ØxＯＰＯＳɆＣ

2025 Events

[0x76392E393939] - The Meet

Hello, 2025!

The new year is here, and we’ve cooked up a kickoff event that’s bound to put you into exploit mode. Yes, calendars roll over, but our appetite for pushing boundaries and uncovering the unknown remains locked and loaded.

Making his grand debut in our little house of secrets, we’re thrilled to welcome PlayStation hack scene veteran José Coixão (@José Coixão) to spill some serious console secrets. If consoles and hacking make your circuits buzz, you’re in for a treat that’s been years in the making. From PS3 to PS4 shenanigans, plus some tasty PS5 insights - this is the kind of insider intel you won’t find in any manual.

Speaking of things hiding in plain sight - guess who’s back? David Sopas (@dsopas) returns to the stage to shake things up with a deep dive into the murky waters of Bluetooth and BLE. Think those innocent wireless signals are just minding their own business? Think again! David’s bringing a real-world case study that’ll have you rethinking your privacy game.

And for those who’ve been losing sleep over our winter challenge - we’ve got your back! Our resident puzzle master, Pedro Rodrigues (@darkcookie), is ready to lift the veil by presenting the usual write-ups and walking us through the intended solutions and happy paths.

Just a friendly reminder: this is an in-person event. Before RSVPing, please double-check that you can attend and be there in person. Good logistics rely on it!

In the meantime, you can join our Slack chat (https://bit.ly/3XbyGQu) to discuss all kinds of hackish stuff and, of course, interact with other members.

This kickoff is your ticket to starting 2025 with some serious ammunition in your testing arsenal. Don’t miss out on what’s bound to be a wild ride into the new year!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

• “A Brief History of the Playstation Scenes” (PT/EN) by José Coixão (@José Coixão)
• “The Parking Chronicles - A DIY Guide to Controller Detection” (PT/EN) by David Sopas (@dsopas)
• “The End of the Winter Challenge” (PT/EN) by Pedro Rodrigues (@darkcookie)

[Challenge]

Winter Challenge (https://oposec-winter.0x90.zone/)
Have fun, enjoy the season, and remember, collect all four flags!

Feb 27, 2025

[0x39F09FA5B3] - The Meet

Thanks to everyone who joined our first meetup of the year. It showcased how to bypass the limitations of solo hacking successfully. Nine years of 0xOPOSEC – who would’ve thought we’d make it this far without getting completely pwned?

For this anniversary bash, we’ve got a killer lineup. Rodrigo Lima (@Pengrey) is back! Remember his last hilarious talk on malware development? Prepare for another dose of insightful hacking. This time, he’s tackling the sneaky risks of client-side data filtering, revealing the “hidden” data left in the dust—all through a real-life story straight from the trenches you won’t want to miss!

But that’s not all! Duarte Monteiro (@d0kt0r), an original c0r3 member, makes a grand return to our stage. He’ll give us the lowdown on SIM card vulnerabilities, showing how OTA binary SMS and SIM card applets can be exploited. Mobile network geeks out there, this is your chance to level up!

Just a friendly reminder: this is an in-person event. Before RSVPing, please double-check that you can attend and be there in person. Good logistics rely on it!

In the meantime, you can join our Slack chat (https://bit.ly/3XbyGQu) to discuss all kinds of hackish stuff and, of course, interact with other members.

You’re the reason 0xOPOSEC is still kicking. Here’s to many more years of learning, networking, and hacking, with you at the heart of it all! 🚀

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

• “Celebrating 9 years of sharing!” (PT/EN) by Renato Rodrigues (@SiMpS0N)
• “The Bad Side Of Client Side” (PT/EN) by Rodrigo Lima (@Pengrey)
• “Over-the-Air, Under-the-Radar: SIM Card Exploits Overview” (PT/EN) by Duarte Monteiro (@d0kt0r)

[Challenge]

Jenkins is a trusted automation tool, but sometimes, hidden weaknesses can expose more than they should. With careful exploration and the proper techniques, you’ll piece together the clues and uncover the flag buried within the system.

Are you ready to dig deep into one of the 2024 nightmares? Visit http://madlabs.pw:8080 and have fun!

⚠️ Note: Ping (@)SiMpS0N with the flag and play fair! Avoid making destructive changes—keeping the system intact ensures everyone enjoys the challenge.

Mar 27, 2025

[0x48695F4D617374657221] - The Meet

Last time, we knocked it out of the park. We didn’t just hit a milestone; we showed this community keeps raising the bar. And guess what? Third time’s the charm, and we have a speaker lineup that’ll overload your notebooks (and exploit kits).

First up, Miguel Freitas (@mbie) returns, this time wearing a different hat. Ever felt like you’re playing whack-a-mole with security while trying to build effective defenses? Miguel’s been there, done that, and he’s bringing the battle-tested blueprint for a blue team. Expect deep insights, zero fluff, and a heap of ‘aha!’ moments.

Ready to sharpen your offensive skills? Guilherme Scombatti (@scombatti) is back to expose the soft underbelly of the new AI overlords. In this AI wild west, vulnerabilities are ripe for the picking. Learn to bend these bots to your will, unlocking hidden treasures and critical intel. It might just be your ticket to that sweet bounty that lights up your day.

Just a friendly reminder: this is an in-person event. Before RSVPing, please double-check that you can attend and be there in person. Good logistics rely on it!

In the meantime, you can join our Slack chat (https://bit.ly/3XbyGQu) to discuss all kinds of hackish stuff and, of course, interact with other members.

Don’t miss out. Your FOMO will be justified.

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

• “No Bluesh*t - A keynote about building a decent SOC” (PT/EN) by Miguel Freitas (@mbie)
• “Breaking the Bot” (PT/EN) by Guilherme Scombatti (@scombatti)

[Challenge]

Our mission-critical shutdown procedure has a flaw, but no one has noticed until now! Can you exploit the system and find a way to execute arbitrary code?

Server: madlabs.pw 1337
Files: shutdown_procedure (binary) | shutdown_procedure.cpp (source)

⚠️ Note: Ping (@)vibrio or (@)SiMpS0N with the flag and play fair! Avoid making destructive changes—keeping the system intact ensures everyone enjoys the challenge.

Apr 29, 2025

[0x0x5F7375625F41414141] - The Meet

Spring’s in the air, and so is the smell of digital upheaval! We’re kicking off our fourth meetup, packed with insights ripped from the national headlines and the global grid. Get ready for a double dose of intel that cuts through the noise.

First, our OSINT geek, Pedro Vieira (@Shell5), is back to unraveling the political scandal that rocked the nation. He’ll show you how public data laid bare the government’s downfall—because, let’s face it, secrets are overrated.

Then, Pedro Vilaça (@fG), the resident reverse engineering wizard, dives deep into the guts of macOS cracks from the infamous TNT warez group. He’s leaving no byte unturned, exposing their architecture, sneaky obfuscation, and anti-debugging tricks. This is your chance to get a front-row seat to the cyber arms race and a reality check that there’s no such thing as a free lunch.

Gear up for a session that’ll sharpen your OSINT skills and reverse-engineering chops. Don’t be the one hearing about it later and spring into action.

Just a friendly reminder: this is an in-person event. Before RSVPing, please double-check that you can attend and be there in person. Good logistics rely on it!

In the meantime, you can join our Slack chat (https://bit.ly/3XbyGQu) to discuss all kinds of hackish stuff and, of course, interact with other members.

Don’t miss out. Your FOMO will be justified.

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

• “Private Business, Public Fallout: How OSINT Took Down Portugal’s Government” (PT/EN) by Pedro Vieira (@Shell5)
• “Maybe Cracking the Crackers - Is Cyber war real?” (PT/EN) by Pedro Vilaça (@fG)

[Challenge]

This remote administration system is fresh out of the dev oven. Features are still being tested, but security? Bulletproof. And no prophecy will let you in without the key! Do your best. Can you get the flag?

URL: http://madlabs.pw

⚠️ Note: Ping (@)jmoraissec or (@)SiMpS0N with the flag and play fair! Avoid making destructive attacks—keeping the system intact ensures everyone enjoys the challenge.

Jun 14, 2025

ØxＯＰＯＳɆＣHack Day! One-Pager

Calling all g33ks out there, the second Hack Day is coming your way. Get ready for a day of hands-on action, technical deep dives, and fun that only happens when g33ks gather! Whether you want to level up your skills, explore uncharted territory, or play with something cool, we’ve got your back. Just bring your brain and your laptop!

The agenda is a two-part symphony. The morning is dedicated to brain-picking workshops to get the neurons firing. In the afternoon, it’s time to mingle with fellow hackers and dive into hands-on projects at your own pace at our hack stations. This is your chance to network and snag valuable intel, so don’t sleep on it. Peep the agenda for the full picture.

Heads up! Your RSVP for this event only gets you into the afternoon hacking zone. To join one of the morning workshops, you must hit up the separate sign-up form linked to each training. Remember, seats are limited! For smooth logistics’ sake, only those who submit the form will be allocated a spot, so make sure you grab yours!

We’re stoked to have you join us for this epic day! If you’re in for the long haul, lunch is on us – no need to pack your own snacks.

While you wait for the big event, jump into our Slack chat (bit.ly/0xmadlabs) to talk all kinds of hackish stuff and hang out with the rest of the community.

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

Workshops - From 10:00 to 13:00 - Limited Spots - Mandatory Form Registration

Please select only one training session to attend, as they will be happening concurrently. Registrations will officially open on Monday, May 19th at 12:00 (GMT+1), mark your calendar! The sign-up forms will stay open until we hit the training capacity, plus a waiting list in case any spots open up.

Title: BLE 101
Trainer: David Sopas (@dsopas)
Form: https://forms.gle/NepcLWF1CcFaW5SS7

Title: Kubernetes Security - To Road Less Travelled
Trainer: Pedro Rodrigues (@darkcookie)
Form: https://forms.gle/DirfVRBSW6gwh5c89

Title: From Employee to Domain Admin - Intro to Active Directory Attacks
Trainer: Gustavo Pinto (@ArmySick)
Form: https://forms.gle/2WfoPrfAeC9mJeuV9

Title: Mobile OWASP Top10 - A Dive into Pentesting Techniques
Trainers: José Moreira (@zezadas)
Form: https://forms.gle/mVjunkuYWHupUmF66

Note: We will contact all trainees one week before the workshop to confirm your enrollment. If a trainee fails to confirm their attendance on time, it will be deemed invalid, and their slot will be given to the first person on the waiting list.

Hack The Planet - From 14:00 to 18:00 - Limited Spots - Mandatory RSVP on the Event

Title: Hacked City - Take II!
Description: Step into the electrifying world of Hacked City, where hacking meets hands-on adventure. This dynamic experience puts you in command of a city powered by your cyber skills. From a rising Bridge and flashing Billboard to a roaring Nuclear Power Plant and a rumbling Dam — each structure reacts in real-time when one of four target websites is breached. Put your hacking instincts to the test and race against your friends to trigger every part of the city. Whether you’re exploring cybersecurity or just love a good challenge, Hacked City invites you to think fast, act smart, and hack your way to victory. Are you ready to take control?
Organization: Pedro Tarrinho (@Tarrinho)

Title: Hardware Hacking 101
Description: Join us in the hardware hacking space and adventure into the world of the electron and the switch, the beauty of the baud. We will have both the tools and the targets for you to learn and experiment with embedded devices — how to tear them open and learn how to tap into them directly in order to bypass security controls. Techniques showcased will include how to use multimeters and serial analyzers to find and connect to UART ports, decode I2C signals, and learn about different types of devices and firmware, and how to dump and unpack them. Targets will include routers and microcontrollers of different kinds and architectures. Feel free to bring your own device to play with! Laptops with Linux and USB cables are also a must-have to get your hands dirty.
Organization: João Dias (@jpdias)

Title: Lockpicking Station
Description: Come hang out at our lockpicking table and explore the exciting world of lockpicking! We have tooling and locks for you to test your skills and knowledge. Whether you’re a seasoned lockpicker or just getting started, you will definitely have fun.
Organization: Duarte Monteiro (@d0kt0r)

Title: BYOHack
Description: Got a cool hack, clever trick, or security war story? We want to see it or hear it! As part of our Hack Day, we’re hosting a mini show-and-tell session where attendees can share their creations, discoveries, or hands-on experiences, whether it’s a polished tool or a half-broken proof of concept. The goal? Learn from each other, spark ideas, and have a blast doing it. So bring your hack and join the fun! Want to take part? Just fill out https://forms.gle/TynrFqo1eoZjPjyh7 to sign up!
Organization: Renato Rodrigues (@SiMpS0N)