ØxＯＰＯＳɆＣ

2019 Events

[0x70] - The Meet

Happy 2019 everyone!

We are delighted to tell you that we are kicking off the first meeting of the year. No rest for the wicked, as the saying goes, so do join us in our never-ending quest to get better at what we do and don’t miss the chance to delve into some serious hacking business in our first 2019 Meetup.

As usual, we ask you for some help with the logistics. Be sure to RSVP yes only when you are 100% sure you can attend. Thanks in advance.

In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with others members.

Hope to see you soon.

[Goals]

Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.

[Agenda]

Who are you? (New participants small introduction)

• “Ataques e outros casos de Cibersegurança” (PT) by (@)aap
• “Vulnerabilities in the Anda app” (PT/EN) by (@)Gustavo Silva

*Social drinks on the house 😉

[Challenge]

Get the flags from http://0x70.apl3b.com submit your flags at http://bit.ly/0x70-TheMeet and ping (@)dduarte for hints!

Make a writeup and share it in the end, because sharing is caring and it is the best way to learn new tricks :D

Feb 28, 2019

[0x71] - The Meet

The first meeting of the year was full of tricks and insights bringing new approaches to the table which can hopefully be helpful to tap into the apps and services of the “brave new world”. Join us in the second meetup of the year already being set up with plenty of TLC. Check the great challenges we’ve cooked just for you. Try hard and share your crazy solution with the community.

As usual, we ask you for some help with the logistics. Be sure to RSVP yes only when you are 100% sure you can attend. Thanks in advance.

In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with other members.

Hope to see you soon.

[Goals]

Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.

[Agenda]

Who are you? (New participants small introduction)

• “Assuma o controlo total da sua casa numa só aplicação - EDP IoT 101” (PT) by Luís Catarino and (@)darkcookie
• “Insecure Deserialization 101” (EN/PT) by @csilva

*Social drinks on the house 😉

[Challenge]

Why are you so serial? Grab the flags and ping (@)csilva!
Lvl I: https://pk.apl3b.com/login
Lvl II: https://dn.apl3b.com/login

Mar 27, 2019

[0x72] - The Meet

The last meetup was all about celebrating our already 3-year-old community. We are proud of all the contributions that forged our path along the way and grateful to all members, true team players, who turned this community into a vibrant, collaborative and knowledge-sharing space.

To keep the ball rolling, the 3rd meetup of the year is just around the corner. The agenda is still in the works, so if you have something to share, step up and tell us about it. In the meantime, don’t forget to stay tuned for the latest updates.

As usual, we ask you for some help with the logistics. Be sure to RSVP yes only when you are 100% sure you can attend. Thanks in advance.

In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with other members.

Hope to see you soon.

[Goals]

Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.

[Agenda]

Who are you? (New participants small introduction)

• “How to transform security awareness into a product - an experimental approach” (EN) by Anett Stoica
• “Configuration Management and Security with Salt” (EN/PT) by João Valente

*Social drinks on the house 😉

[Challenge]

The loudest voice in the room is rarely the most right.
$ wget 137.117.211.194/omegalul.bmp

Grab the flag and ping (@)ArmySick!

Apr 23, 2019

[0x73] - The Meet

Who says rabbits are the only ones that can throw a wicked egg hunt?

After the cold and gloomy winter, bursts of sunshine have finally come to make us smile! It is by no means time to laze around, it’s time, instead, to spring into action. When we join the forces for the 4th meetup of the year, we’ll be unearthing easter eggs and debunking myths in the world of IoT. We know it’s here to stay. Everywhere we look, there’s a new integration or a mobile application. Not everyone is a happy bunny in the land of IoT and mobile, so it’s time to dig deeper and get ready to face the upcoming challenges of this mind-boggling world.

As usual, we ask you for some help with the logistics. Be sure to RSVP yes only when you are 100% sure you can attend. Thanks in advance.

In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with other members.

Spread the word and join us for our next InfoSec egg hunt. You’ll be sorry if you miss this one.

[Goals]

Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.

[Agenda]

Who are you? (New participants small introduction)

• “Internet-of-b̶r̶o̶k̶e̶n̶ -Things: A highly-opinionated overview” (EN/PT) by João Pedro Dias (@)jpdias
• “Low Hanging Fruit On Android” (PT) by (@)zezadas

*Social drinks on the house 😉

[Challenge]

This is a military grade challenge! Check the link http://bit.ly/2ZqwhnJ (+) and ping (@)simps0n with the flag.

May 29, 2019

[0x74] - The Meet

Thanks to you, the last meetup was a great event. It is clear that the road ahead is not without its pitfalls along the way. It would be unwise to stand aloof of the ongoing game and not try to get more tricks under your belt.

Buckle up and get your notepads ready, the 5th meetup of the year will take you on a journey into the world of modern malware and dynamic code instrumentation.

We’re sure you will not want to miss this ride!

As usual, we ask you for some help with the logistics. Be sure to RSVP yes only when you are 100% sure you can attend. Thanks in advance.

In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with other members.

Hope to see you soon.

[Goals]

Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.

[Agenda]

Who are you? (New participants small introduction)

• “Who are you talking to?! Analyzing Android applications with Frida” (EN/PT) by (@)darkcookie
• “Golden Chickens & Malware-as-a-Service” (EN/PT) by Tiago Marques

*Social drinks on the house 😉

[Challenge]

URL: http://0x74.apl3b.com/ - As always get the Flag!
Hint: flag.txt

Ping (@)jmoraissec with the solution.

Jul 2, 2019

[0x75] - The Meet

In June, Porto is on fire! The month is filled with plenty of events that you definitely do not want to miss out on. Don’t forget to mark the TECHinPORTO 2019 (the 13th to the 14th) on your calendar. Use TIP_OPOSEC_DFLL6GAT code for a 25% discount if you are attending. Security goodies don’t end here; ScaleUp Porto is hosting a Security Masterclass on the 19th. The last week of the month brings all the security geeks the perfect opportunity to network and catch up on the latest trends in the field. Many of the members of our community will be attending and sharing their knowledge at the C-DAYS 2019 happening on the 26th and 27th.

Before we all head to a well-deserved summer break and finishing off this event marathon in style, we’ll be hosting our usual gathering on the first week of July. Get ready, as the 6th meetup agenda is nearly full and the wheels are in motion to once again have a good time sharing experiences and tips. So keep an eye on the agenda for the latest updates and don’t forget to check the ongoing challenge.

As usual, we ask you for some help with the logistics. Be sure to RSVP yes only when you are 100% sure you can attend. Thanks in advance.

In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with other members.

Hope to see you soon.

[Goals]

Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.

[Agenda]

Who are you? (New participants small introduction)

• “Blockchain, A security perspective” (EN/PT) by (@)aap
• “Bounty Life” (EN/PT) by (@)andrebaptista

*Social drinks on the house 😉

[Challenge]

Check this out https://bit.ly/2QTJIZN grab the flag and ping (@)aap!

Sep 24, 2019

[0x76] - The Meet

Heading back to the office after a summer filled with fun and sun is not an easy task. Looking at the bright side, you are probably now feeling more energized than you were a couple of months back. Fear not, we’ve got just the perfect action plan to get you in the right mindset and smoothen the transition.

So get ready, as the 7th meetup agenda is already in place and the wheels are in motion to set up the grand event. Check the program and behold the comeback of familiar faces who will drive you through an epic journey of pwnage as well as reverse sorcery. While you are at it, don’t forget to check awesome summer challenge we got going.

As usual, we ask you for some help with the logistics. Be sure to RSVP yes only when you are 100% sure you can attend. Thanks in advance.

In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with other members.

Hope to see you soon.

[Goals]

Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.

[Agenda]

Who are you? (New participants small introduction)

• “Can I haz credentials? - Using honeypots to extract passwords from live scanners” (EN/PT) by (@)darkcookie
• “Hacking your cable modem” (EN/PT) by Local Underground Greyhat

*Social drinks on the house 😉

[Challenge]

The Summer Challenge is on!

URL: https://summerchallenge.apl3b.com/

Get down and dirty and remember to have fun. For tips and tricks ping (@)nunohumberto, (@)ArmySick and (@)csilva.

Oct 24, 2019

[0x77] - The Meet

Let’s welcome the upcoming season in style and keep the flow from the last meetup. We’re already shaping the 8th meetup of the year and everything is getting ready for a blast of information.

Did you burn your brain solving the summer challenges? Are you just one step closer to the final solution? Some topics are just overkill, we know, but don’t worry, the hackers that are behind the scenes of the grand summer challenge will reveal everything you need to know about it.

As usual, we ask you for some help with the logistics. Be sure to RSVP yes only when you are 100% sure you can attend. Thanks in advance.

In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with other members.

Stay tuned for more, and keep an eye on the agenda. Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.

[Agenda]

Who are you? (New participants small introduction)

• “The Fall of the Summer Challenge” (PT) by (@)nunohumberto, (@)ArmySick and (@)csilva
• “Hacking your cable modem - Part 2” (EN/PT) by (@)fg

*Social drinks on the house 😉

[Challenge]

The Summer Challenge is on!

URL: https://summerchallenge.apl3b.com/

Get down and dirty and remember to have fun. For tips and tricks ping (@)nunohumberto, (@)ArmySick and (@)csilva.

Dec 5, 2019

[0x78] - The Meet

Cheers to you!

It’s time to say a proper farewell to 2019 as it comes to an end. Looking back, we had an outstanding line-up of stimulating and enriching gatherings, all thanks to you.

We can’t thank the speakers and challenge makers enough for their creative and dedicated contributions throughout the year. Nevertheless, needless to say, it is the enthusiasm that all of you put on every single challenge and meetup that makes this community unique and special.

We hope you can join us for the last meetup of the year as we’ll be surfing the web this time in a different mood.

As usual, keep an eye on the agenda and stay tuned for more!

We kindly ask you for some help with the logistics. Be sure to RSVP yes only when you are 100% sure you can attend. Thanks in advance.

In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with other members.

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.

[Agenda]

Who are you? (New participants small introduction)

• “Surf the new wave!” (PT) by (@)scombatti
• “Post domain admin exploitation in Office 365 environments” (EN/PT) by (@)mfbie

*Social drinks on the house 😉

[Challenge]

Baby pwn tu-tu-tu-tu! Application: http://sefod.eu/ctf/xmas_ctfzadas.apk

Get the first two flags ({oposec}XPTO) locally;
For the brave ones, find a way to get the third flag, yup “This_is_the_flag” is your friend but not the final solution, ping (@)zezadas with your exploit chain and you will get the real one.

Remember to pass by the #ch4llenges channel for hints and clues! Submit your flags to (@)zezadas, and most of all, have fun! 🎁