Pwnterrey is a security conference rooted in the Monterrey hacker community, bringing together practitioners, researchers, and students for a day of technical talks covering offensive security, reverse engineering, and beyond. The event reflects the growing depth of security talent emerging from Latin America, with a program that ranges from beginner-friendly introductions to hands-on technical deep dives.

Bishop Fox is excited to have three consultants presenting at Pwnterrey 2026. Roberto Chavez, Ivan Sanchez, and Luis de la Rosa Hernandez will each take the stage with sessions spanning external attack surface mapping, API authorization failures, and iOS game hacking — a range that speaks to the breadth of offensive expertise on the Bishop Fox team.

For more details, visit: Pwnterrey 2026

"Authentication ≠ Authorization: How a Pentest Can 'Pass' and Still 'Fail"

Speaker: Ivan Sanchez, Security Consultant, Bishop Fox

Date/Time: May 29, 2026 | 10:00 AM CST 

Location: Main Stage

Abstract: In this talk, Ivan presents a real-world (anonymized) case where a client reported a breach some time after an API penetration test had been conducted. Based on this incident, the session analyzes why authentication doesn't necessarily equate to authorization, how multi-tenant boundaries fail in SaaS environments, and how a penetration test can formally meet its defined scope and still fail due to incomplete inventories, exposed credentials, and unaddressed findings. The session concludes with a practical checklist for penetration testers and clients to maximize the true value of an API penetration test.

"iOS Game Hacking: From Zero to God Mode"

Speaker: Luis de la Rosa Hernandez, Security Consultant II, Bishop Fox

Date/Time: May 29, 2026 | 3:00 PM CST

Location: Main Stage

Abstract: A practical introduction to game hacking on iOS, demonstrating from scratch how games developed for this platform can be analyzed and modified in real time. Through live demos, reverse engineering and hooking techniques are shown to enable features like God Mode, Infinite Coins, and Speed Hacks, shattering the myth that iOS is an unhackable ecosystem.

"External Fortress Hacking: The Art of Seeing What Others Miss"

Speaker: Roberto Chavez, Security Consultant III, Bishop Fox

Date/Time: May 29, 2026 | 5:00 PM CST

Location: Main Stage

Abstract: This talk presents a practical approach to external penetration testing, showing how to map large-scale infrastructures from ASNs to IPs, domains, and services to uncover critical vulnerabilities such as exposed services, data leakage, APIs exposing sensitive information, and accessible internal systems. It also covers handling large scopes through custom automation, custom wordlists, and a do-it-yourself approach, as well as expanding the attack surface using sources like GitHub and mobile app reversing, with a strong focus on mastering recon fundamentals to consistently find high-impact issues.