Bishop Fox Wrapped: Research Worth Replaying

This is Bishop Fox Wrapped. A snapshot of the research, blogs, virtual sessions, and tools that security teams kept coming back to, and what that tells us about what they needed this year.

A few themes rose to the top: work grounded in real-world failure, clear explanations of where controls help and where they fall short, and practical insights teams could apply directly. The sections below reflect where readers spent their time and why.

Top Research

Bishop Fox research is driven by the problems security teams are actively trying to solve. The areas below reflect the bodies of work that resonated most this year, shaped by hands-on testing, peer review, and real-world constraints. Each represents a research focus led by experienced practitioners, with deeper work available for teams looking to dig in. If a particular area aligns with what you’re working on, it’s worth spending time with the research itself.

1. Social Engineering by Alethe Denis
2. Vulnerability Research by Jon Williams
3. Mobile Penetration Testing by Luis de la Rosa
4. Deepfakes by Brandon Kovacs
5. IoT Hacking by Nick Cerne

Top 5 Virtual Sessions

Virtual sessions and workshops are easy to miss with a packed meeting schedule. We recommend tuning into these most popular sessions to see how your teams should approach testing AI models, protect against deepfake social engineering, implement red teaming, and architect your cloud security testing. Practical topics, clear takeaways, no filler.

1. Breaking AI: Inside the Art of LLM Pen Testing
2. Architecting Cloud Security Testing in the GenAI Era
3. Attacking & Defending Deepfakes: A Red Teamer’s Perspective
4. AI War Stories: Silent Failures, Real Consequences
5. Epic Fails & Heist Tales: Red Teaming Toward Truly Tested Security

Top 5 Blogs

Some posts get read once. These favorites kept getting bookmarked and shared because they helped teams threat model, dig into exploitation details, and explain risk upstream. Across the set, a common theme was making complex mechanics usable, whether that meant breaking down SonicWall SSL VPN session hijacking, walking through firmware decryption, putting red team tools to work with limited resources, or applying LLMs to prioritization in a realistic way. We recommend reading:

1. Red Team Tools: C2 Frameworks, Active Directory & Network Exploitation
2. SonicWall CVE-2024-53704: SSL VPN Session Hijacking
3. raink: Use LLMs for Document Ranking
4. Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware
5. Red Team Tools: Cloud & Identity Exploitation, Evasion & Developer Libraries

Notable Research & New Tools

Across the board, our research focuses on how real systems behave once they leave the lab. That includes everything from curiosity-driven work on Bluetooth LED masks and advanced fingerprinting, to deeper analysis of how Rust is changing modern malware. Equally, the tools we build, like Burp Variables and Raink, aim to remove friction during assessments and help practitioners make clearer calls when time and signal are limited.

1. Invasion of the Face Changers: Halloween Hijinks with Bluetooth LED Masks
2. Next Level Fingerprinting
3. Rust for Malware Development
4. Tool: Burp Variables
5. Tool: Raink

Looking across everything that rose to the top, one thing is clear. Security teams are hungry for work that helps them make decisions under real constraints, respects their time, and acknowledges nuance instead of flattening it.

It’s an approach we’re committed to, as we continue investing in deep technical research and sharing what we learn in the field.

Thanks for reading, watching, sharing, and pushing back when it matters. That’s a wrap for this year.