Joined April 2013
- Tweets 12,183
- Following 4,337
- Followers 25,609
- Likes 19,358
2,956 Photos and videos
Jun 17
Ever wondered where hardware hackers start when they get a new device?
This workshop covers the basics: identifying components, finding debug interfaces, extracting firmware, and understanding how embedded devices actually work.
With Marco Sanchez and Abdel Bolivar.
1
1
514
Jun 17
English session (June 23): bfx.social/4vOLSMi
Spanish session (June 24): bfx.social/3QJSkp0
Or watch on Discord!: bfx.social/4wgiDT5
1
413
Jun 16
What happens when the attacker succeeds anyway?
@AletheDenis explores why social engineering is ultimately a control design problem and why awareness training alone isn’t enough.
2
1
2
408
Jun 15
PCI DSS scope isn’t limited to traditional network segments anymore.
Now cloud infrastructure, SaaS platforms, IAM, and CI/CD pipelines can all play a role in an attack path to the CDE.
Derek Rush breaks down how Bishop Fox approaches modern PCI internal penetration testing.
1
5
300
Jun 12
Ever wondered how security researchers go from a physical device to root access?
Join Bishop Fox consultants Marco Sanchez and Abdel Bolivar for a hands-on introduction to hardware hacking. Learn about debug interfaces, firmware extraction, embedded systems, and more.
Available in English and Spanish
1
518
Jun 12
Watch on our site or right in our Discord server:
Eng: bfx.social/4e4yiP0
Esp: bfx.social/4xriD3S
414
Jun 11
Researchers built an AI-powered worm that compromised nearly 75% of a simulated corporate network.
Shad Malloy’s response?
The real world is weird.
Broken workflows, strange systems, and Jackie from Accounting might be stronger defenses than people realize.
1
1
2
532
Jun 10
Happening today at 2 p.m. ET:
You can’t prevent every employee from being fooled.
You can (and should!) design systems so that one mistake doesn’t become a breach.
Join @AletheDenis as she explores why social engineering is ultimately a control design problem and what organizations can do to reduce risk in a world of phishing, vishing, deepfakes, and AI-enabled deception.
1
1
3
421
Jun 8
Sparkplug B is widely used across ICS and SCADA environments.
Until now, there wasn’t a publicly available security fuzzer built for it.
New research from David Colón and Shad Malloy explores how they built a Sparkplug B fuzzer covering all 9 message types, all 19 data types, and 87 protocol field paths with some help from AI.
1
2
3
479
Jun 5
What are Red Team Arts & Crafts?
Honestly, it can be a pretty important part of a successful red team engagement!
@BrandonKovacs on how a bit of craftiness saved the day on one of his.
1
1
1
549
Jun 5
Heading to @BSidesSATX next weekend?
The Bishop Fox team will be there and we’d love to connect.
Come talk offensive security, AI, Red Teaming, research, career growth, or whatever interesting problem you’re working on.
2
254
Jun 4
Do red teamers need to know how to code?
Leron Gray tackles that question in the latest Red Team episode of Initial Access.
And in the age of AI-assisted development, the answer may be changing.
1
3
340
Jun 3
We’re heading to @RBLN26!
Catch Wes Wright’s talk, Getting the Most Out of Security Testing: A Hacker’s Perspective, and stop by to talk red teaming, AI, attack paths, and offensive security with the Bishop Fox team.
We also have a limited number of tickets available. Reach out if you’d like one!
1
2
1
538