ØxOPOSɆC
2017 Events
Jan 19, 2017[0x38] - The Meet
Let’s kick-off this new year the best way possible. Hopefully, a deserved rest was taken, and our minds are full of new ideas and topics that need to be explored. Bring something c00l or just share your thoughts on something juicy around security world. Again don’t be shy and step up for short talk ;).
Just remember that Blip has a new home check the map (https://www.google.com/maps/place/Av.+de+Camilo+94,+4300-096+Porto,+Portugal/@41.1490978,-8.596897,17z/data=!3m1!4b1!4m5!3m4!1s0xd2464ed37ecb421:0xb9cf98eb57de3cfb!8m2!3d41.1490978!4d-8.5947083) for the new location. If you are thinking to travel by metro, 24 de Agosto is the nearest station.
Remember to join our Slack chat (https://oposec.herokuapp.com) to discuss the agenda and, of course, interact with other members.
[Goals]
Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.
[Agenda]
Who are you? (New participants small introduction)
- Poor Man’s RubberDucky by zatarra
- OSSEC 101 by lguerra
- CSRF, JSON, JSONP - by Dalila AL
- LockPick Station (https://www.meetup.com/0xOPOSEC/pages/Lockpick_Station/) (Get your skills updated!)
*Social drinks on the house 😉
[Not Sure if I’m Welcome]
Don’t think twice, just come.
Note: When someone is RSVP to an event is grabbing a seat that could be for other, make sure that you can attend before answering.
[Challenge]
There is a new mailer (http://9m.no/䪹ߏ (http://9m.no/%E4%AA%B9%DF%8F)), we need to test it - Are you up to the challenge? Retrieve the flag!
Ping SiMpS0N, fisher, zatarra and d0kt0r on Slack for hints or to submit the solution :)
Feb 23, 2017
[0x39] - The Meet
It was a year ago that we kicked off our very first 0xOPOSEC [INIT] - The Gathering. So much has happened since then. We need to thank all 17 speakers that took their personal time to share with all of us 21 unique and unusual topics and the creators and curators of 9 great challenges. Thank you for smashing our heads up and bringing something new to the stage. We must also acknowledge the outstanding support from Blip that has hosted all the events until now and never let us go hungry or thirsty during the meetings. Enough of small talk, we are glad to announce that everything is ready for the 10th meeting (check out the agenda) and feel free to pass by and get something new.
If you are thinking to travel by metro, 24 de Agosto is the nearest station to Blip. Remember to join our Slack chat to discuss all kind of hackish stuff and, of course, interact with other members.
[Goals]
Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.
[Agenda]
Who are you? (New participants small introduction)
- Is there an EFI monster inside your apple? @fG!
- RSA for CTF’ers by @k414x and Joana
- LockPick Station (https://www.meetup.com/0xOPOSEC/pages/Lockpick_Station/) (Get your skills updated!)
*Social drinks on the house 😉
[Not Sure if I’m Welcome]
Don’t think twice, just come.
Note: When someone is RSVP to an event is grabbing a seat that could be for other, make sure that you can attend before answering.
[Challenge]
Search for the flag while you travel around the world.
URL: http://9m.no/嫬玎 (http://9m.no/%E5%AB%AC%E7%8E%8E) Alt: http://bit.do/0x39
Ping SiMpS0N on Slack for hints or to submit the solution :)
Mar 23, 2017
[0x61] - The Meet
After the striking [0x39] Meetup, we are back and ready to continue the endless quest for knowledge. We are happy to announce that everything is ready for the 11th meeting (check out the agenda) and feel free to drop by and get inspired.
If you are thinking to travel by metro, 24 de Agosto is the nearest station to Blip. Remember to join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with others members.
[Goals]
Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.
[Agenda]
Who are you? (New participants small introduction)
- CrackMe Up: An Introduction To Binary Reverse Engineering by 0xACB
- Nagios monitoring FTW, an 11km look by Netshark
- LockPick Station (https://www.meetup.com/0xOPOSEC/pages/Lockpick_Station/) (Get your skills updated!)
*Social drinks on the house 😉
[Not Sure if I’m Welcome]
Don’t think twice, just come.
Note: When someone is RSVP to an event is grabbing a seat that could be for other, make sure that you can attend before answering.
[Challenge]
”> Hi, take my slides from the last talk LINK (https://www.dropbox.com/s/258f3m18djmdjrj/0x39-RSA_Talk.tar.gz?dl=1) Thank you, excellent work.
Look closer and you’ll get something juicy”
Hint: Hmmm there is a flag somewhere in the original file!
Ping @k414x on Slack for hints or to submit the solution :)
Extra: Since it wasn’t solved last time the challenge still up.
Search for the flag while you travel around the world.
URL: http://9m.no/嫬玎 (http://9m.no/%E5%AB%AC%E7%8E%8E) Alt: http://bit.do/0x39
Apr 27, 2017
[0x62] - The Meet
It is no big news that to understand the world around us; it is mandatory to keep abreast of emerging technologies and reflect upon the impact they have on everyday lives. Finding the right balance between usability and security is a tricky business. Do we really want to to use that shiny new “contactless” card? What is the trade-off? Shouldn’t we be questioning why an ISP knows what’s going on in our private network?
On this meetup, we invite you to join the discussion and bring your inputs to the table. There will be plenty of food for thought for everyone and hopefully some new tips and tricks to survive in this brave new world!
If you are thinking to travel by metro, 24 de Agosto is the nearest station to Blip. Remember to join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with others members.
[Goals]
Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.
[Agenda]
Who are you? (New participants small introduction)
- “Don’t Stand so Close To Me: RFID/NFC Cloning” by Pedro Cabral
- “Home Network Security” by deluxor
- LockPick Station (https://www.meetup.com/0xOPOSEC/pages/Lockpick_Station/) (Get your skills updated!)
*Social drinks on the house 😉
[Not Sure if I’m Welcome]
Don’t think twice, just come.
Note: When someone is RSVP to an event is grabbing a seat that could be for other, make sure that you can attend before answering.
[Challenge]
Just grab the flag!
URL: http://9m.no/跐嗄 (http://9m.no/%E8%B7%90%E5%97%84) Alt: http://bit.do/0x62 (http://bit.do/0x39)
Ping SiMpS0N on Slack for hints or to submit the solution :)
May 30, 2017
[0x63] - The Meet
In the 21st Century, the currency of corporations, governments, and public institutions is data. Threats abound with the current spate of data breaches putting privacy in the spotlight. There’s a lot of gray area when it comes to the ethical collection, use, and analysis of data within institutions. Fine lines separate the use from the misuse of data. Every day, controversial issues arise during the stages of the data lifecycle that may confound even reasonable people and expose organizations to risks.
It is hard to tell what the future holds. If there will be clear ethical guidelines to follow or not, but shouldn’t we be informed about what is being done to our data right now? - What information is being transformed and stored? How are they handling it? Understanding how the different actors perform within the data ecosystems is crucial and the only way of staying ahead of the game.
This time, we have the honor of having the renowned internet security specialist Troy Hunt in our midst. He will be sharing with us part of his vast knowledge of the infosec world and talking about the challenges and lessons from managing the ethical data breach search service “Have I been pwned”.
Meetup update: The cherry on top!
If having the chance to meet one of the top experts in the sec world wasn’t good enough, to top it off, in this meetup, we’ll have two specialists! If you don’t remember, just a few weeks ago The Shadow Brokers leaked a gigabyte worth of NSA’s weaponized software exploits. More than writing a new page in infosec history, thanks to this episode we have a golden opportunity to understand how state-sponsored attacks flow and identify which vulnerabilities are being targeted and explored. Buckle up as Pedro Vilaça, an amazing wizard in the art of reverse engineering takes you on his journey of reversing and understanding the impact of some of the leaked tools.
Remember to join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with others members.
[Goals]
Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.
[Agenda]
Who are you? (New participants small introduction)
- “Lessons from Billions of Breached Records” by Troy Hunt
- “Knock knock, who’s there? NSA!” by fG!
[Venue]
There are only 40 to 50 seats available at this venue. We will be delighted to have you here, but unfortunately, we can’t accommodate much more enthusiasts than that. For this reason, we will limit the number of attendees. Having this in mind, please make sure that you can attend before confirming your presence.
[Challenge]
Malware is hard to notice but running it is very easy. Grab the flag and shout it to @simps0n in Slack!
Init -> 0x63 Challenge File (https://goo.gl/x694eR)
Hint: Malware loves windows! In short this challenge is for Windows environment only and is mandatory to extract the file using Winrar.
Jun 29, 2017
[0x64] - The Meet
Thanks to our speakers and all attendees, the last meetup was a blast. We are proud to say that our community keeps growing. As the saying goes - the more the merrier. New members also means we have a greater pool of knowledge and experience ready to be tapped into.
Keep your radar up because the 14th Meetup is in the works!
Remember to join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with others members.
[Goals]
Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.
[Agenda]
Who are you? (New participants small introduction)
- “Trust issues” by pushdword (PT)
- “From zero to something, with HackRF” by zezadas - LockPick Station (https://www.meetup.com/0xOPOSEC/pages/Lockpick_Station/) (Get your skills updated!)
*Social drinks on the house 😉
[Challenge]
José is a Portuguese entrepreneur that just launched his first app: https://goo.gl/wo618T Can you hijack his account? When you grab the flag DM @dduarte or @fisher. Btw, Zé is pretty chatty…
Sep 21, 2017
[0x65] - The Meet
Hope you feel recharged and ready to get back to some powerful hacking. We are powered up and excited to be working on the 15th Meetup. Save some time in your agenda and be ready for brain teasers, challenges, and to soak up tons of knowledge.
Congratulations to all the Masters Solvers of the Summer Challenges. While we are busy plotting to bring you an awe-inspiring gathering of top ingenious minds, you can still give it a crack. If by any reason you are stuck, don’t be shy and ask for a hint ;).
Don’t forget to stay tuned for more updates and remember to join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with others members.
[Goals]
Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.
[Agenda]
Who are you? (New participants small introduction)
- “Browsers - For better or worse…” by simps0n
- “Risk Based Assessment in CI/CD” by dduarte
- “Summer Challenge A (write-up)” by aap
- “Summer Challenge B (write-up)” by k414x
*Social drinks on the house 😉
[Summer Special Challenges]
“I was confident that my service (:1337) was super safe, but then I checked the main site, and now I’m not so sure anymore.”
Link: http://ツ.tv/SummerChallenge Helper: http://46.101.24.55/static/py/server.py
If you need tips or hints, you can reach @k414x on Slack.
“We found a company with a controller that uses two cards for opening doors. The first card is used to cipher, the second card for communications. Can you discover the keys?”
Dump: http://ツ.tv/SummerChallenge-A
If you need tips or hints, you can reach @pedro_cabral on Slack.
Oct 24, 2017
[0x66] - The Meet
The 16th Meetup is in the works and once more get ready to engage with challenges and to take in a dose of mind-boggling enlightenment. We are always trying to bring you up to speed with the latest developments in the InfoSec world, and hopefully, we have a great agenda OTW ;). So stay ahead of the game and grab a seat while you can.
Just a little reminder, please help us with the logistics of the event. Our sponsors are fantastic, and we are honored to have their endorsement. We take their support very seriously and don’t like to waste resources. Be sure to RSVP yes only when you are 100% sure you can attend. Thanks in advance.
Let’s get this ball rolling and don’t forget to stay tuned for more.
PS: Remember to join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with others members.
[Goals]
Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.
[Agenda]
Who are you? (New participants small introduction)
- “Mimi Who?” by César Silva
- “The adventures of xss payloads in strange places” by Ricardo Almeida
*Social drinks on the house 😉
[Challenge]
Goal: Pop an alert(1)!
URL: http://ツ.tv/0x66 Alt: http://bit.ly/2yiggoZ
If you have a solution or need hints, talk to @simps0n at the 0xOPOSEC Slack.
Dec 6, 2017
[0x67] - The Meet
2017 will soon fade into a memory but we would like to say goodbye to 2017 with a bang and in style. Join us for the last meeting of the year for new tricks and cool hacks feast. Stay ahead of the game and grab a seat while you can.
Just a little reminder, please help us with the logistics of the event. Our sponsors are fantastic, and we are honored to have their endorsement. We take their support very seriously and don’t like to waste resources. Be sure to RSVP yes only when you are 100% sure you can attend. Thanks in advance.
Let’s get this ball rolling and don’t forget to stay tuned for more.
PS: Remember to join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with others members.
[Goals]
Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.
[Agenda]
Who are you? (New participants small introduction)
- “Detecting Rogue Access Points” by Anotherik (PT/EN)
- AP2SI Presentation (PT)
- “CERT.PT - Serviço e Estrutura” by Rogério Gil Raposo (PT)
- LockPick Station (https://www.meetup.com/0xOPOSEC/pages/Lockpick_Station/) (Get your skills updated!)
*Social drinks on the house 😉
[Challenge]
Challenge Link: http://80.211.135.204/
Goal: Find the FLAG{…} -> PM @ Slack @anotherik/@d0kt0r/@pushdword to Submit!