AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

Dan Petro - Author at Bishop Fox
Headshot of security consultant and researcher Dan Petro.

Meet The Author

Dan Petro
Principal Security Engineer

As a Principal Security Engineer for the Bishop Fox Capability Development team, Dan builds hacker tools, focusing on attack surface discovery. Dan has extensive experience with application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. He has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. He has developed several open-source tools including Untwister, which breaks pseudorandom number generators and Unredacter, a tool that takes unredacted, pixelized text and reverses it back into its unredacted form. Additionally, Dan has been quoted in Wired, The Guardian, Business Insider, and Mashable. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.

Past Speaking Engagements:

Subject Matter Expertise:

  • Network security
  • IoT and product security
  • AI/machine learning
  • CFAA
  • DNS exploits
  • DDoS attacks
  • Malware

From Dan Petro

Research & Events

Resource / Virtual Sessions

AI Security in the Age of Project Glasswing & GPT-5.4 Cyber

Apr 15, 2026

Resource / Virtual Sessions

Application Security: Getting More Out of Your Pen Tests

Jan 06, 2026

Resource / Guides

Fortifying Your Applications: A Guide to Penetration Testing

Dec 04, 2025

Blog / Industry

What Will Shape Cybersecurity in 2026: AI Speed, Expanding Attack Surfaces, and Specialized Red Teams

Dec 03, 2025

Event

Meet Bishop Fox at CactusCon 2026

February 6-7, 2026

Event

Dan Petro to Speak at RSTCON

September 13-15, 2024

Resource / Virtual Sessions

Offensive Security Arsenal: Building and Mastering Custom Security Tools

Aug 11, 2023

Blog / Technical Research

Badge of Shame - Breaking Into Secure Facilities with OSDP

Aug 09, 2023

Event

Bishop Fox to Present at DEF CON 31 & Sponsor the Red Team Village

August 10-13, 2023

Event

Dan Petro & David Vargas to Present at Black Hat USA 2023

August 9-10, 2023

Blog / Advisories

EzAdsPro BlackBox Advisory

Jan 25, 2023

Resource / Workshops & Training

CVE Spotlight: Breaking Down Zimbra’s RCE Vulnerabilities

Nov 02, 2022

Resource / Virtual Sessions

Tool Talk: Unredacter

Sep 01, 2022

Blog / Technical Research

You're (Still) Doing IoT RNG

Aug 24, 2022

Event

Join Bishop Fox at Developer Land Digital

Past Event

Blog / Technical Research

Never, Ever, Ever Use Pixelation for Redacting Text

Feb 15, 2022

Resource / Virtual Sessions

Tool Talk: Eyeballer

Jan 17, 2022

Resource / Virtual Sessions

Log4j Vulnerability: A Fireside Chat

Jan 16, 2022

Resource / Workshops & Training

Unredacter Challenge: John L.'s Solution

Dec 30, 2021

Resource / Workshops & Training

Unredacter Challenge: Shawn A.'s Solution

Dec 28, 2021

Blog / Technical Research

How Bishop Fox Has Been Identifying and Exploiting Log4shell

Dec 27, 2021

Resource / Workshops & Training

Unredacter Challenge: Alejandro's Solution

Dec 27, 2021

Blog / Technical Research

Eyeballer 2.0 Web Interface and Other New Features

Nov 15, 2021

Resource / Guides

Eyeballer: Automating Security Triage with Machine Learning

Oct 14, 2021

Blog / Technical Research

You're Doing IoT RNG

Aug 05, 2021

Event

Meet Us In Person! Bishop Fox to Sponsor and Present at DEF CON 29

Past Event

Blog / Industry

SCOTUS CFAA Ruling: What does it mean for pen testers and security?

Jun 04, 2021

Blog / Industry

Understanding the Driving Factors of a Pen Test

Mar 09, 2021

Event

Supporting the Arizona Security Community at CactusCon 9

Past Event

Blog / Industry

What We Know (And Don’t) About The SolarWinds Orion Hack So Far

Dec 15, 2020

Blog / Industry

Cheating at Online Video Games and What It Can Teach Us About AppSec (Part 3)

Nov 10, 2020

Blog / Industry

Cheating at Online Video Games and What It Can Teach Us About AppSec (Part 2)

Nov 02, 2020

Blog / Industry

Cheating at Online Video Games and What It Can Teach Us About AppSec (Part 1)

Oct 29, 2020

Blog / Industry

Accidentally Secure Is Not Secure: A Case of Three Stooges Syndrome

Oct 20, 2020

Blog / Industry

Stop Treating Breaches Like Natural Disasters: A New Mindset for Application Security

Jun 25, 2020

Resource / Workshops & Training

Dufflebag Deep Dive: Uncovering Secrets in Exposed EBS Volumes

Jun 03, 2020

Event

Joe DeMesy and Dan Petro to Present at Pycon

Past Event

Blog / Technical Research

Dufflebag: Uncovering Secrets in Exposed EBS Volumes

Feb 03, 2020

Blog / Industry

Cybersecurity Fatalism - How It Poisons Your Decision Making

Sep 02, 2019

Blog / Technical Research

Meet Eyeballer: An AI-powered, Open Source Tool for Assessing External Perimeters

Aug 08, 2019

Blog / Industry

WPA3 Is a Major Missed Opportunity: Here's Why

Jun 30, 2018

Blog / Technical Research

The CIA Leak: A Look On the Bright Side...

Mar 08, 2017

Resource / Workshops & Training

Game Over, Man! – Reversing Video Games to Create an Unbeatable AI Player

Aug 25, 2016

Blog / Technical Research

Game Over, Man! Reversing Video Games to Create an Unbeatable AI Player

Aug 10, 2016

Blog / Technical Research

On the "Brink" of a Robbery

Jul 28, 2015

Blog / Technical Research

Untwisting the Mersenne Twister: How I Killed the PRNG

Aug 05, 2014

Blog / Technical Research

The Rickmote Controller: Hacking One Chromecast at a Time

Jul 16, 2014