AI-Powered Application Penetration Testing—Scale Security Without Compromise Learn More

bishopfox-logo-grey
Get Started

Social Engineering, Phishing-as-a-Service, Edge Device Exploits & AI-Assisted Attacks

In this Initial Access podcast episode, we examine how attackers are gaining initial access through social engineering, identity abuse, and vulnerable edge infrastructure.

This week’s conversation focuses on a question red teamers think about constantly: how attackers actually get in. While headlines often focus on dramatic zero-day exploits, many successful compromises still begin with far simpler techniques: impersonation, credential theft, or misconfigured infrastructure.

In this episode, the team explores several real-world examples of initial access paths. Social engineering campaigns are abusing trusted communication platforms like Microsoft Teams. Phishing infrastructure is becoming commoditized, allowing low-skill operators to steal credentials and session tokens at scale. Edge infrastructure vulnerabilities continue to provide attackers with direct entry into corporate networks. And at the same time, AI is accelerating the speed at which reconnaissance, tooling, and offensive workflows can be developed.

The common thread across these stories isn’t entirely new techniques, it’s the increasing speed, scale, and accessibility of offensive capabilities.

Key Takeaways:


Attackers Impersonate IT Support via Microsoft Teams, Cybersecurity News

https://cybersecuritynews.com/hackers-attack-over-microsoft-teams/

  • What Matters: Attackers are abusing collaboration tools like Microsoft Teams to impersonate internal IT support and convince employees to install remote access software. These attacks succeed because they operate inside a trusted communication environment where users are less suspicious than they would be with email. Once remote access is installed, attackers gain an immediate foothold inside the network.
  • What’s Overhyped: The technique itself isn’t new. Social engineering has always been one of the most effective initial access methods. What’s changing is the channel, Attackers are moving from email to collaboration platforms that employees trust more.

Typhoon 2FA Enables Industrial-Scale Session Hijacking, Microsoft Security Blog

https://www.microsoft.com/en-us/security/blog/2026/03/04/inside-tycoon2fa-how-a-leading-aitm-phishing-kit-operated-at-scale/

  • What Matters: New phishing platforms allow operators to steal not just credentials but authenticated session tokens, enabling attackers to bypass traditional multi-factor authentication protections. These services package infrastructure, phishing templates, and credential harvesting into a subscription model, allowing even low-skill actors to launch sophisticated campaigns.
  • What’s Overhyped: MFA bypass isn’t a new phenomenon. Reverse-proxy phishing frameworks have existed for years. The real shift is accessibility: tools that once required technical expertise are now packaged as services.

Fortinet Vulnerabilities Demonstrate the Risk of Network Edge Devices, Cybersecurity News

https://cybersecuritynews.com/fortinet-security-update-march/

  • What Matters: Vulnerabilities in internet-facing infrastructure such as firewalls, VPN gateways, and network management platforms remain extremely valuable targets. Compromising one of these devices often provides direct internal network access and, in some cases, administrative control over the network itself.
  • What’s Overhyped: This isn’t unique to any single vendor. Every organization relies on a small number of edge devices to connect to the internet, which naturally makes them high-value targets.

Leaked iOS Exploit Kits Show the Growing Commoditization of Zero-Days, The Hacker News

https://thehackernews.com/2026/03/coruna-ios-exploit-kit-uses-23-exploits.html

  • What Matters: Researchers discovered an exploit framework containing multiple iOS vulnerabilities that can be chained together to fully compromise devices. Exploits of this caliber have historically been reserved for government or intelligence agencies, but leaks and secondary markets are beginning to spread these capabilities more broadly.
  • What’s Overhyped: These attacks still require specific conditions and older device versions in many cases. The average user is unlikely to be targeted, but the broader trend of exploit commoditization is significant.

Automation Improves Reconnaissance, Tool Development, and Attack Speed, Microsoft Security Blog

https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/

  • What Matters: AI tools are enabling attackers to automate reconnaissance, generate phishing materials, develop custom tooling, and process large datasets faster than before. Instead of replacing human operators, AI is acting as a force multiplier that speeds up existing offensive workflows.
  • What’s Overhyped: Fully autonomous attacks remain rare. Most successful operations still require skilled operators who provide context, interpret results, and guide the attack process.
Brandon Kovacs Headshot

About the speaker, Brandon Kovacs

Senior Security Consultant

Brandon Kovacs (CRT, OSCP) is a Senior Security Consultant at Bishop Fox, where he specializes in red teaming, network penetration testing, and physical penetration testing. As a red team operator, he is adept at identifying critical attack chains that an external attacker could use to fully compromise organizations and reach high-value targets.

To support physical and external testing, Brandon has built the 2023 edition of Bishop Fox’s Tastic RFID Thief to include Wi-Fi and remote control, allowing for more effective capture of RFID badges from a few feet away. He actively performs research and development into artificial intelligence for use in offensive security engagements.

Brandon is also recognized as a deepfake expert, conducting speaking sessions and live demonstrations at several global security and technology conferences. His research focuses on using AI and high-quality deepfakes to perform social engineering.

More by Brandon
Leron Gray Headshot BF

About the speaker, Leron Gray

Senior Security Consultant

Leron Gray is a senior security consultant on Bishop Fox's Red Team. With nine years of offensive security experience, he previously served on the Azure Red Team at Microsoft, as a penetration tester, and as a Cryptologic Technician (Networks) for the U.S. Navy.

Leron holds a Masters in Cyber Defense from Dakota State University and is a PhD candidate for Cyber Operations. He has a graduate certification in penetration testing and ethical hacking from SANS Technology Institute.

More by Leron
Bfx25 Thomas Wilson Bio

About the speaker, Thomas Wilson

Senior Red Team Operator

Thomas Wilson is a senior red team operator at Bishop Fox and a musician. From IDEs to DAWs, he is as at home on his own computer as he is on someone else's. You can usually find him at the local card shop slinging spells, up on stage blasting tunes, or with his eyes glued to his monitor for hours at a time (thank goodness for blue light filtering lenses).

More by Thomas

Extend Your Knowledge

Check out these related resources.

GigaOm Radar Report 2026 Attack Surface Management with security risk radar graphic and Bishop Fox branding.
Report

2026 GigaOm Radar for Attack Surface Management

Get an overview of the 2026 Attack Surface Management (ASM) market — along with the key features and business criteria met by the top solutions — and learn why Bishop Fox was named Leader and Fast Mover by the analysts at GigaOm.

Learn More
Red Team Vendors Evaluation Matrix resource graphic by Bishop Fox featuring a red teaming vendor evaluation worksheet.
Guide

Red Team Vendor Evaluation Worksheet

The Red Team Vendor Evaluation Matrix Worksheet is designed to help security leaders evaluate red team vendors thoughtfully before engagement using a structured, question-driven approach.

Learn More
Service Portfolio APT solution brief Digital Tile
Solution Brief

Application Portfolio Penetration Testing Solution Brief

Download our solution brief. Learn how to secure entire application portfolios with attacker-realistic testing and expert-validated, trusted results.

Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.