ØxOPOSɆC

2025 Events

Jan 23, 2025

[0x76392E393939] - The Meet

Hello, 2025!

The new year is here, and we’ve cooked up a kickoff event that’s bound to put you into exploit mode. Yes, calendars roll over, but our appetite for pushing boundaries and uncovering the unknown remains locked and loaded.

Making his grand debut in our little house of secrets, we’re thrilled to welcome PlayStation hack scene veteran José Coixão (@José Coixão) to spill some serious console secrets. If consoles and hacking make your circuits buzz, you’re in for a treat that’s been years in the making. From PS3 to PS4 shenanigans, plus some tasty PS5 insights - this is the kind of insider intel you won’t find in any manual.

Speaking of things hiding in plain sight - guess who’s back? David Sopas (@dsopas) returns to the stage to shake things up with a deep dive into the murky waters of Bluetooth and BLE. Think those innocent wireless signals are just minding their own business? Think again! David’s bringing a real-world case study that’ll have you rethinking your privacy game.

And for those who’ve been losing sleep over our winter challenge - we’ve got your back! Our resident puzzle master, Pedro Rodrigues (@darkcookie), is ready to lift the veil by presenting the usual write-ups and walking us through the intended solutions and happy paths.

Just a friendly reminder: this is an in-person event. Before RSVPing, please double-check that you can attend and be there in person. Good logistics rely on it!

In the meantime, you can join our Slack chat (https://bit.ly/3XbyGQu) to discuss all kinds of hackish stuff and, of course, interact with other members.

This kickoff is your ticket to starting 2025 with some serious ammunition in your testing arsenal. Don’t miss out on what’s bound to be a wild ride into the new year!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

Winter Challenge (https://oposec-winter.0x90.zone/)
Have fun, enjoy the season, and remember, collect all four flags!


Feb 27, 2025

[0x39F09FA5B3] - The Meet

Thanks to everyone who joined our first meetup of the year. It showcased how to bypass the limitations of solo hacking successfully. Nine years of 0xOPOSEC – who would’ve thought we’d make it this far without getting completely pwned?

For this anniversary bash, we’ve got a killer lineup. Rodrigo Lima (@Pengrey) is back! Remember his last hilarious talk on malware development? Prepare for another dose of insightful hacking. This time, he’s tackling the sneaky risks of client-side data filtering, revealing the “hidden” data left in the dust—all through a real-life story straight from the trenches you won’t want to miss!

But that’s not all! Duarte Monteiro (@d0kt0r), an original c0r3 member, makes a grand return to our stage. He’ll give us the lowdown on SIM card vulnerabilities, showing how OTA binary SMS and SIM card applets can be exploited. Mobile network geeks out there, this is your chance to level up!

Just a friendly reminder: this is an in-person event. Before RSVPing, please double-check that you can attend and be there in person. Good logistics rely on it!

In the meantime, you can join our Slack chat (https://bit.ly/3XbyGQu) to discuss all kinds of hackish stuff and, of course, interact with other members.

You’re the reason 0xOPOSEC is still kicking. Here’s to many more years of learning, networking, and hacking, with you at the heart of it all! 🚀

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

[Challenge]

Jenkins is a trusted automation tool, but sometimes, hidden weaknesses can expose more than they should. With careful exploration and the proper techniques, you’ll piece together the clues and uncover the flag buried within the system.

Are you ready to dig deep into one of the 2024 nightmares? Visit http://madlabs.pw:8080 and have fun!

⚠️ Note: Ping (@)SiMpS0N with the flag and play fair! Avoid making destructive changes—keeping the system intact ensures everyone enjoys the challenge.