ØxOPOSɆC

2023 Events

Jan 19, 2023

[0x4F53494E54] - The Meet

Greetings, and welcome to 2023!

We are pleased to announce that we are getting the ball rolling with our first meetup. New year, new plans, yet we remain sticklers to the same MO; remember, “more than breaking through challenges, it is all about sharing the knowledge.” If the stars align, we will indeed have a fantastic year ahead.

We’ll be taking off with Pedro Vieira, a community member that will be stepping up to the stage to share some of his experience and knowledge on one of the hottest and most challenging topics, OSINT. Get ready because we will finally be breaking down one of the funniest CTFs we’ve ever had in the community. Be sure to wait for the final write-ups and celebrate our top-ranked players (we have some surprises in store.)

Please bear in mind this is an IRL event with no streams available. Before RSVP-ing, ensure you can attend and physically show up, as good logistics depend on it.

In the meantime, you can join our Slack chat (*) to discuss all kinds of hackish stuff and, of course, interact with other members. *https://bit.ly/3XbyGQu (+)

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

It’s a riddle, a puzzle, a test of your mind Solve it fast, and be kind The prize is worth it, so give it a try And make this Christmas, a joyous time.

URL: https://xmas22.0d.al/

PS: Get help on the usual channel #ch4llenges. (Last Call!)

Feb 23, 2023

[0x5245636F6C6C61707365] - The Meet

We want to thank everyone for joining us at our first meet-up! It was wonderful to kick off 2023 with so many familiar and new faces, a clear sign that our community is still going strong. It’s hard to believe that 0xOPOSEC is already seven years old! The journey has been incredible so far, and we couldn’t be more thrilled to celebrate this fantastic milestone with you.

As part of the festivities, we have a very special guest lined up for our next gathering: none other than one of our most internationally acclaimed community members, André Baptista (@0xACB). He will be running us through some of his latest research. If you are into weird libraries’ behaviors, or you like to dig into the internals of modern software validation logics, and fuzzing sparks your interest, you are definitely in for a treat. So make sure to join us and be part of the fun at our special celebration!

0xOPOSEC wouldn’t be the same without your incredible support. Here’s to seven more years of creating an amazing community with you! We’re sure this year will be just as unique as the last.

Please bear in mind this is an IRL event, before RSVP-ing, ensure you can attend and physically show up, as good logistics depend on it.

In the meantime, you can join our Slack chat (*) to discuss all kinds of hackish stuff and, of course, interact with other members. *https://bit.ly/3XbyGQu (+)

Cheers!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

Why do people take their cereal choices so seriously? Did you know that there are more types of coffee than just the JAVA one? More varieties have emerged on the .NET since 2016. Personally, I prefer EXPRESSo!

URL: https://valentine.sefod.eu/

Have You Found The Flag? Ping (@)Zezadas

Mar 28, 2023

[0x582D526179] - The Meet

During our last celebration, we marked seven remarkable years of sharing knowledge. Despite facing various challenges, our continued existence is a testament to our success. We express our gratitude and pride for all the individuals who have helped build this community. Get ready, as the third event is in the works and promises to be a thrilling experience.

Undoubtedly, exploiting the features of modern applications was and is an exciting and challenging task. During this session, we are thrilled to have Guilherme Scombatti, a well-known and respected member of our community (a wizard that can create value from others’ leftovers), that will once again demonstrate the power of OSINT, this time with some “fairy dust powder”. Sometimes, making a significant impact within a company only requires a meticulous analysis of their everyday technology tools, protocols and exploiting user habits. By cleverly combining tricks and well-known attack methods, tremendous success can be achieved.

If you’re still hesitant to join us, allow us to entice you with Miguel Freitas’ presentation. Miguel is also a well-known figure in our community, and he will demonstrate how to gain access to malicious operation data, starting from a malware sample. A captivating story of modern warfare - an epic tale of hacking the hacker that you wouldn’t want to miss.

Please bear in mind this is an IRL event, before RSVP-ing, ensure you can attend and physically show up, as good logistics depend on it.

In the meantime, you can join our Slack chat (*) to discuss all kinds of hackish stuff and, of course, interact with other members. *https://bit.ly/3XbyGQu (+)

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

TEA is a popular worldwide beverage for its unique flavors and health benefits. It is also a rich source of various vitamins and minerals, including eXtra eXtra small amounts of essential vitamins that can improve your overall well-being. It is lovely when it is fresh and with some nuts.

PS: Get help on the usual channel #ch4llenges and ping (@)Zezadas w/ the flag!

Apr 18, 2023

[0x73656D67726570] - The Meet

Our last gathering was truly special - for the shared knowledge and the unique mix of people from different backgrounds and expertise coming together. We are thrilled to have such a dynamic community and super excited to make the next meetup even better!

Get ready to be empowered by the outstanding Duarte Duarte as he takes the stage to set you off on the mission to develop the best and most secure code using the powerful and intriguing tool Semgrep. If you are unfamiliar with it, do not fret, we’ve got you covered. If you’ve used it before, stay tuned as we’ll share valuable insights on the challenges of using it on a large scale.

And if you still need more and want to take your hacking skills to the next level? Join our fearless Zezadas for a joint hacking adventure that will put a shady home device through its paces. Get ready to witness some serious ninja tricks, shell popping, and a humorous presentation (as always!).

Please bear in mind this is an IRL event, before RSVP-ing, ensure you can attend and physically show up, as good logistics depend on it.

In the meantime, you can join our Slack chat (*) to discuss all kinds of hackish stuff and, of course, interact with other members. *https://bit.ly/3XbyGQu (+)

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

While security cameras can provide valuable protection by deterring crime and capturing evidence, there are several ways in which they can do more harm than good. Many cameras and other Internet of Things (IoT) devices are designed with weak security measures, making them vulnerable to hacking and unauthorized access.

Can you look at this URL (https://eyespy.sefod.eu/) and try to exploit potential vulnerabilities?

PS: Get help on the usual channel #ch4llenges and ping (@)Pengrey w/ the flag!

Jun 3, 2023

ØxOPOSɆCHack Day!

We’ve gone out of our way for years to make sure our community is connected. It’s this edge that has gotten us through thick and thin. This time will be no different. We’re coming out with another awesome chance to celebrate the wonders of the InfoSec world. Get ready to get down and dirty with our first Hack Day. All you need is the will to learn and your laptop!

Here’s the plan - we’ll have two beats for the day. In the morning, a set of workshops to pick your brain. In the afternoon, the chance to mingle with fellow hackers and dig more into security topics available on our working stations. This an excellent opportunity to network and pick up some valuable knowledge! Please check out the agenda for everything you need to know.

Heads up - if you RSVP for this event, it’ll only get you access to the afternoon session. Make sure you enroll in the morning training sessions. Workshops have a limited number of spots available. The forms associated with each training will be the ones counting for logistics purposes.

We can’t wait for you to join us for this exciting day! If you’re staying the whole day, don’t worry about lunch – we’ve got that covered.

In the meantime, you can join our Slack chat (*) to discuss all kinds of hackish stuff and, of course, interact with other members. *https://bit.ly/3XbyGQu (+)

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

Workshops - From 10:00 to 13:00 - Limited Spots - Mandatory Form Registration

Please select only one training session to attend, as they will be happening concurrently. The sign-up forms will stay open until we hit the training capacity, plus a waiting list in case any spots open up.

Title: Hardware fault injection, MacGyver style!
Trainer: Pedro Umbelino (@kripthor)
Form: https://bit.ly/HackDay-HardwareFaultInjection

Title: WiFi - It’s free real estate
Trainer: Pedro Rodrigues (@darkcookie)
Form: https://bit.ly/HackDay-WiFiSecurity

Title: Surface Security
Trainers: Duarte Duarte (@dduarte) and Gustavo Silva (@gsilvapt)
Form: https://bit.ly/HackDay-SurfaceSecurity

Title: Real world attacks on Active Directory
Trainer: Gustavo Pinto (@ArmySick)
Form: https://bit.ly/HackDay-ActiveDirectorySecurity

Title: Web Security 101
Trainers: Mariana Fernandes (@kikloki)
Form: https://bit.ly/HackDay-WebSecurity101

Hack The Planet - From 14:00 to 18:00 - Limited Spots - Mandatory RSVP on the Event

Title: Hacked City - Hack Your Way to Victory!
Description: Immerse yourself in a world where hacking becomes a thrilling adventure. This “cutting-edge” creation lets you control a city with moving parts, complete with a Bridge, a Billboard, a Nuclear Power Plant, and a Dam. Each component comes alive when one of the four websites is hacked! Test your skills as a hacker and challenge your friends to an exhilarating race against time. Unleash your creativity, dive into the world of cybersecurity, and experience the adrenaline rush of controlling a city at your fingertips. Get ready to hack your way to victory in the Hacked City!
Organization: Pedro Tarrinho (@Tarrinho)

Title: SDR Explorations
Description: Do you want to learn about radio and Software Defined Radio (SDR)? Too afraid of maths? No worries!!! This workshop will teach you how to use an SDR receiver and transceiver, intercepting the signals, decode them and reversing the messages as also how to communicate back to the device. Feel free to bring your own SDR device’s.
Organization: José Moreira (@Zezadas)

Title: Love is in The Air!
Description: Do you ever wonder if your Wi-Fi network is really secure or if your neighbor can easily sneak onto it? Have you ever been curious about Captive Portals and if it’s possible to bypass them? Are all enterprise wireless networks actually well-protected? If you’re eager to find the answers, have fun, and learn how to crack interesting material, this pitstop is just for you! Bring your laptop and a proper Wi-Fi card, and let’s have a good time!
Organization: Pedro Rodrigues (@darkcookie)

Title: Lockpicking Station
Description: Come hang out at our lockpicking table and explore the exciting world of lockpicking! We have tooling and locks for you to test your skills and knowledge. Whether you’re a seasoned lockpicker or just getting started, you will definitely have fun.
Organization: Duarte Monteiro (@d0kt0r)

Title: BYOHack (Small lighting topics about hacking)
Description: We would love to hear your amazing insights, tips&tricks, or stories about hacking or security in general! Therefore, we encourage all attendees to bring their own lightning talk topics. Our main aim for this event is to share knowledge and insights among fellow enthusiasts while having fun at the same time.
Organization: Renato Rodrigues (@SiMpS0N)

Sep 26, 2023

[0x6261636B] - The Meet

We hope you had time to recharge your batteries for the last stretch of the year. After a short break, we’re back and psyched up to get back in the saddle! Our Hack Day was beyond amazing and has fueled our quest for knowledge even more. So get ready because we have aligned a fantastic agenda for our upcoming back-to-work gathering!

OSINT remains a hot topic, and having a couple of clever tactics up our sleeves is always handy! This is why we are thrilled to introduce Miguel Santareno to the stage. He will tell us about his experiences pursuing malicious actors while sharing his precious tips and tricks.

Hold on to your hats because there’s more. Remember the epic summer challenge we embarked on? Get ready for an action-packed session where we’ll go through every challenge together. We’ve already got a few master solvers, but nothing beats the exhilaration of cracking it yourself and snatching that juicy flag. Btw, the challenge is still on if you’re feeling up for it. Go ahead and give it a shot!

Please keep in mind that this is an in-person event. Before RSVPing, please ensure you can attend and physically show up, as good logistics depend on it.

In the meantime, you can join our Slack chat (*) to discuss all kinds of hackish stuff and, of course, interact with other members. *https://bit.ly/3XbyGQu (+)

We will be thrilled to have you join us!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

Last Call for the Summer Challenge! URL: https://sc23.0d.al/

If you find yourself stuck or in need of hints, don’t hesitate to drop by the #ch4llenges Slack channel. We’ve got a helpful community ready to lend a hand!

Oct 31, 2023

[0x73706F6F6B79] - The Meet

Wow, can you believe it? We’re entering the home stretch of the year. Get ready because we have just the boost you need to make these final months count and finish strong. We’ve got a spooktacular event lined up for you.

Nothing is scarier than the invisible! The world heavily relies on this mysterious force, yet we underestimate its importance. In the midst of it all, security takes the back seat. On a bound-to-be chilling mission, we are thrilled to have two shrewd veterans from our community join us. ̷D̷u̷a̷r̷t̷e̷ ̷M̷o̷n̷t̷e̷i̷r̷o̷ ̷(̷@̷d̷0̷k̷t̷0̷r̷)̷ Guilherme Scombatti (@scombatti) and Pedro Rodrigues (@darkcookie) will bring their experience and expertise to guide us through every twist and turn of this quest to the unseen.

̷J̷o̷i̷n̷ ̷D̷u̷a̷r̷t̷e̷ ̷a̷s̷ ̷h̷e̷’̷l̷l̷ ̷b̷e̷ ̷h̷e̷l̷p̷i̷n̷g̷ ̷u̷s̷ ̷d̷i̷g̷ ̷i̷n̷t̷o̷ ̷t̷h̷e̷ ̷b̷i̷z̷a̷r̷r̷e̷ ̷w̷o̷r̷l̷d̷ ̷o̷f̷ ̷S̷I̷M̷ ̷S̷T̷K̷,̷ ̷a̷ ̷c̷o̷r̷e̷ ̷s̷t̷a̷n̷d̷a̷r̷d̷ ̷o̷f̷ ̷c̷u̷r̷r̷e̷n̷t̷ ̷G̷S̷M̷ ̷s̷y̷s̷t̷e̷m̷s̷ ̷s̷t̷i̷l̷l̷ ̷p̷r̷e̷v̷a̷l̷e̷n̷t̷ ̷t̷o̷d̷a̷y̷.̷ ̷W̷e̷’̷l̷l̷ ̷e̷x̷p̷l̷o̷r̷e̷ ̷t̷h̷e̷ ̷p̷o̷t̷e̷n̷t̷i̷a̷l̷ ̷p̷i̷t̷f̷a̷l̷l̷s̷ ̷a̷n̷d̷ ̷g̷e̷t̷ ̷y̷o̷u̷ ̷v̷a̷l̷u̷a̷b̷l̷e̷ ̷i̷n̷s̷i̷g̷h̷t̷s̷ ̷i̷n̷t̷o̷ ̷w̷h̷a̷t̷ ̷c̷a̷n̷ ̷g̷o̷ ̷w̷r̷o̷n̷g̷.̷ ̷Guilherme will blow your mind with his adventures in the world of bounties. He’ll share some of his tricks to fill your pockets with treats and dive into the nightmares of modern software stacks. Trust me, you won’t be let down! No stone will be left unturned with Pedro, as he’ll get us through the ins and outs of a WiFi Corporate Network audit. Yes, that pervasive unseen tech in every household, office, or mall that makes you cringe. To prevent sleepless nights worrying about the potential risks and challenges of integrating this crucial technology, Pedro is here to address concerns and share precautions and prized tips on implementing and using it safely.

If you are ready to embark on this thrilling and spine-tingling journey with us before RSVPing, please ensure you can attend and physically show up, as good logistics depend on it.

In the meantime, you can join our Slack chat (*) to discuss all kinds of hackish stuff and interact with other members. *https://bit.ly/3XbyGQu (+)

We’ll be spook-tacularly delighted to have you haunt us!” 🎃👻

**Update: Unfortunately, Duarte Monteiro (@d0kt0r) won’t be able to make it to our batty event because something unexpected came up. We’re pretty bummed about it, but luckily Guilherme Scombatti (@scombatti) swooped in at the last minute to save the day.

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

̶-̶ ̶”̶S̶I̶M̶ ̶S̶T̶K̶ ̶E̶x̶p̶l̶o̶i̶t̶ ̶P̶r̶o̶o̶f̶ ̶o̶f̶ ̶C̶o̶n̶c̶e̶p̶t̶”̶ ̶(̶P̶T̶/̶E̶N̶)̶ ̶b̶y̶ ̶D̶u̶a̶r̶t̶e̶ ̶M̶o̶n̶t̶e̶i̶r̶o̶ ̶(̶@̶d̶0̶k̶t̶0̶r̶)̶

[Challenge]

Unseen and invisible forces hold sway, shrouded in mystery, compiling a spine-tingling flag.

URL: https://pathonproject.com/0x73706F6F6B79/

PS: Get help on the usual channel #ch4llenges and ping (@)SiMpS0N w/ the flag!

Dec 6, 2023

[0x53414D58] - The Meet

The jolly season is here, and before wrapping up another awesome year, we wanted to thank you for your unwavering enthusiasm in every challenge and meetup, raising the bar, and propelling the community forward. Big thanks and a special shoutout to our amazing speakers and wicked challenge creators! You’re the ultimate glue that holds this community together and the ones who get us ready to rock in this brave new world.

Diving right into our last gathering of the year! W̸e̸ ̸a̸r̸e̸ ̸t̸h̸r̸i̸l̸l̸e̸d̸ ̸t̸o̸ ̸a̸n̸n̸o̸u̸n̸c̸e̸ ̸t̸h̸a̸t̸ ̸J̸e̸a̸n̸-̸F̸r̸a̸n̸ç̸o̸i̸s̸ ̸M̸o̸u̸s̸i̸n̸h̸o̸ ̸(̸@̸j̸e̸m̸o̸s̸)̸ ̸w̸i̸l̸l̸ ̸j̸o̸i̸n̸ ̸u̸s̸ ̸o̸n̸ ̸s̸t̸a̸g̸e̸.̸ ̸H̸e̸ ̸w̸i̸l̸l̸ ̸s̸h̸a̸r̸e̸ ̸h̸i̸s̸ ̸e̸x̸p̸e̸r̸t̸i̸s̸e̸ ̸i̸n̸ ̸c̸h̸i̸p̸ ̸d̸e̸v̸e̸l̸o̸p̸m̸e̸n̸t̸,̸ ̸s̸h̸e̸d̸d̸i̸n̸g̸ ̸l̸i̸g̸h̸t̸ ̸o̸n̸ ̸t̸h̸e̸ ̸u̸b̸i̸q̸u̸i̸t̸o̸u̸s̸ ̸p̸r̸e̸s̸e̸n̸c̸e̸ ̸o̸f̸ ̸g̸r̸e̸e̸n̸ ̸b̸o̸a̸r̸d̸s̸ ̸i̸n̸ ̸v̸a̸r̸i̸o̸u̸s̸ ̸d̸o̸m̸a̸i̸n̸s̸,̸ ̸f̸r̸o̸m̸ ̸s̸i̸l̸i̸c̸o̸n̸ ̸t̸o̸ ̸s̸e̸c̸u̸r̸i̸t̸y̸.̸ ̸G̸e̸t̸ ̸r̸e̸a̸d̸y̸ ̸f̸o̸r̸ ̸a̸n̸ ̸i̸n̸s̸i̸g̸h̸t̸f̸u̸l̸ ̸i̸n̸t̸r̸o̸d̸u̸c̸t̸i̸o̸n̸ ̸t̸o̸ ̸c̸h̸i̸p̸ ̸d̸e̸v̸e̸l̸o̸p̸m̸e̸n̸t̸,̸ ̸i̸m̸p̸l̸e̸m̸e̸n̸t̸a̸t̸i̸o̸n̸,̸ ̸a̸n̸d̸ ̸v̸u̸l̸n̸e̸r̸a̸b̸i̸l̸i̸t̸i̸e̸s̸.̸ We’re delving into Prototype Pollution (PP), a relatively overlooked vulnerability class within the JavaScript domain. Renato Rodrigues (@simps0n) will guide us through the fundamental principles, mitigation strategies, and exploration techniques. By the end (hopefully), Prototype Pollution won’t be an unfamiliar concept anymore.

Our second speaker needs no intro; Pedro Vilaça (@fG) is a master of reverse engineering. He’ll take us on a journey of reversing the recent Flare On 2023 Challenge #12, a virtual machine that hides and obfuscates the flag operations. In his own words, a “cute challenge” to dig in and have some fun.

Just a friendly reminder: this is an in-person event. Before RSVPing, please double-check that you can attend and be there in person. Good logistics rely on it!

Meanwhile, you can hop into our Slack chat (*) to discuss all kinds of hackish stuff and connect with other members. *https://bit.ly/3XbyGQu (+)

We’ll be stoked to have you with us!

**Update: Unfortunately, Jean-François Mousinho (@jemos) won’t be able to make it to our event because of unexpected health issues. We wish him a quick recovery and look forward to the next opportunity.

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

-̵ ̵”̵H̵a̵r̵d̵w̵a̵r̵e̵ ̵C̵h̵i̵p̵s̵ ̵a̵n̵d̵ ̵S̵e̵c̵u̵r̵i̵t̵y̵”̵ ̵(̵E̵N̵/̵P̵T̵)̵ ̵b̵y̵ ̵J̵e̵a̵n̵-̵F̵r̵a̵n̵ç̵o̵i̵s̵ ̵M̵o̵u̵s̵i̵n̵h̵o̵ ̵(̵@̵j̵e̵m̵o̵s̵)̵

[Challenge]

Prepare to dive into the world of OSINT! Carefully analyze all details and navigate through a set of questions, each unveiling a crucial clue to enhance your investigative prowess and unveil concealed information. As a note/rule, collect all information passively; refrain from scanning or attacking the selected entity in any form or context.

URL: https://pathonproject.com/zb/?d70ec5a3e4a0fc55#T+ZYCVb83Tzy/v/NWqwNNUbyjINIFadI5H+mTaLRWM4=

PS: Get help on the usual channel #ch4llenges and ping (@)MiguelSantareno w/ the solution!