Headshot of Brady Bloxham

Brady Bloxham

Linkedin
Brady Bloxham is the former founder and CEO of Silent Break Security, which he started in 2011 and was acquired by NetSPI in 2020. Brady is focused on building innovative products and technology that push the boundary and sophistication of penetration testing and adversary simulation capabilities. Prior to starting Silent Break Security, Brady worked for the National Security Agency (NSA) and Department of Defense (DoD) where he performed cyber operations and developed offensive tools and capabilities to support covert network missions. Brady has spoken and provided training at several cyber security conferences including DEF CON, Black Hat, DerbyCon, SEC-T, and Ruxcon. In February 2020, Brady was awarded the Utah Business “40 Under 40” award for successful entrepreneurs and business executives. Brady holds a B.A. in Information Systems from Brigham Young University and an MBA from Idaho State University.

More by Brady Bloxham

Security Magazine: Four ways to optimize your red team operations

July 12, 2021

On July 12, 2021, NetSPI was featured in Security Magazine.

Learn More

Forbes Technology Council: The Secret To A Successful Cyber Security Acquisition: Culture

April 7, 2021

On April 7, 2021, NetSPI Chief Technology Officer (CTO) Brady Bloxham was featured in Forbes Technology Council.

Learn More
Red Teaming

Why Offense in Depth is Vital to Red Team Operations

April 6, 2021

Learn why, in addition to defense in depth, an offense in depth security strategy is critical to the success of your security program and red teams.

Learn More
Adversary Simulation

Modern Red Team Infrastructure

June 13, 2019

There’s been a lot of talk recently regarding modern strategies for red team infrastructure. The implementations vary greatly, but hopefully, we can provide some insight into how we tackle the challenge of Command and Control.

Learn More
Adversary Simulation

Throwback Thursday – A Guide to Configuring Throwback

January 27, 2016

Throwback is an extremely effective beaconing backdoor. It’s comprised of two primary components: Throwback (the beaconing backdoor written in C++) and ThrowbackLP (the C2 server written in PHP/MySQL).

Learn More
Web Application Pentesting

Tearing Apart a Datto Device

June 18, 2015

This blogs reviews what we found during an engagement where one of these devices was accessible via the LAN.

Learn More
Web Application Pentesting

ActiveX + XSS = ActiveXSS Pwnage!

March 5, 2015

After a web app pentest, I decided to research and target one of the ActiveX plugins based soley on the vendor… and their reputation for bad programming. This blog shares my findings.

Learn More
Web Application Pentesting

The Illusion of Security

August 22, 2013

I’m often asked about the top vulnerabilities identified in a penetration test, or similarly, the top defensive measures an organization can implement to defend against attacks. Those are great questions, and undoubtedly useful in securing an environment against attacks, but let’s get straight to the point...

Learn More
Web Application Pentesting

Covert Exfil from a Target Network

May 3, 2013

The best way to improve is to practice perfectly, or as close to perfectly as possible. In this case, that would be modeling assessments after actual threats.

Learn More
Web Application Pentesting

Backdooring Office Documents

March 23, 2013

Companies hire us so they can “practice” their network defenses against attacks. And what good is practice if you’re not doing it correctly? The “doing it correctly” part is on us.

Learn More