TL;DR: The Bishop Fox Mexico team took first place at both HackMex Finals 2025 and the EkoParty Red Team Space CTF 2025, marking a third consecutive win at EkoParty. The competitions highlighted the team’s ability to execute across modern, enterprise-level attack surfaces. These victories reflect the same adversary-driven methodology our researchers apply in real offensive security engagements.
Capture the Flag (CTF) competitions remain one of the most effective proving grounds for offensive security practitioners. They provide a structured sandbox where researchers can refine their tradecraft, explore emerging attack techniques, and validate offensive capabilities in a controlled yet competitive environment .
In 2025, the Bishop Fox Mexico team continued to participate in CTF competitions across the security community. Two events in particular—Hack[Mex] Finals 2025 and the EkoParty Red Team Space 2025—highlighted our teams’ (Team Labubu Destroyers & Fix Printers v3) technical depth and collaborative approach to offensive problem solving.
From those events, our teams secured first-place finishes in both competitions, with the EkoParty victory marking their third consecutive year placing first in that event.
While each CTF competition emphasized different attack surfaces, both required the same disciplined methodology used during real offensive security engagements: structured reconnaissance, hypothesis-driven exploitation, and strategic chaining of findings to achieve meaningful impact.
“The 2025 CTF victories reinforced that modern offensive security demands both technical precision and strategic execution. HackMex required disciplined exploitation across web and infrastructure layers, while the AWS-focused Red Team Space CTF emphasized modeling identity trust relationships, chaining IAM privileges, and navigating cloud environments with adversary-level intent.”
- Luis de la Rosa, Security Consultant III, Bishop Fox
HackMex Finals 2025: Technical Rigor Across Exploitation Domains
At HackMex Finals 2025, Bishop Fox researchers Emiliano Perez, Rodrigo Zacatelco, Andres Briseño, and Etan Imanol Castro competed as Team Labubus Destroyer.
Rather than presenting isolated puzzles, the competition incentivized participants to think holistically, starting with discovery and reconnaissance, progressing through exploitation and privilege escalation, and ultimately pursuing meaningful post-exploitation outcomes.
Web application exploitation
Many challenges focused on classic web attack vectors combined with subtle logic flaws. The team encountered:
- Injection attacks, including SQL, command, and template injection variants
- Authentication and session management weaknesses
- Complex bypasses of access control and business logic safeguards
Success in these scenarios required careful enumeration and pattern recognition amidst noisy signals, along with the ability to pivot based on incremental findings.
Operating systems and infrastructure
Other challenges focused on host and infrastructure compromise, including:
- Privilege escalation mechanisms on Linux hosts and containerized systems
- Exploiting misconfigured services, startup scripts, and process interactions
- Lateral movement across segmented networks using chained privileges
Several tasks also emphasized what happens after the initial compromise. The team explored persistence mechanisms, service abuse that exposed sensitive data, and coordinated exploitation paths that expanded access across the environment.
The competition rewarded teams that could connect findings across layers and convert small footholds into meaningful access, an approach central to professional offensive security engagements.
EkoParty Red Team Space 2025: Cloud-Native Offensive Campaigns
At EkoParty Red Team Space 2025, Bishop Fox researchers Luis De la Rosa, José Emiliano Perez Garduño, José Martinez, and Steeven Rodriguez competed as Team Fix Printers v3, tackling a series of cloud-native adversary simulations.
While HackMex emphasized traditional exploitation paths, the EkoParty competition shifted the focus toward enterprise-scale AWS environments where identity, trust relationships, and cloud service configurations became the primary attack surface.
Instead of solving isolated vulnerabilities, the team had to construct attack campaigns that mirrored real-world cloud intrusions.
Identity and service abuse
Many challenges revolved around mapping identity relationships and identifying privilege escalation paths. The team needed to:
- Enumerate IAM users, roles, and policy attachments
- Identify escalation opportunities created by combinations of permissions
- Abuse AssumeRole relationships and cross-account trust paths
Other flags came from exploiting misconfigured services such as overly permissive S3 buckets, EC2 instance roles, and Lambda functions used for lateral movement or data retrieval.
Credential chaining
Temporary credentials and tokens also played a major role. Participants extracted short-lived security tokens, mapped trust relationships across services, and reused those credentials to expand access.
Success required the team to construct mental models of cloud identity hierarchies, identify implicit trust boundaries, and turn minimal access into broad influence.
Translating CTF Success into Offensive Skillsets
Although HackMex and EkoParty emphasized different environments, both competitions reinforced core competencies that are essential to modern offensive security practice.
Structured offensive methodology
Professional adversaries tend to operate methodically:
- Reconnaissance through enumeration and discovery
- Hypothesis-driven testing for exploitation opportunities
- Strategic chaining of findings to maximize impact
- Iterative validation and refinement of attack paths
This disciplined approach mirrors the phases of real penetration tests and red team engagements.
Technical depth and adversarial thinking
Across both competitions, teams exercised fluency in web application vulnerabilities, Linux internals, infrastructure privilege escalation, and cloud identity and access management.
Both CTF environments required competitors to break down complex systems into discrete attack surfaces, pivot as new footholds emerged, and exploit misconfigurations that often go unnoticed in production environments.
These are the same skills practitioners rely on every day during real client engagements.
“These competitions validate the importance of structured methodology, deep technical analysis, and the ability to convert small footholds into meaningful, enterprise-scale impact.”
- Luis de la Rosa, Bishop Fox
See the Team at HackGDL
For the Bishop Fox Mexico team, competitions like HackMex and Ekoparty play a part in a broader commitment to contributing to the regional security community through research, collaboration, and knowledge sharing.
That same spirit of community engagement continues at HackGDL, one of Mexico’s largest cybersecurity conferences. Members of the Bishop Fox Mexico team will be attending this year’s event in Guadalajara, where several researchers will be presenting technical sessions and leading hands-on workshops. See our schedule of events below!
If you are attending HackGDL in Guadalajara this weekend, come say hello! Our Mexico team who participated in these competitions will be there throughout the event, presenting research, running workshops, and connecting with the security community. Check out their sessions here.
If you want to talk CTF strategy, offensive security, or cloud attack paths, we'd love to chat.
Subscribe to our blog
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.
Facts Only
Bishop Fox Mexico team won first place at HackMex Finals 2025 and EkoParty Red Team Space CTF 2025.
The EkoParty victory marked their third consecutive first-place finish at the event.
Team Labubus Destroyer (Emiliano Perez, Rodrigo Zacatelco, Andres Briseño, Etan Imanol Castro) competed at HackMex Finals 2025.
Team Fix Printers v3 (Luis De la Rosa, José Emiliano Perez Garduño, José Martinez, Steeven Rodriguez) competed at EkoParty Red Team Space 2025.
HackMex Finals 2025 focused on web application exploitation, infrastructure compromise, and post-exploitation techniques.
EkoParty Red Team Space 2025 centered on AWS cloud environments, IAM privilege escalation, and identity trust relationships.
Both competitions required structured reconnaissance, hypothesis-driven exploitation, and strategic chaining of findings.
The team will attend HackGDL in Guadalajara, presenting technical sessions and workshops.
Bishop Fox Mexico emphasizes community engagement through research, collaboration, and knowledge sharing.
Executive Summary
The Bishop Fox Mexico team achieved first-place finishes at both HackMex Finals 2025 and EkoParty Red Team Space CTF 2025, marking their third consecutive victory at EkoParty. The competitions showcased their expertise in offensive security, with HackMex focusing on web and infrastructure exploitation, while EkoParty emphasized cloud-native attack surfaces like AWS identity and access management. Both events required disciplined methodologies, including reconnaissance, hypothesis-driven exploitation, and strategic chaining of findings—skills directly applicable to real-world offensive security engagements. The team’s success underscores the value of CTFs as training grounds for refining technical precision and adversarial thinking. Beyond competitions, Bishop Fox Mexico remains active in the regional security community, with team members presenting at events like HackGDL to share research and collaborate with peers.
The victories highlight the evolving nature of offensive security, where traditional exploitation techniques intersect with cloud-native environments. The team’s ability to adapt to different attack surfaces—from web vulnerabilities to IAM privilege escalation—demonstrates the breadth of skills required in modern cybersecurity. While CTFs provide a controlled environment for testing these skills, their real-world applicability is evident in the team’s professional engagements. The emphasis on structured methodology and collaborative problem-solving reflects broader trends in offensive security, where success depends on both technical depth and strategic execution.
Full Take
The narrative presents a strong case for the value of CTF competitions as proving grounds for offensive security skills, with Bishop Fox Mexico’s consecutive victories serving as validation of their methodology. The article effectively highlights the alignment between CTF challenges and real-world offensive security engagements, emphasizing structured reconnaissance, exploitation, and strategic chaining of findings. This steelman version of the narrative credits the team’s technical depth and collaborative approach, framing their success as a testament to disciplined adversarial thinking.
However, the piece leans heavily on authority games, using the team’s achievements and professional credentials to bolster the broader claim that CTFs are essential for offensive security training. While the argument is compelling, it risks conflating competition success with real-world efficacy without deeper scrutiny of how these skills translate outside controlled environments. The focus on Bishop Fox’s methodology, while well-articulated, could benefit from acknowledging alternative approaches or limitations of CTF-based training.
Root cause: The narrative assumes that competitive success in CTFs directly correlates with professional competence in offensive security, a paradigm that may overlook the nuances of real-world engagements where constraints like time, legal boundaries, and client objectives differ significantly. Historically, this echoes the broader cybersecurity industry’s tendency to equate technical prowess in controlled settings with operational effectiveness, a pattern that can lead to overconfidence or gaps in practical application.
Implications: For human agency, the emphasis on structured methodology and adversarial thinking is empowering, as it provides a clear framework for skill development. However, the narrative’s focus on elite competition winners may inadvertently marginalize practitioners who excel in non-competitive or defensive roles. The second-order consequence is a potential narrowing of what constitutes "valid" offensive security expertise, reinforcing a culture where CTF performance becomes a gatekeeping metric.
Bridge questions: How might the skills honed in CTFs differ from those required in real-world offensive security engagements? What perspectives from defensive security or non-competitive practitioners could enrich this discussion? Would the narrative change if the team’s successes were framed as part of a broader, more inclusive approach to cybersecurity training?
Counterstrike scan: If this were part of a coordinated influence campaign, the playbook would likely involve elevating a specific team’s achievements to promote a particular training methodology or product (e.g., Bishop Fox’s services). The content aligns with this pattern by framing CTF victories as proof of superior offensive security practices, though it stops short of overt self-promotion. The narrative remains within healthy bounds, focusing on technical merit rather than overt marketing. No structural alignment with a manipulative playbook is detected.
Patterns detected: ARC-0024 Ambiguity (implied equivalence between CTF success and real-world efficacy), ARC-0043 Motte-and-Bailey (general praise for CTFs as training grounds, with specific victories as the "motte").
Sentinel — Human
This article appears to be written by a human journalist with a high degree of likelihood. It shows signs of erratic sentence length variance, a personal voice, and no suspicion of mechanically rotated transitions.
