AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started

SummerCon 2026

Date:
July 10–11, 2026
Location:
Littlefield, Brooklyn, NY
Conference SummerCon 2026 with SummerCon official logo inside a retro computer.

SummerCon 2026 is America's longest-running hacker conference, and we're back partnering with the Summerc0n community for another year.

Catch Shad Malloy, Managing Senior Consultant II at Bishop Fox, as he unveils a new open-source fuzzer for Sparkplug B, the MQTT-based protocol powering smart factories around the world.

We'll be fueling Summer Camp with pizza, recovery kits, and a place to connect with the Bishop Fox team. Stop by the booth to talk with us, dive deeper into Shad’s research on OT security and AI-assisted protocol analysis, or grab a slice and hang out between sessions.

If you're around on Friday, we're also hosting a lunch and would be happy to share the details.

For more details, visit: SummerCon 2026 or reach out to [email protected]

"Sparkplugs, Mosquitos, and Robots: Fuzzing the Protocol Running Half the Smart Factories on Earth"

Speaker: Shad Malloy, Managing Senior Consultant II at Bishop Fox

Date/Time: Coming Soon

Abstract: Sparkplug B is the MQTT-based protocol that quietly runs much of modern manufacturing from pumps, valves, robots, PLCs, and every unified namespace architecture that vendors have used as the foundation for modern ‘smart factory’ implementations. It's protobuf-encoded, marketed as self-describing and easy to adopt, and until now had no publicly available security fuzzer.

So we built one. The first version was a 1987 Honda, and it ran but only by accident: Python version mixing, an MQTT client constructor that only worked because of two mistakes, fragility to any network jitter, and exactly 2 of the protocol's 19 data types and 4 of its 9 message types actually tested. We then handed the script and the Eclipse spec to Claude Code, asked it to look under the hood, and got back a painful but honest list of defects we'll walk through in full.

The end state: every message type, every data type, all 87+ field paths, sequence-number manipulation, alias-collision attacks, raw protobuf corruption, topic-namespace fuzzing, and a passive DeviceTracker that maps a live OT network from a single wildcard subscribe. Bring a snack.

This is half tool (review/release), half live retrospective on what AI-assisted protocol research actually looks like when it works (gap analysis, plumbing, docs) and when it doesn't (the creative jiggle that gets two square pegs through a round hole). We'll demo against a live broker and a device or two just for fuzz of it.

Shad Malloy Headshot

About the speaker, Shad Malloy

Managing Senior Consultant II

Shad Malloy is a Managing Senior Consultant II at Bishop Fox focused on network penetration testing, vulnerability risk management, and application security. He has advised multiple industries including health care, financial services, energy, and technology. In addition to time working and managing security for education, health care, and national government agencies. Shad holds a Bachelor of Science in Computer Information Systems as well as industry certifications like the CISSP.

More by Shad Malloy

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.