HackGDL conference pink logo.

Bishop Fox is proud to sponsor, present, and host the Vishing Village at HackGDL 2025 on March 1, 2025 in Guadalajara, Jalisco, Mexico. HackGDL is a technical event focused on cybersecurity, hacking and breaking all kind of things. It brings together professionals, enthusiasts, and curious minds to explore the latest trends, techniques, and challenges in the field of information security.

For full details, visit: https://hackgdl.net.

Landing Your Dream Job in Cybersecurity

Date/Time: February 28, 2025 at 10 a.m. CT

Speakers: Areli Ch. Durán, Sr. Technical Recruiter

Burning Down the Walls: Android and iOS Security Bypass

Date/Time: February 28, 2025 at 12:20 p.m. CT

Speakers: Luis De la Rosa, Security Consultant III & Steeven Rodriguez, Senior Operator

Don't Worry, Be Hacky: Survival Guide for Today's Hacker

Date/Time: March 1, 2025 at 12 p.m. CT

Speakers: Yael Basurto, Senior Security Consultant

"Have you ever felt like the cyber security spectrum is too overwhelming? Pentest, red teaming, threat hunting, SOC, threat intel, DFIR, Al, cloud.., etc. Where to start or what should you know to get into an infosec career or to boost your current career?"Cyber security is not an entry-level decision" - Dave Kennedy (Trusted Sec)Whether you are just starting your infosec journey, or if you have been around for a while but have that feeling that there is so much to cover and so little time to learn it all, this talk is for you. Is this the Holy Grail of how to become the best hacker in 10 simple steps? No. The idea is to engage in an informal conversation about how I have approached the problem of the overwhelming amount of information that is cyber security; how to consume it, and what relationship can all this have with building a community...just like HackGDL!"

Inside Job: How Past Internal Pen Tests Can Highlight Vulnerability Trends

Date/Time:  March 1, 2025 at 1 p.m. CT

Speakers: Killian Ditch

Internal network penetration tests assess network services and the technologies to control access that are maintained by organizations. Starting with assumed compromise of an internal device, the primary objective is accessing critical data. Standard attack paths are to compromise accounts, escalate privileges, and find a way to reach the target data. Insights can be gleaned from the success of past engagements that provide actionable guidance for all organizations to prioritize strategies that reduce real risk. This talk will examine the specifics of three engagements from 2024 and the lessons demonstrated both individually and collectively.

  • An Energy sector concern evaluating overall data exposure in which insecure credential policies and management ultimately led to privilege escalation and the compromise of proprietary data that included blueprints, financial, and customer data.
  • A Hospitality entity evaluating payment data security, wherein missing authentication and insecure credential management led ultimately to full control of the Active Directory environment – but only limited data compromise.
  • A Hospitality organization also evaluating payment data. Insecure credential management led to account compromise, privilege escalation, and partial data compromise, but complete privilege escalation and access to the target data was unsuccessful.

Post-exploitation Techniques Used by Threat Actors in the Cloud

Date/Time: March 1, 2025 at 2 p.m. CT

Speakers: Iván Sánchez, Security Consultant at Bishop Fox & Jorge Gibbs, SOC Analyst

Vishing Village

Date/Time: March 1, 2025 - ALL DAY

Hosts: Iván Sánchez, Security Consultant; Berenice Flores Garcia, Senior Security Consultant; Samuel Santiago, Security Consultant III

In this village we will engage visitors and attendees to try out a vishing (voice phishing) challenge. The vishing challenge is a script that simulates a vishing attack by implementing AI and text to voice APIs, allowing the participants to experience firsthand the tactics used by the attackers. The participants will need to use their vishing skills in order to get sensitive information (flags). This initiative aims to engage attendees in real-world scenarios that highlight the importance of recognizing and mitigating social engineering threats.

Areli Ch Duran

About the speaker, Areli Ch Duran

Technical Recruiter

Areli Ch Duran is a Technical Recruiter at Bishop Fox. Her experience includes human resources management, talent acquisition, capacity planning, recruitment, staffing, and candidate experience. She specializes in recruiting qualified candidates in software development, cybersecurity, information technology, and education. Areli is looking for all the talented white-hat hackers and offensive security experts in Mexico for our team expansion.

More by Areli
Berenice Flores

About the speaker, Berenice Flores Garcia

Senior Security Consultant

As a senior penetration tester at Bishop Fox, Berenice focuses on application security and cloud penetration testing (AWS). Berenice holds many cybersecurity certifications including Offensive Security Certified Professional (OSCP), Off-Sec Web Assessor (OSWA) and Offensive Security Wireless Professional (OSWP).
When she's not finding bugs, Berenice enjoys attending hacking conferences and collecting stickers, pins and token coins.

More by Berenice
Ivan sanchez

About the speaker, Iván Sánchez

Security Consultant

Ivan Sanchez is a Security Consultant at Bishop Fox where he focuses on network penetration tests and web application assessments. He attended ESCOM IPN where he received his bachelor's degree in computer engineering and developed a deep interest in cybersecurity. This is where his InfoSec journey began. During this time, he attended several CTF and hacking competitions, which helped him finetune his pen testing skillset.

More by Iván
Default fox headshot blue

About the speaker, Killian Ditch

Security Consultant

Killian is active in the security research community. He authored an article on The Importance of Innovation in Network Monitoring for TechSpective. He also frequently presents at information security conferences. He spoke on auralizing network traffic at multiple conferences including HushCon East, CarolinaCON, BloomCON, and BSides Indy. He presented on “A Good Shell is Hard to Choose” at BSides SLC and Quad Cities Security Conference.

More by Killian
Luis De la Rosa Hernandez BF Headshot 1

About the speaker, Luis De la Rosa Hernandez

Security Consultant II

Luis is a Security Consultant II at Bishop Fox focused on mobile penetration testing and application security. Luis holds several security certifications including Offensive Security Certified Professional (OSCP), eLearn Mobile Application Penetration Tester (eMAPT), and CRT (Crest Registered Penetration Tester). When Luis he isn’t busy hacking, he enjoys playing videogames in his free time.

More by Luis
Yael Basurto

About the speaker, Yael Basurto

Security Consultant II

Yael Basurto is a Bishop Fox security consultant. He specializes in offensive security and has a varied background in security assessments for different industries such as financial, government, retail, hotel, and mining. He has performed penetration testing for network, web, and mobile applications, and red teaming for financial and critical control infrastructure. Yael is also a security conference enthusiast, co-organizig Security BSides CDMX, and has presented at the DEF CON Recon Village, BSides events, and HackFest.

More by Yael

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.