Joined April 2013
- Tweets 12,177
- Following 4,338
- Followers 25,620
- Likes 19,359
2,953 Photos and videos
Jun 12
Ever wondered how security researchers go from a physical device to root access?
Join Bishop Fox consultants Marco Sanchez and Abdel Bolivar for a hands-on introduction to hardware hacking. Learn about debug interfaces, firmware extraction, embedded systems, and more.
Available in English and Spanish
1
469
Jun 12
Watch on our site or right in our Discord server:
Eng: bfx.social/4e4yiP0
Esp: bfx.social/4xriD3S
391
Jun 11
Researchers built an AI-powered worm that compromised nearly 75% of a simulated corporate network.
Shad Malloy’s response?
The real world is weird.
Broken workflows, strange systems, and Jackie from Accounting might be stronger defenses than people realize.
1
1
2
518
Jun 10
Happening today at 2 p.m. ET:
You can’t prevent every employee from being fooled.
You can (and should!) design systems so that one mistake doesn’t become a breach.
Join @AletheDenis as she explores why social engineering is ultimately a control design problem and what organizations can do to reduce risk in a world of phishing, vishing, deepfakes, and AI-enabled deception.
1
1
3
407
Jun 8
Sparkplug B is widely used across ICS and SCADA environments.
Until now, there wasn’t a publicly available security fuzzer built for it.
New research from David Colón and Shad Malloy explores how they built a Sparkplug B fuzzer covering all 9 message types, all 19 data types, and 87 protocol field paths with some help from AI.
1
2
3
473
Jun 5
What are Red Team Arts & Crafts?
Honestly, it can be a pretty important part of a successful red team engagement!
@BrandonKovacs on how a bit of craftiness saved the day on one of his.
1
1
1
544
Jun 5
Heading to @BSidesSATX next weekend?
The Bishop Fox team will be there and we’d love to connect.
Come talk offensive security, AI, Red Teaming, research, career growth, or whatever interesting problem you’re working on.
2
250
Jun 4
Do red teamers need to know how to code?
Leron Gray tackles that question in the latest Red Team episode of Initial Access.
And in the age of AI-assisted development, the answer may be changing.
1
3
337
Jun 3
We’re heading to @RBLN26!
Catch Wes Wright’s talk, Getting the Most Out of Security Testing: A Hacker’s Perspective, and stop by to talk red teaming, AI, attack paths, and offensive security with the Bishop Fox team.
We also have a limited number of tickets available. Reach out if you’d like one!
1
2
1
535
Jun 2
The newest episode of Initial Access is all about Red Teaming! Our consultants share stories about some of the wildest engagements they've ever been on, like this:
1
5
445
Jun 1
Attackers only need one person to believe the story.
Would your processes and controls turn that moment into a compromise?
@AletheDenis on why social engineering is a control design (not just awareness) problem
June 10 | 2 p.m. ET
2
1
7
656
May 29
Can you determine whether a PAN-OS GlobalProtect portal is vulnerable to CVE-2026-0265 from a single anonymous request?
Turns out you can.
New research from Jon Williams, John Untz, and the Bishop Fox team breaks down the detection technique and releases an open-source checker.
1
1
7
1,082