Bishop Fox

In this clip, CISO Christie Terrill highlights a growing risk she’s hearing across the industry: employees installing unvetted AI extensions and free apps as they “experiment” with new tools. It’s well-intentioned, but it creates a hidden attack surface that can look a lot like supply-chain risk.

Tool Spotlight: JSluice Modern web apps rely heavily on JavaScript, which means critical clues for uncovering vulnerabilities often hide in thousands of lines of client-side code. JSluice automatically extracts valuable information like URLs, paths, secrets, and patterns that expose additional attack surface. This one’s especially useful for anyone working in Application Security or building JavaScript-heavy apps. More info: https://bfx.social/3KtQqpn Try it out: https://bfx.social/4owh6E8

We never take trust lightly. We’re invited into places most teams never get to look: the codepaths, workflows, and business processes that keep companies running. We never take that trust for granted. To the people and organizations who work with us, challenge us, build with us, and put their trust in us: Thank you. If you’re celebrating, enjoy the time off. If not, we hope you still get a breather.

Boards and regulators are asking tougher questions, and AI is reshaping how adversaries operate. Red Teaming has shifted from a niche test to a leadership tool for understanding resilience. On Dec 11, Trevin Edgeworth will share how security leaders can use adversarial testing to inform strategy, justify investment, and identify the gaps that matter most. Save your seat: https://bfx.social/44rK68D

We’re proud to share that Bishop Fox has joined the FS-ISAC Affiliate Program, a step that strengthens our ability to support financial institutions with clearer threat insight, better collaboration, and more resilient defenses. Financial services organizations are facing rapid change: cloud expansion, API-driven systems, digital operations, and increasingly sophisticated adversaries. This partnership helps ensure that members can access offensive-security perspectives that map directly to the risks shaping today’s financial sector. If you work in financial services security, you can learn more about the program and what it offers here: https://bfx.social/44jYaRw

NYC - We’re hosting back-to-back women’s happy hours on Dec 8 & 9. If you’re in tech or channel sales and want a chill space to connect, recharge, and meet other women in the industry, come join us. A few spots left, RSVP for details: Dec 8 | 7:30 p.m. RSVP: https://bfx.social/4a89oMD Dec 9 | 7:30 p.m. RSVP: https://bfx.social/3XfVBMs

Great to see our Regional Director, Eduardo P. Sánchez Díaz, sharing a bit about who he is and what drives his work. Gracias, LOS CIBERAMIGOS MX.

Nick Cerne walks through how simple tools like UART, JTAG, and even a universal programmer can reveal more about an IoT device than most manufacturers expect. If you missed our recent live session on IoT hacking, the full on-demand version is now available. It covers firmware extraction techniques, hardware pitfalls, and how researchers uncover 0-day vulnerabilities hiding under the plastic. Watch the full session on demand: https://bfx.social/4pvJZRL

Tool Spotlight: Broken Hill If you’re testing or researching LLM security, this tool is worth having in your kit. Broken Hill automates the Greedy Coordinate Gradient (GCG) attack, letting you generate adversarial prompts that can bypass guardrails in many popular models, including sizes that run locally on a consumer GPU. Use it to: • Validate whether your model’s alignment can be bypassed • Pre-generate payloads for red team assessments • Explore jailbreak techniques in a controlled, repeatable way • Stress-test guardrails and compare model behavior across versions More details: https://bfx.social/486TaRv Grab it on GitHub: https://bfx.social/3LToI5J

Thanks to the Forgepoint Capital team for this one. It captures a conversation a lot of us are having internally. How are you all bridging the gap between the “trees” (technical signals) and the “forest” (business impact)? https://lnkd.in/gezQWwAU