Parrot secures drones with 

Application Pen Tests

Parrot wanted to ensure their privacy guarantee about their drones, applications, and stored data was accurate and tested by security experts. They chose Bishop Fox to test their environment and application to meet compliance requirements and to make sure their clients were protected.
Read Full Story

Zoom Secures Their Expanding

Attack Surface With CAST

Learn how Zoom leveraged our Continuous Attack Surface Testing (CAST) service to work through the potential security issues that existed on their 500K+ targets and create proof-of-concept exploits to prioritize which risks required immediate attention.
Read Full Story

Republic Services

Uses CAST for

CONTINUOUS TESTING THAT SCALES

Republic Services wanted to gain visibility into their attack surface. Learn how Continuous Attack Surface Testing (CAST) helped them track emerging threats and prevent attacks in real time.
Read Full Story

Up level Your Security with 

Continuous Attack Surface Testing (CAST)

Our new managed service combines a next-generation attack platform with expert-driven penetration tests to deliver unprecedented visibility into your security posture.
Learn More
An Exploration of JSON Interoperability Vulnerabilities

More parsers, more problems: Our research into JSON interoperability vulnerabilities highlights the risks of ambiguous parsing behavior & how it can pose a hidden threat to your application.

Read more here

With you for
the long haul

We don’t report and run. We stay by your side to
help you improve your security posture by
revealing your risks and requirements. And we keep our word by delivering exactly what we promise.

We listen

We take the time to understand the nuances of your business, your pain points, and your security goals to craft a solution that defines success on your terms.


We deliver

Impact comes from knowing exactly where you’re exploitable, so we report only on vulnerabilities we can verify. You won’t just know what’s possible; you’ll know what’s real.


We guarantee

When we promise senior talent, that’s what we deliver. We work with you to identify the team that has the experience and knowledge to tackle your unique testing needs.


GET TO KNOW US

“Companies come to Bishop Fox because they want to stay ahead of the bad guys, not because they are checking a box.”

— Will Lin, Partner at ForgePoint Capital

Customer
Stories

Our clients are as committed to security as we are. See how we’ve partnered with leading companies across all industries to assess, identify, and minimize their security risks.

Sonos Makes Secure Moves with Bishop Fox
When Sonos was bringing a new voice-enabled speaker to the market, they turned to Bishop Fox to ensure that new features didn’t put customers at risk.
Read Full Story Read all stories

Stay Ahead
Of the Risks

Security is an ever-evolving challenge. At Bishop Fox, we deliver forward thinking, highly technical offensive cybersecurity services, so you can confidentially secure your business from current and future threats.

Managed
Services

Amplify your offensive security program and stay ahead of the bad guys with attack surface discovery, sophisticated testing automation, and expert-driven penetration tests.

Learn More

Consulting
Services

All-out digital assaults. Penetration tests of applications and networks. Cloud, product, and device security reviews. And custom engagements designed to meet your specific testing needs, whatever they are. We do it all.

Find out more

Our research
Is your opportunity

We believe that the only way to advance the state of security is to share our insights with the broader community, and that’s exactly what we do. No strings attached.

Hacker Tools: Dufflebag

Dufflebag is a tool that searches through public Elastic Block Storage (EBS) snapshots for secrets that may have been accidentally left in.

Hacker Tools: RMIScout

RMIScout performs wordlist and brute-force attacks against exposed Java RMI interfaces to safely guess method signatures without invocation.

Hacker Tools: GitGot

GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets.

Hacker Tools: Eyeballer

AI-powered, open source tool designed to help penetration testers assess large-scale external perimeters.

Hacker Tools: GadgetProbe

GadgetProbe is a tool to probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on a remote Java classpath.

Sliver Framework

Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS. A free alternative to Cobalt Strike.

Explore our research

Let’s
Talk

Whether you know exactly which services you need, or want help in figuring out what solution is best for you, we can help.

Get in touch