As a Principal Security Engineer for the Bishop Fox Capability Development team, Dan builds hacker tools, focusing on attack surface discovery. Dan has extensive experience with application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. He has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. He has developed several open-source tools including Untwister, which breaks pseudorandom number generators and Unredacter, a tool that takes unredacted, pixelized text and reverses it back into its unredacted form. Additionally, Dan has been quoted in Wired, The Guardian, Business Insider, and Mashable. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.
From Dan Petro
Resource / Virtual Sessions
AI Security in the Age of Project Glasswing & GPT-5.4 Cyber
Apr 15, 2026
Resource / Virtual Sessions
Application Security: Getting More Out of Your Pen Tests
Jan 06, 2026
Resource / Guides
Fortifying Your Applications: A Guide to Penetration Testing
Dec 04, 2025
Blog / Industry
What Will Shape Cybersecurity in 2026: AI Speed, Expanding Attack Surfaces, and Specialized Red Teams
Dec 03, 2025
Event
Meet Bishop Fox at CactusCon 2026
February 6-7, 2026
Event
Dan Petro to Speak at RSTCON
September 13-15, 2024
Resource / Virtual Sessions
Offensive Security Arsenal: Building and Mastering Custom Security Tools
Aug 11, 2023
Blog / Technical Research
Badge of Shame - Breaking Into Secure Facilities with OSDP
Aug 09, 2023
Event
Bishop Fox to Present at DEF CON 31 & Sponsor the Red Team Village
August 10-13, 2023
Event
Dan Petro & David Vargas to Present at Black Hat USA 2023
August 9-10, 2023
Blog / Advisories
EzAdsPro BlackBox Advisory
Jan 25, 2023
Resource / Workshops & Training
CVE Spotlight: Breaking Down Zimbra’s RCE Vulnerabilities
Nov 02, 2022
Resource / Virtual Sessions
Tool Talk: Unredacter
Sep 01, 2022
Blog / Technical Research
You're (Still) Doing IoT RNG
Aug 24, 2022
Event
Join Bishop Fox at Developer Land Digital
Past Event
Blog / Technical Research
Never, Ever, Ever Use Pixelation for Redacting Text
Feb 15, 2022
Resource / Virtual Sessions
Tool Talk: Eyeballer
Jan 17, 2022
Resource / Virtual Sessions
Log4j Vulnerability: A Fireside Chat
Jan 16, 2022
Resource / Workshops & Training
Unredacter Challenge: John L.'s Solution
Dec 30, 2021
Resource / Workshops & Training
Unredacter Challenge: Shawn A.'s Solution
Dec 28, 2021
Blog / Technical Research
How Bishop Fox Has Been Identifying and Exploiting Log4shell
Dec 27, 2021
Resource / Workshops & Training
Unredacter Challenge: Alejandro's Solution
Dec 27, 2021
Blog / Technical Research
Eyeballer 2.0 Web Interface and Other New Features
Nov 15, 2021
Resource / Guides
Eyeballer: Automating Security Triage with Machine Learning
Oct 14, 2021
Blog / Technical Research
You're Doing IoT RNG
Aug 05, 2021
Event
Meet Us In Person! Bishop Fox to Sponsor and Present at DEF CON 29
Past Event
Blog / Industry
SCOTUS CFAA Ruling: What does it mean for pen testers and security?
Jun 04, 2021
Blog / Industry
Understanding the Driving Factors of a Pen Test
Mar 09, 2021
Event
Supporting the Arizona Security Community at CactusCon 9
Past Event
Blog / Industry
What We Know (And Don’t) About The SolarWinds Orion Hack So Far
Dec 15, 2020
Blog / Industry
Cheating at Online Video Games and What It Can Teach Us About AppSec (Part 3)
Nov 10, 2020
Blog / Industry
Cheating at Online Video Games and What It Can Teach Us About AppSec (Part 2)
Nov 02, 2020
Blog / Industry
Cheating at Online Video Games and What It Can Teach Us About AppSec (Part 1)
Oct 29, 2020
Blog / Industry
Accidentally Secure Is Not Secure: A Case of Three Stooges Syndrome
Oct 20, 2020
Blog / Industry
Stop Treating Breaches Like Natural Disasters: A New Mindset for Application Security
Jun 25, 2020
Resource / Workshops & Training
Dufflebag Deep Dive: Uncovering Secrets in Exposed EBS Volumes
Jun 03, 2020
Event
Joe DeMesy and Dan Petro to Present at Pycon
Past Event
Blog / Technical Research
Dufflebag: Uncovering Secrets in Exposed EBS Volumes
Feb 03, 2020
Blog / Industry
Cybersecurity Fatalism - How It Poisons Your Decision Making
Sep 02, 2019
Blog / Technical Research
Meet Eyeballer: An AI-powered, Open Source Tool for Assessing External Perimeters
Aug 08, 2019
Blog / Industry
WPA3 Is a Major Missed Opportunity: Here's Why
Jun 30, 2018
Blog / Technical Research
The CIA Leak: A Look On the Bright Side...
Mar 08, 2017
Resource / Workshops & Training
Game Over, Man! – Reversing Video Games to Create an Unbeatable AI Player
Aug 25, 2016
Blog / Technical Research
Game Over, Man! Reversing Video Games to Create an Unbeatable AI Player
Aug 10, 2016
Blog / Technical Research
On the "Brink" of a Robbery
Jul 28, 2015
Blog / Technical Research
Untwisting the Mersenne Twister: How I Killed the PRNG
Aug 05, 2014
Blog / Technical Research
The Rickmote Controller: Hacking One Chromecast at a Time
Jul 16, 2014