Bishop Fox
@bishopfox.bsky.social
A leading provider of #offensivesecurity solutions & contributor to the #infosec community. #pentesting #hacking
Pinned
Bishop Fox
@bishopfox.bsky.social
· Jan 28
Hello, Bluesky!
We’re Bishop Fox, leaders in offensive security for nearly 20 years. From pentesting to attack surface management with Cosmos, we help organizations stay ahead of attackers.
Follow us for insights, research, and cybersecurity updates!
#cybersecurity #offensivesecurity #pentesting
We’re Bishop Fox, leaders in offensive security for nearly 20 years. From pentesting to attack surface management with Cosmos, we help organizations stay ahead of attackers.
Follow us for insights, research, and cybersecurity updates!
#cybersecurity #offensivesecurity #pentesting
We’re heading to @cactuscon.com 14!
Bishop Fox is sponsoring again this year, with talks from Dan Petro and Nate Robb on EDR evasion and real-world CVE prioritization. And we’ll be around all weekend to talk tradecraft, research, and offsec!
Feb 6-7 | Mesa, AZ
Bishop Fox is sponsoring again this year, with talks from Dan Petro and Nate Robb on EDR evasion and real-world CVE prioritization. And we’ll be around all weekend to talk tradecraft, research, and offsec!
Feb 6-7 | Mesa, AZ
January 29, 2026 at 6:30 PM
We’re heading to @cactuscon.com 14!
Bishop Fox is sponsoring again this year, with talks from Dan Petro and Nate Robb on EDR evasion and real-world CVE prioritization. And we’ll be around all weekend to talk tradecraft, research, and offsec!
Feb 6-7 | Mesa, AZ
Bishop Fox is sponsoring again this year, with talks from Dan Petro and Nate Robb on EDR evasion and real-world CVE prioritization. And we’ll be around all weekend to talk tradecraft, research, and offsec!
Feb 6-7 | Mesa, AZ
Happening tomorrow!
Join @datadoghq.com’s State of Cloud Security livestream with Senior Security Consultant @alethe.bsky.social for an attacker-focused breakdown of what the cloud security data is really showing.
Jan 27 | 12 p.m. ET
Join @datadoghq.com’s State of Cloud Security livestream with Senior Security Consultant @alethe.bsky.social for an attacker-focused breakdown of what the cloud security data is really showing.
Jan 27 | 12 p.m. ET
January 26, 2026 at 10:05 PM
Happening tomorrow!
Join @datadoghq.com’s State of Cloud Security livestream with Senior Security Consultant @alethe.bsky.social for an attacker-focused breakdown of what the cloud security data is really showing.
Jan 27 | 12 p.m. ET
Join @datadoghq.com’s State of Cloud Security livestream with Senior Security Consultant @alethe.bsky.social for an attacker-focused breakdown of what the cloud security data is really showing.
Jan 27 | 12 p.m. ET
Cloud environments are so noisy.
CloudFox helps surface the good stuff: real attack paths in AWS and GCP.
Try it on GitHub: github.com/BishopFox/cl...
CloudFox helps surface the good stuff: real attack paths in AWS and GCP.
Try it on GitHub: github.com/BishopFox/cl...
January 15, 2026 at 8:33 PM
Cloud environments are so noisy.
CloudFox helps surface the good stuff: real attack paths in AWS and GCP.
Try it on GitHub: github.com/BishopFox/cl...
CloudFox helps surface the good stuff: real attack paths in AWS and GCP.
Try it on GitHub: github.com/BishopFox/cl...
We're excited to see Senior Security Consultant @alethe.bsky.social joining @datadoghq.com later this month for a live discussion on their State of Cloud Security Report.
January 27 @ 12 p.m. EST
January 27 @ 12 p.m. EST
January 15, 2026 at 5:19 PM
We're excited to see Senior Security Consultant @alethe.bsky.social joining @datadoghq.com later this month for a live discussion on their State of Cloud Security Report.
January 27 @ 12 p.m. EST
January 27 @ 12 p.m. EST
Choosing a red team vendor is really about who delivers clarity when decisions matter.
January 13, 2026 at 9:56 PM
Choosing a red team vendor is really about who delivers clarity when decisions matter.
If you’re doing an application pen test, it should actually help you understand risk.
On Jan 21, Dan Petro walks through how app pen tests work in practice, common gaps, and how to get better results in modern, API-heavy environments.
bishopfox.com/resources/ap...
On Jan 21, Dan Petro walks through how app pen tests work in practice, common gaps, and how to get better results in modern, API-heavy environments.
bishopfox.com/resources/ap...
January 8, 2026 at 8:20 PM
If you’re doing an application pen test, it should actually help you understand risk.
On Jan 21, Dan Petro walks through how app pen tests work in practice, common gaps, and how to get better results in modern, API-heavy environments.
bishopfox.com/resources/ap...
On Jan 21, Dan Petro walks through how app pen tests work in practice, common gaps, and how to get better results in modern, API-heavy environments.
bishopfox.com/resources/ap...
Pen tests work best when security and engineering are on the same page.
This free guide explains how application penetration testing fits into modern development, what good testing looks like, and how to use results to improve security over time: bishopfox.com/resources/ap...
This free guide explains how application penetration testing fits into modern development, what good testing looks like, and how to use results to improve security over time: bishopfox.com/resources/ap...
Fortifying Your Application: A Guide to Application Penetration…
Explore key aspects of application pen testing and our top 20 tips to make the most of your pen test based on two decades of experience. Download the guide
bishopfox.com
January 5, 2026 at 7:54 PM
Pen tests work best when security and engineering are on the same page.
This free guide explains how application penetration testing fits into modern development, what good testing looks like, and how to use results to improve security over time: bishopfox.com/resources/ap...
This free guide explains how application penetration testing fits into modern development, what good testing looks like, and how to use results to improve security over time: bishopfox.com/resources/ap...
And just like that… 2025 is a wrap.
Check out our top research, virtual sessions, blogs, and new tools of the year!
Special acknowledgements: @alethe.bsky.social, @br4inde4d.bsky.social, @noperator.bsky.social
Check out our top research, virtual sessions, blogs, and new tools of the year!
Special acknowledgements: @alethe.bsky.social, @br4inde4d.bsky.social, @noperator.bsky.social
December 24, 2025 at 12:16 AM
And just like that… 2025 is a wrap.
Check out our top research, virtual sessions, blogs, and new tools of the year!
Special acknowledgements: @alethe.bsky.social, @br4inde4d.bsky.social, @noperator.bsky.social
Check out our top research, virtual sessions, blogs, and new tools of the year!
Special acknowledgements: @alethe.bsky.social, @br4inde4d.bsky.social, @noperator.bsky.social
Tool Spotlight: IAM Vulnerable
IAM Vulnerable is an open source playground that spins up intentionally vulnerable IAM configs so you can practice finding and exploiting real privesc paths safely.
Try it: github.com/BishopFox/ia...
More info: bishopfox.com/tools/iam-vu...
IAM Vulnerable is an open source playground that spins up intentionally vulnerable IAM configs so you can practice finding and exploiting real privesc paths safely.
Try it: github.com/BishopFox/ia...
More info: bishopfox.com/tools/iam-vu...
December 19, 2025 at 4:36 PM
Tool Spotlight: IAM Vulnerable
IAM Vulnerable is an open source playground that spins up intentionally vulnerable IAM configs so you can practice finding and exploiting real privesc paths safely.
Try it: github.com/BishopFox/ia...
More info: bishopfox.com/tools/iam-vu...
IAM Vulnerable is an open source playground that spins up intentionally vulnerable IAM configs so you can practice finding and exploiting real privesc paths safely.
Try it: github.com/BishopFox/ia...
More info: bishopfox.com/tools/iam-vu...
AADAPT gives us a shared language for attacks on digital-asset systems.
This post walks through how red teams can use AADAPT as a practical roadmap, starting with value flows and ending with real detection signals.
bishopfox.com/blog/mitre-a...
This post walks through how red teams can use AADAPT as a practical roadmap, starting with value flows and ending with real detection signals.
bishopfox.com/blog/mitre-a...
MITRE AADAPT Framework as a Red Team Roadmap
Learn how to operationalize MITRE AADAPT with red teaming to secure digital-asset systems, strengthen detection, and reduce economic risk.
bishopfox.com
December 17, 2025 at 10:32 PM
AADAPT gives us a shared language for attacks on digital-asset systems.
This post walks through how red teams can use AADAPT as a practical roadmap, starting with value flows and ending with real detection signals.
bishopfox.com/blog/mitre-a...
This post walks through how red teams can use AADAPT as a practical roadmap, starting with value flows and ending with real detection signals.
bishopfox.com/blog/mitre-a...
Reposted by Bishop Fox
Latest on #drThe Edge: Why a 17-Year-Old Built an AI to Expose #Deepfake Maps https://www.darkreading.com/threat-intelligence/why-17-year-old-built-ai-expose-deepfake-maps #cybersecurity #darkreading #thekidsareallright
Why a 17-Year-Old Built an AI to Expose Deepfake Maps
A high school student is tackling the overlooked risk of AI-generated satellite imagery that could mislead governments and emergency responders.
www.darkreading.com
December 17, 2025 at 1:11 PM
Latest on #drThe Edge: Why a 17-Year-Old Built an AI to Expose #Deepfake Maps https://www.darkreading.com/threat-intelligence/why-17-year-old-built-ai-expose-deepfake-maps #cybersecurity #darkreading #thekidsareallright
In the latest episode of The Entropy Podcast, Senior Security Consultant @alethe.bsky.social joins Francis Gorman to talk social engineering, DEF CON, ethics, mentorship, and how AI is changing the way attackers (and defenders) think about people: www.buzzsprout.com/2445415
December 16, 2025 at 6:19 PM
In the latest episode of The Entropy Podcast, Senior Security Consultant @alethe.bsky.social joins Francis Gorman to talk social engineering, DEF CON, ethics, mentorship, and how AI is changing the way attackers (and defenders) think about people: www.buzzsprout.com/2445415
If you’re likely going to set up/fix everyone’s new gadgets this holiday season, you deserve something cool too.
We just dropped a Hacker Holiday Gift Guide with gear, books, and tools hackers actually want, all sourced from our team and community.
bishopfox.com/blog/hacker-...
We just dropped a Hacker Holiday Gift Guide with gear, books, and tools hackers actually want, all sourced from our team and community.
bishopfox.com/blog/hacker-...
December 12, 2025 at 6:51 PM
If you’re likely going to set up/fix everyone’s new gadgets this holiday season, you deserve something cool too.
We just dropped a Hacker Holiday Gift Guide with gear, books, and tools hackers actually want, all sourced from our team and community.
bishopfox.com/blog/hacker-...
We just dropped a Hacker Holiday Gift Guide with gear, books, and tools hackers actually want, all sourced from our team and community.
bishopfox.com/blog/hacker-...
Tool Spotlight: Unredacter
Pixelation ≠ redaction.
Unredacter proves it.
Play with the tool → bishopfox.com/tools/unreda...
Pixelation ≠ redaction.
Unredacter proves it.
Play with the tool → bishopfox.com/tools/unreda...
December 11, 2025 at 9:51 PM
Tool Spotlight: Unredacter
Pixelation ≠ redaction.
Unredacter proves it.
Play with the tool → bishopfox.com/tools/unreda...
Pixelation ≠ redaction.
Unredacter proves it.
Play with the tool → bishopfox.com/tools/unreda...
AI is shaking up cybersecurity, and if you’re still red teaming like it’s 2020… why? Attackers definitely aren’t. AI is making them faster and way more creative.
Join Trevin Edgeworth tomorrow to hear how we’re evolving our Red Teaming to keep up: bishopfox.com/resources/re...
Join Trevin Edgeworth tomorrow to hear how we’re evolving our Red Teaming to keep up: bishopfox.com/resources/re...
December 10, 2025 at 9:28 PM
AI is shaking up cybersecurity, and if you’re still red teaming like it’s 2020… why? Attackers definitely aren’t. AI is making them faster and way more creative.
Join Trevin Edgeworth tomorrow to hear how we’re evolving our Red Teaming to keep up: bishopfox.com/resources/re...
Join Trevin Edgeworth tomorrow to hear how we’re evolving our Red Teaming to keep up: bishopfox.com/resources/re...
We’re LIVE!
Sliver Workshop Part 3: Building Better Encoders is starting now.
Join us to learn how Sliver handles traffic encoding and how to build custom WebAssembly-based encoders: bishopfox.com/resources/sl...
Sliver Workshop Part 3: Building Better Encoders is starting now.
Join us to learn how Sliver handles traffic encoding and how to build custom WebAssembly-based encoders: bishopfox.com/resources/sl...
Sliver Workshop Part 3: Building Better Encoders
Third Sliver workshop, we will cover how Sliver handles traffic encoding by default and how attackers can extend its capabilities with custom encoders.
bishopfox.com
December 9, 2025 at 7:05 PM
We’re LIVE!
Sliver Workshop Part 3: Building Better Encoders is starting now.
Join us to learn how Sliver handles traffic encoding and how to build custom WebAssembly-based encoders: bishopfox.com/resources/sl...
Sliver Workshop Part 3: Building Better Encoders is starting now.
Join us to learn how Sliver handles traffic encoding and how to build custom WebAssembly-based encoders: bishopfox.com/resources/sl...
New guide out today: Fortifying Applications: A Security Guide to Penetration Testing. It explains what a modern application pen test should include, how to ask the right questions, and how to get real value from your engagement.
Full guide here: bishopfox.com/resources/ap...
Full guide here: bishopfox.com/resources/ap...
Fortifying Your Application: A Guide to Application Penetration…
Explore key aspects of application pen testing and our top 20 tips to make the most of your pen test based on two decades of experience. Download the guide
bishopfox.com
December 9, 2025 at 4:59 PM
New guide out today: Fortifying Applications: A Security Guide to Penetration Testing. It explains what a modern application pen test should include, how to ask the right questions, and how to get real value from your engagement.
Full guide here: bishopfox.com/resources/ap...
Full guide here: bishopfox.com/resources/ap...
Happening tomorrow!
Sliver Workshop: Building Better Encoders
2 p.m. ET / 7 p.m. GMT
Join via Discord or our site.
Tim Makram Ghatas will cover Sliver’s encoding defaults, WebAssembly, and how to design/test custom encoders.
Sliver Workshop: Building Better Encoders
2 p.m. ET / 7 p.m. GMT
Join via Discord or our site.
Tim Makram Ghatas will cover Sliver’s encoding defaults, WebAssembly, and how to design/test custom encoders.
December 8, 2025 at 8:19 PM
Happening tomorrow!
Sliver Workshop: Building Better Encoders
2 p.m. ET / 7 p.m. GMT
Join via Discord or our site.
Tim Makram Ghatas will cover Sliver’s encoding defaults, WebAssembly, and how to design/test custom encoders.
Sliver Workshop: Building Better Encoders
2 p.m. ET / 7 p.m. GMT
Join via Discord or our site.
Tim Makram Ghatas will cover Sliver’s encoding defaults, WebAssembly, and how to design/test custom encoders.
We dug into the Arista NG Firewall CVEs and found the impact goes far beyond the initial advisory, including a viable XSS to RCE chain and a patch that doesn’t fully mitigate the underlying issues.
December 5, 2025 at 5:42 PM
We dug into the Arista NG Firewall CVEs and found the impact goes far beyond the initial advisory, including a viable XSS to RCE chain and a patch that doesn’t fully mitigate the underlying issues.
Tool Spotlight: GitGot
Quickly scan GitHub for exposed secrets using flexible filtering and fuzzy matching.
Built to make large search results easier to work through.
Quickly scan GitHub for exposed secrets using flexible filtering and fuzzy matching.
Built to make large search results easier to work through.
December 5, 2025 at 5:02 PM
Tool Spotlight: GitGot
Quickly scan GitHub for exposed secrets using flexible filtering and fuzzy matching.
Built to make large search results easier to work through.
Quickly scan GitHub for exposed secrets using flexible filtering and fuzzy matching.
Built to make large search results easier to work through.
2026 is going to push security teams harder than any year before it.
More AI. More connected systems. More attacker automation.
Our leadership team breaks down the forces that will reshape pen testing, CISO priorities, hardware security, and Red Team specialization next year.
More AI. More connected systems. More attacker automation.
Our leadership team breaks down the forces that will reshape pen testing, CISO priorities, hardware security, and Red Team specialization next year.
December 4, 2025 at 9:16 PM
2026 is going to push security teams harder than any year before it.
More AI. More connected systems. More attacker automation.
Our leadership team breaks down the forces that will reshape pen testing, CISO priorities, hardware security, and Red Team specialization next year.
More AI. More connected systems. More attacker automation.
Our leadership team breaks down the forces that will reshape pen testing, CISO priorities, hardware security, and Red Team specialization next year.
Reposted by Bishop Fox
My team confirmed that recently disclosed Arista NGFW vulnerabilities are fully exploitable! RCE is possible with victim interaction. More details coming soon to our blog: bishopfox.com/blog
December 4, 2025 at 11:48 AM
My team confirmed that recently disclosed Arista NGFW vulnerabilities are fully exploitable! RCE is possible with victim interaction. More details coming soon to our blog: bishopfox.com/blog
AI is changing attacks and expectations for security leaders.
On Dec 11, Trevin Edgeworth discusses how Red Teaming helps validate resilience against AI-driven threats.
2 p.m. ET
Save your seat: bishopfox.com/resources/re...
On Dec 11, Trevin Edgeworth discusses how Red Teaming helps validate resilience against AI-driven threats.
2 p.m. ET
Save your seat: bishopfox.com/resources/re...
December 3, 2025 at 3:51 PM
AI is changing attacks and expectations for security leaders.
On Dec 11, Trevin Edgeworth discusses how Red Teaming helps validate resilience against AI-driven threats.
2 p.m. ET
Save your seat: bishopfox.com/resources/re...
On Dec 11, Trevin Edgeworth discusses how Red Teaming helps validate resilience against AI-driven threats.
2 p.m. ET
Save your seat: bishopfox.com/resources/re...
Our next Sliver Workshop lands Dec 9.
This session covers building better encoders, how Sliver handles traffic encoding, and how to extend it with custom Wasm-based techniques.
Hosted by Senior Security Consultant Tim Makram Ghatas.
This session covers building better encoders, how Sliver handles traffic encoding, and how to extend it with custom Wasm-based techniques.
Hosted by Senior Security Consultant Tim Makram Ghatas.
December 2, 2025 at 10:00 PM
Our next Sliver Workshop lands Dec 9.
This session covers building better encoders, how Sliver handles traffic encoding, and how to extend it with custom Wasm-based techniques.
Hosted by Senior Security Consultant Tim Makram Ghatas.
This session covers building better encoders, how Sliver handles traffic encoding, and how to extend it with custom Wasm-based techniques.
Hosted by Senior Security Consultant Tim Makram Ghatas.
Bishop Fox and acceligence are partnering to give organizations a more complete view of cyber risk, one that spans both strategic decisions and the realities of modern attacker techniques.
December 1, 2025 at 7:32 PM
Bishop Fox and acceligence are partnering to give organizations a more complete view of cyber risk, one that spans both strategic decisions and the realities of modern attacker techniques.