ØxOPOSɆC

2025 Events

Jan 23, 2025

[0x76392E393939] - The Meet

Hello, 2025!

The new year is here, and we’ve cooked up a kickoff event that’s bound to put you into exploit mode. Yes, calendars roll over, but our appetite for pushing boundaries and uncovering the unknown remains locked and loaded.

Making his grand debut in our little house of secrets, we’re thrilled to welcome PlayStation hack scene veteran José Coixão (@José Coixão) to spill some serious console secrets. If consoles and hacking make your circuits buzz, you’re in for a treat that’s been years in the making. From PS3 to PS4 shenanigans, plus some tasty PS5 insights - this is the kind of insider intel you won’t find in any manual.

Speaking of things hiding in plain sight - guess who’s back? David Sopas (@dsopas) returns to the stage to shake things up with a deep dive into the murky waters of Bluetooth and BLE. Think those innocent wireless signals are just minding their own business? Think again! David’s bringing a real-world case study that’ll have you rethinking your privacy game.

And for those who’ve been losing sleep over our winter challenge - we’ve got your back! Our resident puzzle master, Pedro Rodrigues (@darkcookie), is ready to lift the veil by presenting the usual write-ups and walking us through the intended solutions and happy paths.

Just a friendly reminder: this is an in-person event. Before RSVPing, please double-check that you can attend and be there in person. Good logistics rely on it!

In the meantime, you can join our Slack chat (https://bit.ly/3XbyGQu) to discuss all kinds of hackish stuff and, of course, interact with other members.

This kickoff is your ticket to starting 2025 with some serious ammunition in your testing arsenal. Don’t miss out on what’s bound to be a wild ride into the new year!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

Winter Challenge (https://oposec-winter.0x90.zone/)
Have fun, enjoy the season, and remember, collect all four flags!

Feb 27, 2025

[0x39F09FA5B3] - The Meet

Thanks to everyone who joined our first meetup of the year. It showcased how to bypass the limitations of solo hacking successfully. Nine years of 0xOPOSEC – who would’ve thought we’d make it this far without getting completely pwned?

For this anniversary bash, we’ve got a killer lineup. Rodrigo Lima (@Pengrey) is back! Remember his last hilarious talk on malware development? Prepare for another dose of insightful hacking. This time, he’s tackling the sneaky risks of client-side data filtering, revealing the “hidden” data left in the dust—all through a real-life story straight from the trenches you won’t want to miss!

But that’s not all! Duarte Monteiro (@d0kt0r), an original c0r3 member, makes a grand return to our stage. He’ll give us the lowdown on SIM card vulnerabilities, showing how OTA binary SMS and SIM card applets can be exploited. Mobile network geeks out there, this is your chance to level up!

Just a friendly reminder: this is an in-person event. Before RSVPing, please double-check that you can attend and be there in person. Good logistics rely on it!

In the meantime, you can join our Slack chat (https://bit.ly/3XbyGQu) to discuss all kinds of hackish stuff and, of course, interact with other members.

You’re the reason 0xOPOSEC is still kicking. Here’s to many more years of learning, networking, and hacking, with you at the heart of it all! 🚀

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

Jenkins is a trusted automation tool, but sometimes, hidden weaknesses can expose more than they should. With careful exploration and the proper techniques, you’ll piece together the clues and uncover the flag buried within the system.

Are you ready to dig deep into one of the 2024 nightmares? Visit http://madlabs.pw:8080 and have fun!

⚠️ Note: Ping (@)SiMpS0N with the flag and play fair! Avoid making destructive changes—keeping the system intact ensures everyone enjoys the challenge.

Mar 27, 2025

[0x48695F4D617374657221] - The Meet

Last time, we knocked it out of the park. We didn’t just hit a milestone; we showed this community keeps raising the bar. And guess what? Third time’s the charm, and we have a speaker lineup that’ll overload your notebooks (and exploit kits).

First up, Miguel Freitas (@mbie) returns, this time wearing a different hat. Ever felt like you’re playing whack-a-mole with security while trying to build effective defenses? Miguel’s been there, done that, and he’s bringing the battle-tested blueprint for a blue team. Expect deep insights, zero fluff, and a heap of ‘aha!’ moments.

Ready to sharpen your offensive skills? Guilherme Scombatti (@scombatti) is back to expose the soft underbelly of the new AI overlords. In this AI wild west, vulnerabilities are ripe for the picking. Learn to bend these bots to your will, unlocking hidden treasures and critical intel. It might just be your ticket to that sweet bounty that lights up your day.

Just a friendly reminder: this is an in-person event. Before RSVPing, please double-check that you can attend and be there in person. Good logistics rely on it!

In the meantime, you can join our Slack chat (https://bit.ly/3XbyGQu) to discuss all kinds of hackish stuff and, of course, interact with other members.

Don’t miss out. Your FOMO will be justified.

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

Our mission-critical shutdown procedure has a flaw, but no one has noticed until now! Can you exploit the system and find a way to execute arbitrary code?

Server: madlabs.pw 1337
Files: shutdown_procedure (binary) | shutdown_procedure.cpp (source)

⚠️ Note: Ping (@)vibrio or (@)SiMpS0N with the flag and play fair! Avoid making destructive changes—keeping the system intact ensures everyone enjoys the challenge.

Apr 29, 2025

[0x0x5F7375625F41414141] - The Meet

Spring’s in the air, and so is the smell of digital upheaval! We’re kicking off our fourth meetup, packed with insights ripped from the national headlines and the global grid. Get ready for a double dose of intel that cuts through the noise.

First, our OSINT geek, Pedro Vieira (@Shell5), is back to unraveling the political scandal that rocked the nation. He’ll show you how public data laid bare the government’s downfall—because, let’s face it, secrets are overrated.

Then, Pedro Vilaça (@fG), the resident reverse engineering wizard, dives deep into the guts of macOS cracks from the infamous TNT warez group. He’s leaving no byte unturned, exposing their architecture, sneaky obfuscation, and anti-debugging tricks. This is your chance to get a front-row seat to the cyber arms race and a reality check that there’s no such thing as a free lunch.

Gear up for a session that’ll sharpen your OSINT skills and reverse-engineering chops. Don’t be the one hearing about it later and spring into action.

Just a friendly reminder: this is an in-person event. Before RSVPing, please double-check that you can attend and be there in person. Good logistics rely on it!

In the meantime, you can join our Slack chat (https://bit.ly/3XbyGQu) to discuss all kinds of hackish stuff and, of course, interact with other members.

Don’t miss out. Your FOMO will be justified.

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

TBA