
地点
-
主要
获取路线
1414 W Broadway Rd
Suite 233
US,Arizona,Tempe,85282
Bishop Fox员工
动态
-
From 32 tools to just 4 contenders—our Ultimate Red Team Tool Showdown is down to the Final Four. ? Sliver vs BloodHound.py ? AzureHound vs Scapy Which two will make it to the Finals? Cast your vote and help crown the champion! https://bfx.social/4lmyCKC #redteam #FinalFour
-
Pixelation isn't protection. Watch Senior Security Engineer Dan Petro showcase how pixelation works, why it fails as a redaction method, and how Unredacter solves the challenge of restoring redacted text. Get the tool: https://bfx.social/43puXVL. #bishopfoxlabs #cybersecurity
-
New report reveals a surge in third-party breaches across industries — with nearly 1 in 3 breaches tied to vendors. Retail, tech, and energy sectors were hit hardest. #cybersecurity #riskmanagement
-
Rust is gaining traction in malware development—offering evasion advantages over C/C++. Security Consultant III Nick Cerne breaks down why, compares reverse engineering challenges, and builds a Rust-based dropper to stage Sliver. #hacking #hackertools #Sliver #Rust
-
The top Red Team tools are battling for a spot in the Final Four. Who moves on? You decide. ? Sliver vs. Metasploit ? BloodHound.py vs. GhostPack ? AzureHound vs. MicroBurst ? Scapy vs. EvilGinx Voting is live through Monday! https://lnkd.in/gKvHHuRg
-
20 years in and it feels like we're just getting started. Huge thank you to all of our team, clients, and community for being a part of this journey. Here's to the next 20!
?? Congratulations to Bishop Fox, Vinnie Liu, and the Fox Den on 20 years of excellence in pen testing and offensive security!???????? ? ? ?? Forgepoint Capital has been proud to partner with Bishop Fox since our Series A investment in 2019. Read Forgepoint Managing Director Ernie B.’s blog post for a look back at Bishop Fox’s tremendous journey and multiple, award-winning breakthroughs: https://lnkd.in/gacJNjf9 ?? With over 1,000 customers protected including over 25% of the F100, Bishop Fox is the recognized leader by GigaOm Radar in Attack Surface Management, three years in a row! Kudos, team! #forgepointfamily #pentesting #AI #offensivesec
-
-
-
-
-
+7
-
-
Bishop Fox转发了
8 Critical Lessons I've Learned from AI/LLM Penetration Testing After conducting numerous AI and LLM security assessments, I've gathered some valuable insights I'd like to share with fellow security professionals: 1?? Client maturity matters. Every organization has different levels of AI security awareness and implementation. Tailoring your approach based on their maturity level is essential for successful engagement. 2?? Be prescriptive, not descriptive. Listing vulnerabilities isn't enough. Clients need actionable recommendations that address their specific risks based on real-world testing. 3?? Evaluate existing controls first. Before suggesting new security measures, understand what's already working (or not working) in their environment. 4?? One size definitely doesn't fit all. AI/LLM systems are integrated differently across organizations. Generic recommendations rarely address the unique challenges each client faces. 5?? Traditional AppSec principles still apply. The fundamentals remain crucial: input validation, output sanitization, and access control. The art is finding the right balance for each use case. 6?? Focus on mitigations, not just attack techniques. Demonstrating clever prompt injections might impress, but providing practical defense strategies delivers actual value. 7?? Context is king. Every recommendation must consider the client's business context, technical environment, and risk tolerance. 8?? Build for implementation. The most brilliant security advice is worthless if it can't be implemented in the client's specific environment. What lessons have you learned from securing AI/LLM systems? I'd love to hear your experiences in the comments. #AISecurityBestPractices #LLMSecurity #CybersecurityLessons #PenetrationTesting #AIDefense #InformationSecurity
-
?? Tomcat CVE-2025-24813: What You Need to Know A lot of noise is swirling around this Apache Tomcat RCE chain—but should you be worried? Our security researcher Jon Williams breaks it down: ? Patches are available—upgrade immediately if you can. ? Most Tomcat instances aren’t vulnerable unless specific settings are misconfigured. ? Reports of active exploitation may be exaggerated.