Introducing

Continuous Attack Surface Testing (CAST)

Our new managed service combines a next-generation attack platform with expert-driven penetration tests to deliver unprecedented visibility into your security posture.
Learn More

SONOS MAKES SECURE MOVES
WITH BISHOP FOX

When Sonos was bringing a new voice-enabled speaker to the market, they turned to Bishop Fox to ensure that new features didn’t put customers at risk.
Read Full Story
Customer story Sonos Move speaker

WE UNCOVER YOUR RISKS
SO YOU CAN COVER YOUR ASSETS

Our experienced hackers use the latest techniques to simulate real-world attacks on your business — so you can secure your environment with the confidence of knowing exactly where you’re exposed.
Ping a Security Expert
Illustration of Bishop Fox uncovering risk
Breaking HTTPS in the IoT: Practical Attacks For Reverse Engineers

Nathan Elendt shares 3 three attack techniques for performing Man-in-the Middle attacks against production-grade, HTTPS-protected Things in this technical write-up.

Read more here

With you for
the long haul

We don’t report and run. We stay by your side to
help you improve your security posture by
revealing your risks and requirements. And we keep our word by delivering exactly what we promise.

We listen

We take the time to understand the nuances of your business, your pain points, and your security goals to craft a solution that defines success on your terms.


We deliver

Impact comes from knowing exactly where you’re exploitable, so we report only on vulnerabilities we can verify. You won’t just know what’s possible; you’ll know what’s real.


We guarantee

When we promise senior talent, that’s what we deliver. We work with you to identify the team that has the experience and knowledge to tackle your unique testing needs.


GET TO KNOW US

“Companies come to Bishop Fox because they want to stay ahead of the bad guys, not because they are checking a box.”

— Will Lin, Partner at ForgePoint Capital

Customer
Stories

Our clients are as committed to security as we are. See how we’ve partnered with leading companies across all industries to assess, identify, and minimize their security risks.

Sonos Makes Secure Moves with Bishop Fox
When Sonos was bringing a new voice-enabled speaker to the market, they turned to Bishop Fox to ensure that new features didn’t put customers at risk.
Read Full Story Read all stories

Stay Ahead
Of the Risks

Security is an ever-evolving challenge. At Bishop Fox, we deliver forward thinking, highly technical offensive cybersecurity services, so you can confidentially secure your business from current and future threats.

Managed
Services

Amplify your offensive security program and stay ahead of the bad guys with attack surface discovery, sophisticated testing automation, and expert-driven penetration tests.

Learn More

Consulting
Services

All-out digital assaults. Penetration tests of applications and networks. Cloud, product, and device security reviews. And custom engagements designed to meet your specific testing needs, whatever they are. We do it all.

Find out more

Our research
Is your opportunity

We believe that the only way to advance the state of security is to share our insights with the broader community, and that’s exactly what we do. No strings attached.

Hacker Tools: Dufflebag

Dufflebag is a tool that searches through public Elastic Block Storage (EBS) snapshots for secrets that may have been accidentally left in.

Hacker Tools: RMIScout

RMIScout performs wordlist and brute-force attacks against exposed Java RMI interfaces to safely guess method signatures without invocation.

Hacker Tools: GitGot

GitGot is a semi-automated, feedback-driven tool to empower users to rapidly search through troves of public data on GitHub for sensitive secrets.

Hacker Tools: Eyeballer

AI-powered, open source tool designed to help penetration testers assess large-scale external perimeters.

Hacker Tools: GadgetProbe

GadgetProbe is a tool to probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on a remote Java classpath.

Sliver Framework

Sliver is a general purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS. A free alternative to Cobalt Strike.

Explore our research

Let’s
Talk

Whether you know exactly which services you need, or want help in figuring out what solution is best for you, we can help.

Get in touch