ØxOPOSɆC

2020 Events

Jan 30, 2020

[0x79] - The Meet

To kick off 2020 the best way possible, there’s nothing better than a meetup to inspire and energize us all. This time some of our community veterans will be sharing their takes in this brave new world. Don’t miss out on this great opportunity to (hopefully) learn something new and the chance to mingle with g33ks who share the same passion for the infosec world as you.

We kindly ask you for some help with the logistics. Be sure to RSVP yes only when you are 100% sure you can attend. Thanks in advance.

In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with other members.

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.

[Agenda]

Who are you? (New participants small introduction)

*Social drinks on the house 😉

[Challenge]

We hope you’re ready for some crypto! URL: https://ç.pw/

Remember to pass by the #ch4llenges channel for hints and clues! Grab your flags and ping (@)nunohumberto , and most of all, have fun!


Feb 20, 2020

[0x7A] - The Meet

This year we were up to a great a start, but we don’t want you to run out of gas. Powered by the knowledge of our community, the 2nd meetup of the year is taking shape with the usual TLC. Don’t forget to check what we have in store for this very special meetup.

It’s party time! Besides plenty of opportunities to learn and share something new and the chance to mingle with g33ks, who share the same passion for the infosec world as you, we’ll be celebrating our 4th anniversary. You don’t want to miss this one.

We kindly ask you for some help with the logistics. Be sure to RSVP yes only when you are 100% sure you can attend. Thanks in advance.

In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with other members.

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, build an information security community/group in the Porto area and, the most important thing, have fun.

[Agenda]

Who are you? (New participants small introduction)

*Social drinks on the house 😉

[Challenge]

Are you the ultimate JS ninja? Grab the flag from http://bit.ly/0x7A and ping (@)simps0n!


Apr 22, 2020

[0x0A] - The Virtual Meet

Greetings from the confined world!

Last time we celebrated our 4th anniversary and dug deep into the guts of the web world. It seems there’s still a lot of unearthing to do, so in our next meetup, we’ll keep on dissecting more technologies that are widely used and taking a peek on how to hack the world that surrounds us.

Under the current restrictions, we’re moving to the online world. Special times call for special sessions. We bet you won’t feel disappointed with this change if you know who is joining us next time we meet. Drumroll, please, we are proud to announce that we have the honour and pleasure to have Sébastien Dudek (@FlUxIuS) presenting “RF Shadow Plays” at our next meetup.

Saying that Sébastien has a particular interest in radio communication technologies, hardware, and networks, doesn’t do him justice. He is a Jack of all trades as long as there are 0s and 1s involved. Speaker at several key security conferences, Sébastien Dudek is the Hacker in every sense of the word.

Yes, you are right; it will be a blast!

In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with other members.

Stay tuned for more details. Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

Everything has beauty, but not everyone sees it. URL: https://sefod.eu/sdr/rtl_sdr_1e6hz.zip SHA256: 8c6a05e22e62d95e99be505a39e5d1cb9c26d98e7171682c95f83d2e456ec716

Grab the flag and ping (@)zezadas!


Jun 9, 2020

[0x0B] - The Virtual Meet

After a successful virtual meetup, our quest will, for the time being, continue to be set on the online world. Nevertheless, we will still be bringing you the very best of the field to share their knowledge. This time, we’ll be dissecting one of the most used CMS in the world. Yes, we are talking about WordPress!

We are proud to announce that we have the honour and pleasure to have Simon Scannell (@scannell_simon) among us to present his epic journey in the WordPress world. One that has led him to find security vulnerabilities that have been unnoticed throughout the years.

Simon Scannell is a self-taught security researcher who is passionate about web application security and savvy at coming up with new ways to find and exploit vulnerabilities. His work took him to a respectful 1st place in the H1 platform for the WordPress BBP and earned him a fantastic nomination for the Pwnie Award 2019. He is the author of several blog posts in the RIPS Technologies Blog and a speaker at several key security conferences.

You sure don’t want to miss the opportunity to drop by, meet him, and spend quality time learning something new.

In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with other members.

Stay tuned for more details. Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

Foxtrot Lima Alfa Golf { Tango Hotel Echo Sierra Uniform Mike Mike Echo Romeo Charlie Hotel Alfa Lima Lima Echo November Golf Echo India Sierra Charlie Oscar Mike India November Golf ! }


Sep 24, 2020

[0x0C] - The Virtual Meet

What a year, 2020 will definitely go down in history. Hopefully, you managed to get a well-deserved break and are now pumped. We want to help you pick up the slack and give you an extra boost so you can finish the year strong.

We’re back, and it will come as no surprise for you, still in the virtual world. Circumstances aside, we have been able, up to this point, to set top-notch meetups, and we want to keep going this way.

For our soon-to-be comeback, we will be bringing you nothing but the best. If you have been working in the AppSec turf in the last years, the name will surely ring a bell. Jack of all trades, pioneer in the bug bounty world, with a fantastic research portfolio and always keen to share his knowledge, we have the pleasure of welcoming David Sopas (@dsopas). David will be sharing once more tips and tricks that will help you with your next security challenge.

As if this wasn’t enough, we will also be having savvy Nuno Humberto with us. A veteran in our community that you certainly know about. You don’t want to miss this opportunity as he will be running you through the geeky and fun stuff of our epic 2020 Summer Challenge.

Don’t be shy and get your spot in this event!

In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with other members.

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

Last Call for the Summer Challenge https://ctf.apl3b.com/!


Oct 27, 2020

[0x0D] - The Virtual Meet

Goodbye Summer, Hello Autumn. Time flies, even when we’re facing the new normal. When dealing with so many unknowns, it is comforting to know you can rely on some things to keep us all going. We want to make sure that we are not falling short of your expectations and bring you every time the very best in the field and tons of knowledge to soak up. That’s right, you’ve guessed it, the 6th meetup is upon us, and we will be welcoming an epic speaker once more.

You might have seen him on TV or found his legendary bugs on mainstream media. He is a speaker at several key security conferences handling top-notch research ranging from fancy green boards to testing daily technology limits. It is a pleasure to announce that we will be having Pedro Umbelino (@kripthor) among us.

Next time, we will keep getting to the heart of the world of Red Teams, and who better than a true hacker to share his experience and know-how.

Don’t forget to get your free pass and join us in one more great event!

In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with other members.

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

Rui Tinto admitted having some information about the snitch from the 0XOPOLEAKS. However, he’s unwilling to give the passwords unless his demands of having Kripthor on 0xOPOSEC get fulfilled. Meanwhile, government forces tried to crack the passwords with no success. We know from underground sources that Rui Tinto does cipher each file individually for higher security and privacy. We manage to put our hands on his top-notch closed source software used for encrypting the information.

Leak: https://sefod.eu/oposec/underground_leaks.tar.gz

Can you get the juicy bits? Ping (@)zezadas with the flag!


Dec 9, 2020

[0x0E] - The Virtual Meet

Messy 2020 is drawing to a close (and maybe that’s a good thing). Looking on the bright side, we managed to stick together through all this adversity, and we kept sharing our tricks of the trade. We still have one last trick up our sleeves that will knock your socks off. That’s right, the 7th and final meetup of the year is upon us, and we have a bundle of goodies coming your way. It’s only fair. You deserve it!

Exceptional times call for exceptional sessions, and it is exactly what you will get! We are proud to announce that we have the honor and pleasure to have Nicolas Grégoire (@Agarri_FR) among us presenting one of his favorite vulnerability classes in his epic talk “Server-side browsing considered harmful”.

Nicolas Grégoire is a well-known security researcher with remarkable work in the web security field. If you have been digging the XML, XSLT, or SSRF world, he is undoubtedly no stranger to you. Besides being a speaker at several key security conferences, he shares his knowledge via excellent blog posts and outstanding publications. You can also find him sharing his top-notch tips and tricks at @MasteringBurp. In the last few years, he has dedicated his time to deliver one of the most reliable web security training sessions - “Mastering Burp Suite Pro: 100% Hands-On”.

We’re sure you will not want to miss out on the opportunity to meet him and spend quality time learning something new. Don’t be a stranger. You are more than welcome to drop by.

In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with other members.

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

Note: And the usual challenge write-up.

[Challenge]

The last mission was a success, and the government forces gave us another project, the information is short, but we know that we are on the path of the 0xOPOLEAKS. We think this is somehow related to mobile communications, can you help us?

File: //sefod.eu/ctf/signal.wav

If you get the juicy content, please ping (@)zezadas (with the flag!).