Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Bishop Fox Presents at HackGDL

Saturday, March 16, 2024
Jardín Americana, 1305 Avenida Ignacio L Vallarta Guadalajara, JAL 44160 Mexico
HackGDL conference pink logo.

We are proud to share that five of our Foxes (Rob Ragan, Oscar Salazar, Berenice Flores, Hector Cuevas, and Ivan Sanchez) will be presenting at HackGDL on Saturday, March 16, 2024. HackGDL is a unique cybersecurity event with both conference sessions and workshops on different topics - mainly hacking. There will also be social activities and fun dynamics throughout the event. 

For more info on this meetup, go here.

"Cut the CTF and Start Hacking!"

Ivan Sanchez | Saturday, March 16 at 12 p.m. CT

The objective of the talk is to show the pros of doing CTFs and at the same time make visible the not so positive aspects that they entail or can generate. Likewise, it seeks to raise awareness about the subsequent challenges that you may encounter as a CTF player. Exemplifying with a real case that I went through before being able to enter the world of offensive cybersecurity professionally.

"Testing LLM Algorithms While AI Tests Us"

Rob Ragan & Oscar Salazar | Saturday, March 16 at 1 p.m. CT

In an era where artificial intelligence (AI) and Large Language Models (LLMs) are becoming integral to our digital interactions, ensuring their security and usability is paramount. This presentation embarks on a journey through the compelling intersection of these two pivotal domains within the automation landscape. The discourse unfolds cutting-edge methodologies, techniques, and tools employed in threat modeling, API testing, and red teaming, all aimed at fortifying security measures within these artificial narrow intelligent systems. Engage in a thought-provoking exploration of how we, as users and developers, can strategically plan and implement tests for GenAi & LLM systems, ensuring their robustness and reliability. The presentation not only demystifies the complexities of security testing in LLMs but also sparks a conversation about our daily interactions with GenAi, prompting us to ponder our conscious and subconscious engagements with these technologies.

"Soldering Workshop"

Berenice Flores, Hector Cuevas, Ivan Sanchez | Saturday, March 16 at 2:40 p.m. CT

The objective of the workshop is to offer a first experience in how to solder electronic components. This skill is quite useful in the field of hardware hacking. We will have 3 instructors to be able to provide the necessary help to attendees.

"Introduction to Steganography - Discovering Secrets"

Hector Cuevas & Jessica Álvarez | Saturday, March 16 at 5 p.m. CT

Applied steganography is not a highly addressed area. Based on practical exercises, attendees will be taught to identify hidden data, hide information with simple techniques and critically discern if a file is worth the time of analysis. Techniques in multimedia formats, compressed formats and steganography in text and covert channels will be addressed. There is also a CTF-type exercise that they must solve to test what they have learned.

"AI Dangers in the Firmament: Vulnerabilities in ML Frameworks in the Cloud"

Berenice Flores | Saturday, March 16 at 6 p.m. CT

Several machine learning and big data frameworks have gained popularity this year with the rise of ChatGPT and other LLMs. This popularity has caused the framework to focus on development to scale the capacity and operation of parallel computing in the cloud, leaving aside the implementation of security mechanisms. In this talk, I will tell you about the research process I carried out on Ray Framework, which resulted in CVE-2023-48022 and CVE-2023-48023. This investigation has had great international coverage in various media such as DarkReading and SecurityWeek.

"Lockpicking Village"

Hector Cuevas | Saturday, March 16 - ALL DAY

This village will teach attendees how locks, handcuffs, safe-deposit box and suitcases works and how to bypass security mechanisms. We will take the whole material and even will teach theory about picks.

Berenice Flores

About the speaker, Berenice Flores Garcia

Senior Security Consultant

As a senior penetration tester at Bishop Fox, Berenice focuses on application security and cloud penetration testing (AWS). Berenice holds many cybersecurity certifications including Offensive Security Certified Professional (OSCP), Off-Sec Web Assessor (OSWA) and Offensive Security Wireless Professional (OSWP).
When she's not finding bugs, Berenice enjoys attending hacking conferences and collecting stickers, pins and token coins.

More by Berenice

Hector cuevas cruz

About the speaker, Hector Cuevas Cruz

Security Consultant

Hector Cuevas Cruz is a Bishop Fox security consultant. He has more than 11 years of experience in information security where he has worked as an Offensive Security Consultant, Forensic Analyst, and Threat Hunter at some of the most renowned security companies. Hector has been a regular presenter at national conferences in Mexico since age 17. He has specialized in Red teaming, Digital Forensics, Incident Response, and ATM security assessments.

More by Hector

Ivan sanchez

About the speaker, Iván Sánchez

Security Consultant

Ivan Sanchez is a Security Consultant at Bishop Fox where he focuses on network penetration tests and web application assessments. He attended ESCOM IPN where he received his bachelor's degree in computer engineering and developed a deep interest in cybersecurity. This is where his InfoSec journey began. During this time, he attended several CTF and hacking competitions, which helped him finetune his pen testing skillset.

More by Iván

Oscar salazar

About the speaker, Oscar Salazar

Principal Product Researcher

Oscar Salazar is a Principal Product Researcher at Bishop Fox. In this role, he has experience with red teaming, application penetration testing, source code review, network penetration testing, secure software design, and product security reviews. He focuses on research and development of the Continuous Attack Surface Testing (CAST) platform. Oscar has presented at many of the leading security conferences including Black Hat USA, DEF CON, RSA, BSides, Hacker Halted, SyScan 360, and SAS. His research, particularly surrounding anti-anti-automation, has appeared in Wired, eWeek, Fox News, Threatpost, and Gigaom.

Additionally, he has been a featured speaker on the Dark Reading Radio series. Prior to joining Bishop Fox, Oscar served as a web security research engineer at Hewlett Packard's Application Security Center where he designed and developed security checks for the WebInspect web application security scanner. In addition, his research involved developing more effective methods of scanning web applications.

More by Oscar

Rob Ragan

About the speaker, Rob Ragan

Principal Researcher

Rob Ragan is a Principal Researcher at Bishop Fox. Rob focuses on pragmatic solutions for clients and technology. He oversees strategy for continuous security automation. Rob has presented at Black Hat, DEF CON, and RSA. He is also a contributing author to Hacking Exposed Web Applications 3rd Edition. His writing has appeared in Dark Reading and he has been quoted in publications such as Wired.

Rob has more than a decade of security experience and once worked as a Software Engineer at Hewlett-Packard's Application Security Center. Rob was also with SPI Dynamics where he was a software engineer on the dynamic analysis engine for WebInspect and the static analysis engine for DevInspect.

More by Rob

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.