ØxOPOSɆC

2022 Events

Feb 03, 2022

[0x6C6461703A2F2F] - The Virtual Meet

We announced our first event last year by saying that things were starting on the wrong foot; it is no surprise that Omicron has thrown us off a bit at the beginning of 2022. If our strategy worked last year, we might as well stick to our guns, i.e. get together and grow while sharing knowledge and having fun in the meantime. It does not only sound like an awesome plan; it actually works, taking into account all the great feedback we have been receiving from everyone.

Without further ado, we are delighted to announce that for our first virtual meetup of the year, we are bringing you the fantastic work of two veteran members of the community - Ricardo Almeida (@vibrio) and Gustavo Pinto (@ArmySick). Working in our daily challenges sometimes feels like we’re in a saga - plenty of adventures, puzzles to solve, brain teasers and mind-boggling phenomena… throughout our missions, we learn! During our 1st meetup of the year, our heroes will bring us a real quest from the web realm to a DA and what a fantastic journey it is. Don’t miss the opportunity to get into this adventure and learn some tricks of the trade that may be handy for you hereafter.

In the meantime, you can join our Slack chat (https://join.slack.com/t/0xmadlabs/shared_invite/zt-11sdq55o1-QEG5h96Amj05s2EV33bPwA) to discuss all kinds of hackish stuff and, of course, interact with other members.

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

Note: And the usual challenge write-up.

[Challenge]

Last Christmas, I gave you my leaks But the very next day, you gave it away This year, to save me from tears I’ll give you a special challenge

URL: http://xmas2021.sefod.eu/

Ping (@)zezadas w/ the flag(s) and get help on the usual channel #ch4llengesLast Try!

Feb 24, 2022

[0x6C6F63616C686F7374] - The Virtual Meet

We hope you enjoyed the freebies and all the tips and tricks shared last time. For the sake of keeping the momentum going, we wanted to let you know of our upcoming gathering. If you liked the first, we’re positive you will want to join us in the second meetup of the year, a pretty special one, by the way.

This time, we have the privilege of having an exceptional old school Portuguese hacker; when in doubt, do some homework and check Phrack Magazine Issue 55 from 1999 (wink wink). He had a knack for finding how things could quickly go south early on and kept developing his art from classic cryptography and forensics arts to IoT and modern radio stacks. He is also a regular speaker at several conferences and meetings. If you are still clueless, it is with great pleasure we tell you that we have the honour to have Luis Grangeia (@lgrangeia) sharing his knowledge with us.

Who said there’s such a thing as too much of a good thing? As if this wasn’t special enough, we count on you to help us blow the candles. Our community is turning six, and we couldn’t be more proud and happy of this fantastic achievement. It is all thanks to you who participate in this project, and it is only fitting we celebrate the event together. So don’t be a stranger and drop by the meeting hall before wrapping up for the day. As usual, no dress code; bring your best mood and let’s party.

In the meantime, you can join our Slack chat (*) to discuss all kinds of hackish stuff and, of course, interact with other members. *https://bit.ly/3JlVVjX

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

Note: And the usual challenge write-up.

[Challenge]

I just got this new keyboard from Vodaphone Portugal, but it looks like something fishy is going on. Could you help me?

File: https://bit.ly/3BflZdr

Ping (@)zezadas w/ the flag and get help on the usual channel #ch4llenges

Mar 29, 2022

[0x6C6F67346A] - The Virtual Meet

Last time, we had the opportunity of celebrating six incredible years of knowledge sharing. We must be doing something right to still stand in the face of all our challenges. This goes without saying that we are thankful for and proud of all the builders of this community. Your contributions turned this affinity space into a dynamic, vibrant, passionate arena of shared interests not only for geeks and the like but also for those moved by curiosity from a wide-ranging variety of fields. Your participation speaks volumes about what we are all about.

Moving on to our 3rd meetup of the year. Next time, we’ll have the pleasure to bring two community members to the stage. Shout out to João Morais (@jmoraissec) and David Mendes (@David Mendes), who will share their real experience in handling what was once one of the vulnerabilities of the century! Yes! We will dig into the world of the infamous Log4j vulnerability and its costs to the enterprise world; Together, they will take us through the journey of handling an incident and, hopefully, provide you with some new insights. If by now you still aren’t in the mood to show up, make up your mind and decide if missing all the tips & tricks that will get dropped this time is really worth it. It’s your call!

In the meantime, you can join our Slack chat (*) to discuss all kinds of hackish stuff and, of course, interact with other members. *https://bit.ly/3JlVVjX

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

Note: And after some time for a Open Forum.

[Challenge -> Open Forum BYOI]

Open Forum Bring Your Own Incident - Talk about your Log4Shell experience or any other incident that teach you something the hard way.

Apr 28, 2022

[0x737072696E67] - The Virtual Meet

The 4th Meetup of the year is in the works. Get ready for some serious mind-boggling enlightenment. Special times require extraordinary measures; this means we are back with our special sessions to help you face up to the challenges that might stand in your way.

This time we have the honour of having among us Glenn Pegden (@GlennPegden). Currently writing a book about the UK Hacking Scene in the 1990s, he still occasionally finds time to do some offensive security research. As an old-school hacker, Glenn enjoys organising security events and is also a speaker at several security conferences. We are sure that you will not want to miss this opportunity, so clean up your agenda and save this time slot.

In the meantime, you can join our Slack chat (*) to discuss all kinds of hackish stuff and, of course, interact with other members. *https://bit.ly/3JlVVjX

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

Clouds Clouds Everywhere! URL: https://clouds.apl3b.com/ Ping (@)apl3b or (@)simps0n w/ the flags.

May 31, 2022

[0x00201A] - The Virtual Meet

It’s heating up, and we feel like leaving the four walls behind and sinking our feet into soft white sand. While we count down for that dolce far niente, we might as well roll up our sleeves and get as much out of the way. We want to keep pushing the envelope and help you forge ahead, and what better way than to gather at our 5th Meetup of the year.

This time, we’ll bring a famous and brilliant community member to the stage; shout out to José Moreira (@zezadas). Together we’ll be digging into hacking computer peripherals’ weird and peculiar world. If you want to get hands-on reversing protocols, windows applications, USB protocols and message types, and some tools of the trade like WinDbg or Ghidra, you will not want to miss this ride.

In the meantime, you can join our Slack chat (*) to discuss all kinds of hackish stuff and, of course, interact with other members. *https://bit.ly/3JlVVjX

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

Note: And the usual challenge write-up.

[Challenge]

Time for some trivia :D Every level has a flag{} waiting for you. Go!

URL: http://0x00201a.madlabs.pw/

Ping @nunohumberto on Slack with your flags!

Jun 28, 2022

[0x636C6173734C6F61646572] - The Virtual Meet

After two long years in lockdown, we are definitely getting the party out into the streets in June. We sure won’t spoil all the fun, and in fact, we want to bring more goodies to the table. This time we’ll be turning back the clock and reconnecting with our core. Are you wondering what’s that all about? Good!

We’ll have an active and talented community member on stage with us, especially when talking about challenges— a big shout out to (@)Pedro Ribeiro. He’ll guide us through the guts of the infamous Spring4Shell vulnerability. By no means will this be an ordinary session. Get ready because this one will be hands-on, and debugging will be in real-time. You don’t need to be a Java expert to join in; core concepts will be explained as well as all you need to know about this vulnerability. Hopefully, this will get you to feel more confident in dealing with this scenario and put you in the position to start looking for more bugs like this.

In the meantime, you can join our Slack chat (*) to discuss all kinds of hackish stuff and, of course, interact with other members. *https://bit.ly/3JlVVjX

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

Note: And the usual challenge write-up.

[Challenge]

Are you gonna make me build a fence? MZ5V6ZCFNZ4WYZ2XGBXGK42BKNQXSYJ7MFUGKX27O56Q====

Ping (@)simps0n or (@)nunohumberto with the flag!

Jul 26, 2022

[0x54504D] - The Virtual Meet

After embracing the new normal, the brightest, most anticipated holiday season comes with a health warning. Amid an intense heatwave, being cool or keeping a cool head at work or anywhere else is hard. Everyone needs to recharge to keep up with the insane InfoSec world. Nevertheless, we’ll surely figure out how to find the time for a most deserved break from the daily grind. Before heading, maybe for a marathon of postponed weddings, concerts, and parties, or a spiritual retreat, here’s an overview of our last event before the summer break.

This time we’ll have the amazing honor of receiving Dirk-jan Mollema (@_dirkjan), hacker and researcher of Active Directory and Azure AD at Outsider Security. You may be familiar with aclpwn, krbrelayx, mitm6, and the Azure AD ROADtools framework, some of the open-source tools published to advance the state of (Azure) AD research. In his blog dirkjanm.io, he posts about attack chains, which included, for instance, the discovery of the PrivExchange vulnerability. Mollema also regularly shares his work at several key conferences.

Together, we’ll explore one of his latest research quests, “Breaking Azure AD joined endpoints in zero-trust environments.” If you are clueless about how Azure AD, Trusted Platform Module (TPM), and zero-trust environments are connected or how messy they can be, you probably won’t want to miss this journey, from discovery to patch (eventually) a walk through the vulnerabilities details. This may well be the route map you need to keep out of a sticky situation.

In the meantime, you can join our Slack chat (*) to discuss all kinds of hackish stuff and, of course, interact with other members. *https://bit.ly/3JlVVjX

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

Note: And the usual challenge write-up.

[Challenge]

URL: https://pathonproject.com/0x54504D/

Oct 27, 2022

[0x49524C] - The Meet

It’s been a while, but we’re finally back! We hope you had the deserved break to recharge and ease your way until the end of the year. One thing we’ve been missing in the last couple of years is having our gatherings in person. That’s right, you guessed it, we’re leaving the remote m.o. and moving the operation to our usual venue. Now, that’s not all yet; we’re hosting a great lineup of talent for you to enjoy.

We’re excited to know that some of our community’s familiar faces made the headlines with their remarkable research. Have you heard about Amazon Ring? Maybe not, but it’s estimated that tens of millions of people are currently using this service. Get ready because you are in for a treat. David Sopas and João Morais are back with us to go through the different vulnerabilities that, when chained together, pose a high risk to one of Amazon’s most sensitive products.

But wait, we’ve got more. And this is great news for those of you who found some of the steps of the Summer Challenge a bit tricky (btw, it’s still on if you want to have a crack at it). We already have a few solvers, but there’s nothing quite like learning to solve the problem yourself and discovering how it can be explored to lead you to the juicy flag.

Finally, just a heads up, this is an IRL event with no streams available. Before RSVP-ing, try and make sure you can not only attend but physically show up, as good logistics depend on it.

In the meantime, you can join our Slack chat (*) to discuss all kinds of hackish stuff and, of course, interact with other members. *https://bit.ly/3JlVVjX

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

Summer Challenge is up and running. There is a total of 11 flags ranging from different areas and on multiple systems. Flags are located on the C:\ drive or in the Administrators’ Desktop folder for windows systems and on the home folder of unprivileged and root users on Linux systems.

URL: https://summerchall22.0d.al/

Check the #ch4llenges channel in Slack to get the VPN file and credentials to start your hacking journey.

Dec 15, 2022

[0x584D4153] - The Meet

After an enforced break-out time, we finally had our meetup in IRL. It was wonderful to have the chance to mingle with such a cheerful crowd, and a blast to see you all again. Everything is en route for this year’s last event, this time full of Xmas vibes. Get ready to grab some gifts and take the challenges we have in store.

Living during this time of the year makes it difficult not to appreciate all the important people in our lives. So it only feels right that we celebrate the ones in our ever-expanding family at our last meetup of the year. We’ve got two of our most seasoned veterans joining us. Duarte Monteiro, aka d0kt0r, is gifting us a pack of handy tips for anyone into modern software development. He will be sharing his mind and experience while taking us through the process of implementing the OWASP SAMM. We’ve also got you covered if you don’t feel like getting into the nitty-gritty of development. We are bringing back to the spotlight José Moreira, aka Zezadas. He has a lot of cool tricks up his sleeve (as always) to teach us how to prank our friends. Be warned; root shells will pop!

Please bear in mind this is an IRL event with no streams available. Before RSVP-ing, ensure you can attend and physically show up, as good logistics depend on it.

In the meantime, you can join our Slack chat (*) to discuss all kinds of hackish stuff and, of course, interact with other members. *https://bit.ly/3JlVVjX

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

It’s a riddle, a puzzle, a test of your mind Solve it fast, and be kind The prize is worth it, so give it a try And make this Christmas, a joyous time.

URL: https://xmas22.0d.al/

PS: Get help on the usual channel #ch4llenges