Bishop Fox
@bishopfox.bsky.social
A leading provider of #offensivesecurity solutions & contributor to the #infosec community. #pentesting #hacking
Pinned
Bishop Fox
@bishopfox.bsky.social
· Jan 28
Hello, Bluesky!
We’re Bishop Fox, leaders in offensive security for nearly 20 years. From pentesting to attack surface management with Cosmos, we help organizations stay ahead of attackers.
Follow us for insights, research, and cybersecurity updates!
#cybersecurity #offensivesecurity #pentesting
We’re Bishop Fox, leaders in offensive security for nearly 20 years. From pentesting to attack surface management with Cosmos, we help organizations stay ahead of attackers.
Follow us for insights, research, and cybersecurity updates!
#cybersecurity #offensivesecurity #pentesting
Tool Spotlight: Unredacter
Pixelation ≠ redaction.
Unredacter proves it.
Play with the tool → bishopfox.com/tools/unreda...
Pixelation ≠ redaction.
Unredacter proves it.
Play with the tool → bishopfox.com/tools/unreda...
December 11, 2025 at 9:51 PM
Tool Spotlight: Unredacter
Pixelation ≠ redaction.
Unredacter proves it.
Play with the tool → bishopfox.com/tools/unreda...
Pixelation ≠ redaction.
Unredacter proves it.
Play with the tool → bishopfox.com/tools/unreda...
AI is shaking up cybersecurity, and if you’re still red teaming like it’s 2020… why? Attackers definitely aren’t. AI is making them faster and way more creative.
Join Trevin Edgeworth tomorrow to hear how we’re evolving our Red Teaming to keep up: bishopfox.com/resources/re...
Join Trevin Edgeworth tomorrow to hear how we’re evolving our Red Teaming to keep up: bishopfox.com/resources/re...
December 10, 2025 at 9:28 PM
AI is shaking up cybersecurity, and if you’re still red teaming like it’s 2020… why? Attackers definitely aren’t. AI is making them faster and way more creative.
Join Trevin Edgeworth tomorrow to hear how we’re evolving our Red Teaming to keep up: bishopfox.com/resources/re...
Join Trevin Edgeworth tomorrow to hear how we’re evolving our Red Teaming to keep up: bishopfox.com/resources/re...
We’re LIVE!
Sliver Workshop Part 3: Building Better Encoders is starting now.
Join us to learn how Sliver handles traffic encoding and how to build custom WebAssembly-based encoders: bishopfox.com/resources/sl...
Sliver Workshop Part 3: Building Better Encoders is starting now.
Join us to learn how Sliver handles traffic encoding and how to build custom WebAssembly-based encoders: bishopfox.com/resources/sl...
Sliver Workshop Part 3: Building Better Encoders
Third Sliver workshop, we will cover how Sliver handles traffic encoding by default and how attackers can extend its capabilities with custom encoders.
bishopfox.com
December 9, 2025 at 7:05 PM
We’re LIVE!
Sliver Workshop Part 3: Building Better Encoders is starting now.
Join us to learn how Sliver handles traffic encoding and how to build custom WebAssembly-based encoders: bishopfox.com/resources/sl...
Sliver Workshop Part 3: Building Better Encoders is starting now.
Join us to learn how Sliver handles traffic encoding and how to build custom WebAssembly-based encoders: bishopfox.com/resources/sl...
New guide out today: Fortifying Applications: A Security Guide to Penetration Testing. It explains what a modern application pen test should include, how to ask the right questions, and how to get real value from your engagement.
Full guide here: bishopfox.com/resources/ap...
Full guide here: bishopfox.com/resources/ap...
Fortifying Your Application: A Guide to Application Penetration…
Explore key aspects of application pen testing and our top 20 tips to make the most of your pen test based on two decades of experience. Download the guide
bishopfox.com
December 9, 2025 at 4:59 PM
New guide out today: Fortifying Applications: A Security Guide to Penetration Testing. It explains what a modern application pen test should include, how to ask the right questions, and how to get real value from your engagement.
Full guide here: bishopfox.com/resources/ap...
Full guide here: bishopfox.com/resources/ap...
Happening tomorrow!
Sliver Workshop: Building Better Encoders
2 p.m. ET / 7 p.m. GMT
Join via Discord or our site.
Tim Makram Ghatas will cover Sliver’s encoding defaults, WebAssembly, and how to design/test custom encoders.
Sliver Workshop: Building Better Encoders
2 p.m. ET / 7 p.m. GMT
Join via Discord or our site.
Tim Makram Ghatas will cover Sliver’s encoding defaults, WebAssembly, and how to design/test custom encoders.
December 8, 2025 at 8:19 PM
Happening tomorrow!
Sliver Workshop: Building Better Encoders
2 p.m. ET / 7 p.m. GMT
Join via Discord or our site.
Tim Makram Ghatas will cover Sliver’s encoding defaults, WebAssembly, and how to design/test custom encoders.
Sliver Workshop: Building Better Encoders
2 p.m. ET / 7 p.m. GMT
Join via Discord or our site.
Tim Makram Ghatas will cover Sliver’s encoding defaults, WebAssembly, and how to design/test custom encoders.
We dug into the Arista NG Firewall CVEs and found the impact goes far beyond the initial advisory, including a viable XSS to RCE chain and a patch that doesn’t fully mitigate the underlying issues.
December 5, 2025 at 5:42 PM
We dug into the Arista NG Firewall CVEs and found the impact goes far beyond the initial advisory, including a viable XSS to RCE chain and a patch that doesn’t fully mitigate the underlying issues.
Tool Spotlight: GitGot
Quickly scan GitHub for exposed secrets using flexible filtering and fuzzy matching.
Built to make large search results easier to work through.
Quickly scan GitHub for exposed secrets using flexible filtering and fuzzy matching.
Built to make large search results easier to work through.
December 5, 2025 at 5:02 PM
Tool Spotlight: GitGot
Quickly scan GitHub for exposed secrets using flexible filtering and fuzzy matching.
Built to make large search results easier to work through.
Quickly scan GitHub for exposed secrets using flexible filtering and fuzzy matching.
Built to make large search results easier to work through.
2026 is going to push security teams harder than any year before it.
More AI. More connected systems. More attacker automation.
Our leadership team breaks down the forces that will reshape pen testing, CISO priorities, hardware security, and Red Team specialization next year.
More AI. More connected systems. More attacker automation.
Our leadership team breaks down the forces that will reshape pen testing, CISO priorities, hardware security, and Red Team specialization next year.
December 4, 2025 at 9:16 PM
2026 is going to push security teams harder than any year before it.
More AI. More connected systems. More attacker automation.
Our leadership team breaks down the forces that will reshape pen testing, CISO priorities, hardware security, and Red Team specialization next year.
More AI. More connected systems. More attacker automation.
Our leadership team breaks down the forces that will reshape pen testing, CISO priorities, hardware security, and Red Team specialization next year.
Reposted by Bishop Fox
My team confirmed that recently disclosed Arista NGFW vulnerabilities are fully exploitable! RCE is possible with victim interaction. More details coming soon to our blog: bishopfox.com/blog
December 4, 2025 at 11:48 AM
My team confirmed that recently disclosed Arista NGFW vulnerabilities are fully exploitable! RCE is possible with victim interaction. More details coming soon to our blog: bishopfox.com/blog
AI is changing attacks and expectations for security leaders.
On Dec 11, Trevin Edgeworth discusses how Red Teaming helps validate resilience against AI-driven threats.
2 p.m. ET
Save your seat: bishopfox.com/resources/re...
On Dec 11, Trevin Edgeworth discusses how Red Teaming helps validate resilience against AI-driven threats.
2 p.m. ET
Save your seat: bishopfox.com/resources/re...
December 3, 2025 at 3:51 PM
AI is changing attacks and expectations for security leaders.
On Dec 11, Trevin Edgeworth discusses how Red Teaming helps validate resilience against AI-driven threats.
2 p.m. ET
Save your seat: bishopfox.com/resources/re...
On Dec 11, Trevin Edgeworth discusses how Red Teaming helps validate resilience against AI-driven threats.
2 p.m. ET
Save your seat: bishopfox.com/resources/re...
Our next Sliver Workshop lands Dec 9.
This session covers building better encoders, how Sliver handles traffic encoding, and how to extend it with custom Wasm-based techniques.
Hosted by Senior Security Consultant Tim Makram Ghatas.
This session covers building better encoders, how Sliver handles traffic encoding, and how to extend it with custom Wasm-based techniques.
Hosted by Senior Security Consultant Tim Makram Ghatas.
December 2, 2025 at 10:00 PM
Our next Sliver Workshop lands Dec 9.
This session covers building better encoders, how Sliver handles traffic encoding, and how to extend it with custom Wasm-based techniques.
Hosted by Senior Security Consultant Tim Makram Ghatas.
This session covers building better encoders, how Sliver handles traffic encoding, and how to extend it with custom Wasm-based techniques.
Hosted by Senior Security Consultant Tim Makram Ghatas.
Bishop Fox and acceligence are partnering to give organizations a more complete view of cyber risk, one that spans both strategic decisions and the realities of modern attacker techniques.
December 1, 2025 at 7:32 PM
Bishop Fox and acceligence are partnering to give organizations a more complete view of cyber risk, one that spans both strategic decisions and the realities of modern attacker techniques.
On Dec 11, Red Team Practice Director Trevin Edgeworth breaks down how modern Red Teaming helps leaders see real attack paths, validate resilience, and make sharper decisions in an AI-driven threat landscape.
2 p.m. ET / 7 p.m. GMT
2 p.m. ET / 7 p.m. GMT
November 26, 2025 at 7:41 PM
On Dec 11, Red Team Practice Director Trevin Edgeworth breaks down how modern Red Teaming helps leaders see real attack paths, validate resilience, and make sharper decisions in an AI-driven threat landscape.
2 p.m. ET / 7 p.m. GMT
2 p.m. ET / 7 p.m. GMT
Tool Spotlight: Broken Hill
If you’re exploring LLM security or Red Teaming, Broken Hill is worth a look. It automates GCG-style jailbreak testing so you can safely probe model weaknesses without heavy hardware.
Open-source here: github.com/BishopFox/Br...
If you’re exploring LLM security or Red Teaming, Broken Hill is worth a look. It automates GCG-style jailbreak testing so you can safely probe model weaknesses without heavy hardware.
Open-source here: github.com/BishopFox/Br...
November 20, 2025 at 7:03 PM
Tool Spotlight: Broken Hill
If you’re exploring LLM security or Red Teaming, Broken Hill is worth a look. It automates GCG-style jailbreak testing so you can safely probe model weaknesses without heavy hardware.
Open-source here: github.com/BishopFox/Br...
If you’re exploring LLM security or Red Teaming, Broken Hill is worth a look. It automates GCG-style jailbreak testing so you can safely probe model weaknesses without heavy hardware.
Open-source here: github.com/BishopFox/Br...
We’re live at BugCon!
Training kicks off today with Samanta, Axel, and Juan and we’ll be at the booth all conference long.
If you’re in CDMX, come stop by. We’d love to meet you.
¡Bienvenidos a BugCon 2025!
bishopfox.com/events/bugco...
Training kicks off today with Samanta, Axel, and Juan and we’ll be at the booth all conference long.
If you’re in CDMX, come stop by. We’d love to meet you.
¡Bienvenidos a BugCon 2025!
bishopfox.com/events/bugco...
November 19, 2025 at 2:31 PM
We’re live at BugCon!
Training kicks off today with Samanta, Axel, and Juan and we’ll be at the booth all conference long.
If you’re in CDMX, come stop by. We’d love to meet you.
¡Bienvenidos a BugCon 2025!
bishopfox.com/events/bugco...
Training kicks off today with Samanta, Axel, and Juan and we’ll be at the booth all conference long.
If you’re in CDMX, come stop by. We’d love to meet you.
¡Bienvenidos a BugCon 2025!
bishopfox.com/events/bugco...
🔴 LIVE NOW: Peeling Back the Plastic
Nick Cerne is demoing how researchers uncover 0-days hidden inside everyday IoT devices from firmware to hardware to mobile apps.
Jump in here ⬇️
bishopfox.com/resources/pe...
Nick Cerne is demoing how researchers uncover 0-days hidden inside everyday IoT devices from firmware to hardware to mobile apps.
Jump in here ⬇️
bishopfox.com/resources/pe...
Peeling Back the Plastic: Finding 0-Days in IoT Devices
Nick Cerne teaches hands-on techniques for uncovering hidden vulnerabilities in consumer IoT devices and advancing your IoT security research skills.
bishopfox.com
November 18, 2025 at 7:14 PM
🔴 LIVE NOW: Peeling Back the Plastic
Nick Cerne is demoing how researchers uncover 0-days hidden inside everyday IoT devices from firmware to hardware to mobile apps.
Jump in here ⬇️
bishopfox.com/resources/pe...
Nick Cerne is demoing how researchers uncover 0-days hidden inside everyday IoT devices from firmware to hardware to mobile apps.
Jump in here ⬇️
bishopfox.com/resources/pe...
We’ll be at #BSidesATL Saturday, Nov 15 as a Silver Sponsor!
Come say hi at the Bishop Fox booth, meet the team, and talk all things offensive security.
KSU Center – Kennesaw, GA
Come say hi at the Bishop Fox booth, meet the team, and talk all things offensive security.
KSU Center – Kennesaw, GA
November 7, 2025 at 8:00 PM
We’ll be at #BSidesATL Saturday, Nov 15 as a Silver Sponsor!
Come say hi at the Bishop Fox booth, meet the team, and talk all things offensive security.
KSU Center – Kennesaw, GA
Come say hi at the Bishop Fox booth, meet the team, and talk all things offensive security.
KSU Center – Kennesaw, GA
Want to really understand LLM security?
Our latest blog breaks down the best Capture the Flag challenges for testing and defending large language models.
Full list: bishopfox.com/blog/ready-t...
Our latest blog breaks down the best Capture the Flag challenges for testing and defending large language models.
Full list: bishopfox.com/blog/ready-t...
November 6, 2025 at 9:49 PM
Want to really understand LLM security?
Our latest blog breaks down the best Capture the Flag challenges for testing and defending large language models.
Full list: bishopfox.com/blog/ready-t...
Our latest blog breaks down the best Capture the Flag challenges for testing and defending large language models.
Full list: bishopfox.com/blog/ready-t...
Definitely worth a listen. Two great minds in cybersec!
Matt Johansen: Vulnerability and Mental Health in Cybersecurity.
Matt Johansen: Vulnerability and Mental Health in Cybersecurity. - Phillip Wylie
About the Guest: Matt Johanson, known as Matt J, is a seasoned cybersecurity professional and an active content creator within the industry. With a rich background that spans across various facets of cybersecurity, Matt’s expertise ranges from practical experience in offensive security to leadership roles in software security. His journey began with computer programming in…
thehackermaker.com
November 5, 2025 at 9:07 PM
Definitely worth a listen. Two great minds in cybersec!
Happening tomorrow at OWASP Global AppSec in DC:
Senior Security Consultant Nick Cerne will present “Peeling Back the Plastic: Finding 0-Days in IoT Devices.”
And join us Friday night at Flight Club for drinks, darts, and good times!
Nov. 6-7 | Washington, D.C.
RSVP: partiful.com/e/otaKEF0mqB...
Senior Security Consultant Nick Cerne will present “Peeling Back the Plastic: Finding 0-Days in IoT Devices.”
And join us Friday night at Flight Club for drinks, darts, and good times!
Nov. 6-7 | Washington, D.C.
RSVP: partiful.com/e/otaKEF0mqB...
November 5, 2025 at 7:23 PM
Happening tomorrow at OWASP Global AppSec in DC:
Senior Security Consultant Nick Cerne will present “Peeling Back the Plastic: Finding 0-Days in IoT Devices.”
And join us Friday night at Flight Club for drinks, darts, and good times!
Nov. 6-7 | Washington, D.C.
RSVP: partiful.com/e/otaKEF0mqB...
Senior Security Consultant Nick Cerne will present “Peeling Back the Plastic: Finding 0-Days in IoT Devices.”
And join us Friday night at Flight Club for drinks, darts, and good times!
Nov. 6-7 | Washington, D.C.
RSVP: partiful.com/e/otaKEF0mqB...
New from Bishop Fox: Burp Variables, a Burp Suite extension that automates variable handling.
Define once. Reuse everywhere. No more manual token edits!
bishopfox.com/blog/burp-va...
Define once. Reuse everywhere. No more manual token edits!
bishopfox.com/blog/burp-va...
October 16, 2025 at 3:46 PM
New from Bishop Fox: Burp Variables, a Burp Suite extension that automates variable handling.
Define once. Reuse everywhere. No more manual token edits!
bishopfox.com/blog/burp-va...
Define once. Reuse everywhere. No more manual token edits!
bishopfox.com/blog/burp-va...
Tomorrow @ 2 EDT: Demystifying 5G Security w/ Drew Jones.
Real-world tactics for testing & defending 5G networks.
Save your seat: bishopfox.com/resources/5g...
Real-world tactics for testing & defending 5G networks.
Save your seat: bishopfox.com/resources/5g...
October 15, 2025 at 8:32 PM
Tomorrow @ 2 EDT: Demystifying 5G Security w/ Drew Jones.
Real-world tactics for testing & defending 5G networks.
Save your seat: bishopfox.com/resources/5g...
Real-world tactics for testing & defending 5G networks.
Save your seat: bishopfox.com/resources/5g...
Working on DORA compliance?
Bishop Fox’s FAQ guide breaks down Threat-Led Pen Testing from planning to reporting.
bishopfox.com/resources/gu...
#DORA #TLPT
Bishop Fox’s FAQ guide breaks down Threat-Led Pen Testing from planning to reporting.
bishopfox.com/resources/gu...
#DORA #TLPT
October 14, 2025 at 4:04 PM
Working on DORA compliance?
Bishop Fox’s FAQ guide breaks down Threat-Led Pen Testing from planning to reporting.
bishopfox.com/resources/gu...
#DORA #TLPT
Bishop Fox’s FAQ guide breaks down Threat-Led Pen Testing from planning to reporting.
bishopfox.com/resources/gu...
#DORA #TLPT
A $20 smart device. A curious researcher.
Bishop Fox’s Nick Cerne found some new vulnerabilities that could literally open your front door.
Read his story → bishopfox.com/blog/how-a-2...
#IoTSecurity
Bishop Fox’s Nick Cerne found some new vulnerabilities that could literally open your front door.
Read his story → bishopfox.com/blog/how-a-2...
#IoTSecurity
October 10, 2025 at 7:48 PM
A $20 smart device. A curious researcher.
Bishop Fox’s Nick Cerne found some new vulnerabilities that could literally open your front door.
Read his story → bishopfox.com/blog/how-a-2...
#IoTSecurity
Bishop Fox’s Nick Cerne found some new vulnerabilities that could literally open your front door.
Read his story → bishopfox.com/blog/how-a-2...
#IoTSecurity
🚨 New Bishop Fox advisory: YoSmart YoLink Hub (v0382) found vulnerable.
Attackers could:
• Remotely control devices
• Intercept traffic
• Hijack sessions
Details: bishopfox.com/blog/yosmart...
Attackers could:
• Remotely control devices
• Intercept traffic
• Hijack sessions
Details: bishopfox.com/blog/yosmart...
Yolink Hub — VERSION 382 — SUMMARY
The following document describes identified vulnerabilities in the YoLink Hub smart device version 0382.
bishopfox.com
October 2, 2025 at 8:12 PM
🚨 New Bishop Fox advisory: YoSmart YoLink Hub (v0382) found vulnerable.
Attackers could:
• Remotely control devices
• Intercept traffic
• Hijack sessions
Details: bishopfox.com/blog/yosmart...
Attackers could:
• Remotely control devices
• Intercept traffic
• Hijack sessions
Details: bishopfox.com/blog/yosmart...