ØxＯＰＯＳɆＣ

This page serves as a repository for all presentations from the Meetup.

[INIT] - The Gathering
XXE and XEE detection by Ana Gomes
Node.js Problems in Paradise (Demo) by Renato Rodrigues (@SiMpS0N)
(Un)Securing Stuff with IoT by David Gouveia (@zatarra)

[0x31] - The Meet
Bug Bounties by Miguel Regala (@fisher)
Security Headers by Renato Rodrigues (@SiMpS0N)
Terminal and Shell attacks: Targeting the Sysadmin (Demos) by Federico Bento (@uid1000)

[0x32] - The Meet
ZSUN Wifi Card Reader by David Gouveia (@zatarra)
Mobile Security in iOS by Herman Duarte (@hdontwit)
Challenge Solution by André Baptista (@0xACB)

[0x33] - The Meet
Lockpicking 101 by Duarte Monteiro (@d0kt0r) and Miguel Regala (@fisher)
A hands-on approach on botnets for a learning purpose by José Pinto and João Dias

[0x34] - The Meet
Template Injection 101 by Miguel Regala (@fisher)
Live Streaming Security: Inner Security and Anti Leeching Tips by Joao Duarte (@Deluxor)

[0x35] - The Meet
SSRF.. aka.. how to pierce perimeter defences like a boss!!!” by Ricardo Almeida (@vibrio)
Hacking World 101 by Miguel Regala (@fisher)

[0x36] - The Meet
Ransomware 101: Threats & Countermeasures by Alexandre Ferreira (@netshark)
In Headers/ Padlocks / site Seals / CA’s we trust! by pipas

[0x37] - The Meet
OSSIM, the Open Source Security Information Management by Alexandre Ferreira (@netshark)
(a primer on) General Data Protection Regulation by António Pinto (@aap)

[0x38] - The Meet
CSRF, JSON, JSONP by Dalila AL
OSSEC 101 by Lúcio Guerra
Poor Man’s RubberDucky by David Gouveia (@zatarra)
Challenge Solution by Duarte Monteiro (@d0kt0r)

[0x39] - The Meet
Is there an EFI monster inside your apple? Pedro Vilaça (@fG)
RSA for CTF’ers (Demos) by José Sousa (@k414x) and Joana

[0x61] - The Meet
CrackMe Up: An Introduction To Binary Reverse Engineering by André Baptista (@0xACB)
Nagios monitoring FTW, an 11km look by Alexandre Ferreira (@netshark)

[0x62] - The Meet
Don’t Stand So Close To Me RFID/NFC Cloning by Pedro Cabral
Home Network Security - Tips/Tricks by Deluxor

[0x63] - The Meet
Lessons from Billions of Breached Records by Troy Hunt
Knock knock, who’s there? NSA! by Pedro Vilaça (@fG)

[0x64] - The Meet
Trust issues by pushdword
From zero to something, with HackRF by José Moreira (@zezadas)

[0x65] - The Meet
Browsers - For better or worse… by Renato Rodrigues (@SiMpS0N)
Risk Based Assessment in CI/CD by Duarte Duarte (@dduarte)
Summer Challenge A (Write-up) by António Pinto (@aap)
Summer Challenge B (Solution) by José Sousa (@k414x)

[0x66] - The Meet
Mimi Who? (Labs) by César Silva
The adventures of XSS payloads in strange places (PoC) by Ricardo Almeida

[0x67] - The Meet
AP2SI Presentation by Jorge Pinto
CERT.PT - Serviço e Estrutura by Rogério Gil Raposo
Detecting Rogue Access Points by Anotherik
Challenge Solution by Anotherik

[0x68] - The Meet
Briareos, a Modular Framework for Elastic Intrusion Detection and Prevention by André Baptista (@0xACB)
Game of Bounties by Miguel Regala (@fisher)

[0x69] - The Meet
Cryptanalysis 101 - Breaking a password ‘hash’ by João Gil (@jack64)
The idea of a Self-sovereignty by Pedro Coelho (@toipacoelho)
Data Recovery in your basement 101 by Miguel Oliveira (@drug)
Challenge Write-up (PoC)by José Sousa (@k414x)

[0x6A] - The Meet
Fuzzing the Stock market by Duarte Monteiro (@d0kt0r)
GDPR: the impact on how we develop and maintain our services by Ricardo Castro
Challenge Write-up by Davide Teixeira (@davidepaalte)

[0x6B] - The Meet
Homomorphic Encryption 101 by Rui Araújo (@ra)
Decrypting Jobcrypter by João Gil (@jack64)

[0x6C] - The Meet
Industry 4.0: why are we so interested in cyber security? by Armindo Carvalho
Completely Automated Public Turing test to tell Computers and Humans Apart by David Magalhães (@speeddragon)
Admin rights, everyone gets Admin rights! by Pedro Tarrinho (@Tarrinho)

[0x6D] - The Meet
Bug bounties and CTFs: A new approach to Information Security by André Baptista (@0xACB)
GSM - The wake up call by Duarte Monteiro (@d0kt0r)

[0x6E] - The Meet
Lets play a game by Ricardo Almeida (@vibrio)
Designing and delivering a Bug Bounty program by João Lima (@joaolima)
0xOPOSEC Summer Challenge Write-ups:
- By Zezadas
- By Anotherik
- By Zebisnaga
- By ArmySick

[0x6F] - The Meet
Controlling your neighbor’s lights - Dissecting ZigBee Protocol by André Garrido
One Trick and one Treat (Short Talk) by Renato Rodrigues (@SiMpS0N)
SDR Challenge Write-up By José Moreira (@zezadas)

[0x6G] - The Overflow
From Crash to Win! by Guilherme Scombatti (@scombatti) and César Silva
Using supply chain attacks for software dependencies to spread malicious code in the wild. by Preben Ver Eecke, Jelle Criel and Timothy Van Heddegem

[0x70] - The Meet
Ataques e outros casos de Cibersegurança by António Pinto (@aap)
Vulnerabilities in the Anda app by (@)Gustavo Silva
Challenge Write-ups:
- By Jpdias
- By Vibrio
- By ArmySick

[0x71] - The Meet
Assuma o controlo total da sua casa numa só aplicação - EDP IoT 101 by Luís Catarino and Pedro Rodrigues (@darkcookie)
Insecure Deserialization 101 by César Silva
Challenge Write-up:
- By Vibrio

[0x72] - The Meet
How to transform security awareness into a product - an experimental approach by Anett Stoica
Configuration Management and Security with Salt by João Valente
Challenge Write-up:
- By Simps0n

[0x73] - The Meet
Internet-of-b̶r̶o̶k̶e̶n̶ -Things: A highly-opinionated overview by João Pedro Dias (@)jpdias
Low Hanging Fruit On Android by José Moreira (@zezadas)
Challenge Write-up:
- By JPDias

[0x74] - The Meet
Who are you talking to?! Analyzing Android applications with Frida by Pedro Rodrigues (@darkcookie)
Golden Chickens & Malware-as-a-Service by Tiago Marques
Challenge Write-up by João Morais (@jmoraissec)

[0x75] - The Meet
Blockchain, A security perspective by António Pinto (@aap)
Bounty Life by André Baptista (@0xACB)
Challenge Write-up:
- By aap
- By JPDias
- By Hugo Sereno

[0x76] - The Meet
Can I haz credentials? - Using honeypots to extract passwords from live scanners by Pedro Rodrigues (@darkcookie)
Hacking your cable modem by Local Underground Greyhat

[0x77] - The Meet
The Fall of the Summer Challenge by (@)nunohumberto, Gustavo Pinto (@ArmySick) and César Silva
Hacking your cable modem - Part 2 by Pedro Vilaça (@fG)

[0x78] - The Meet
Surf the new wave! by Guilherme Scombatti (@scombatti)
Post domain admin exploitation in Office 365 environments by Miguel Freitas (@mfbie)
Challenge Write-up:
- By Zezadas

[0x79] - The Meet
Proxy Re-Encryption 101 by António Pinto (@aap)
Let’s Get Physical! + Media by Pedro Rodrigues (@darkcookie)
Challenge Write-up:
- By Nuno Humberto

[0x7A] - The Meet
4th Anniversary Celebration
Automating Web Software Version Auditing with WVAT by Rui Alves
Angular xsS by Rui Godinho
Challenge Write-up:
- Solvers
- By Nuno Humberto

[0x0A] - The Virtual Meet
RF Shadow Plays by Sébastien Dudek
Challenge Write-up:
- By Zezadas

[0x0B] - The Virtual Meet
The approach that made me find 5 Wordpress 0days by Simon Scannell

[0x0C] - The Virtual Meet
Get in, Drop the Implant and GTFO by David Sopas (@dsopas)
The Fall of the Summer Challenge by Nuno Humberto
0xOPOSEC Summer Challenge Write-ups:
- By JPDias

[0x0D] - The Virtual Meet
Get in, drop the implant, GTFO II by Pedro Umbelino
Challenge Write-up:
- By Zezadas

[0x0E] - The Virtual Meet
Server-side browsing considered harmful by Nicolas Grégoire
Challenge Write-up:
- By Zezadas

[0x0F] - The Virtual Meet
The Curious Case of a PDF and an MBR by José Moreira (@zezadas)

[0x4842443231] - The Virtual Meet
Automated standard based security assessment for IoT by André Cirne
Edge Side Includes Injections by Rui Godinho
Challenge Write-up:
- By Inês

[0xD4C3B2A1] - The Virtual Meet
Vulnerabilidades em Equipamentos de Rede: Passado, Presente, Futuro? by Pedro Ribeiro
Challenge Write-up:
- By Miguel

[0x3433334d487a] - The Virtual Meet
IO433 - From ramblings to DIY by Pedro Umbelino (@kripthor)
Challenge Write-up:
- By Miguel Duarte

[0x41757468] - The Virtual Meet
(O)Auth Gone South by César Silva

[0xF09F8EA3] - The Virtual Meet
Post-phishing automation with Muraena and NecroBrowser by Michele Orrù
Challenge Write-up:
- By Gustavo Pinto

[0x6B3873] - The Virtual Meet
Kubernetes Security 101: Best Practices to Secure your Cluster by Magno Logan

[0x696E74656E743A2F2F] - The Virtual Meet
Exploiting Deep Links in Android by Inês Martins

[0x3C6E6F7363726970743E] - The Virtual Meet
mXSS in 2021 - One long solved problem? by Dr.-Ing. Mario Heiderich

[0x6C6461703A2F2F] - The Virtual Meet
Pentesting Stories: From Web to DA in a few simple steps by Ricardo Almeida (@vibrio) and Gustavo Pinto (@ArmySick)

[0x6C6F63616C686F7374] - The Virtual Meet
DNS Cache Snooping and its applications in 2̵0̵2̵1̵ 2022 by Luis Grangeia

[0x6C6F67346A] - The Virtual Meet
Fighting Log4shell - Real Incident Walkthrough by João Morais (@jmoraissec) and David Mendes

[0x737072696E67] - The Virtual Meet
Shifting Left at Enterprise Scale by Glenn Pegden

[0x00201A] - The Virtual Meet
Reversing Computer Peripherals - Free your Keyboard, Unleash the Colors by José Moreira (@zezadas)

[0x636C6173734C6F61646572] - The Virtual Meet
Spring4Shell - A Deep Dive by Pedro Ribeiro

[0x54504D] - The Virtual Meet
Breaking Azure AD joined endpoints in zero-trust environments by Dirk-jan Mollema

[0x49524C] - The Meet
Ring! Ring! Who’s there? Your data. by David Sopas (@dsopas) and João Morais (@jmoraissec)
The Fall of the Summer Challenge by Pedro Rodrigues (@darkcookie)

[0x584D4153] - The Meet
OWASP SAMM: Thoughts and Experiences by Duarte Monteiro (@d0kt0r)
Rooting Devices && Prank Your Friends by José Moreira (@zezadas)

[0x4F53494E54] - The Meet
OSINT - Beware. Your data is out there by Pedro Vieira (Shell5)
Once Upon a Time a Xmas Challenge by The Crew

[0x5245636F6C6C61707365] - The Meet
Till REcollapse: Fuzzing the Web for Mysterious Bugs by André Baptista (@0xACB)
Celebrating 7 years of sharing! by Renato Rodrigues (@SiMpS0N)

[0x582D526179] - The Meet
The fine line between sharing and oversharing by Guilherme Scombatti (@scombatti)
Reversing my way into an infostealer Telegram chat group by Miguel Freitas (@mfbie)

[0x73656D67726570] - The Meet
Semgrep: The Open Source Tool for Finding Vulnerable Code by Duarte Duarte (@dduarte)
Av3rMed1a liberation story by José Moreira (@zezadas)

ØxＯＰＯＳɆＣHack Day!

[0x6261636B] - The Meet
Butchering The Pig Butchers by Miguel Santareno (@MiguelSantareno)
The Fall of the Summer Challenge by Renato Rodrigues (@SiMpS0N)

[0x73706F6F6B79] - The Meet
Beyond Directories - Breaking APIs by Guilherme Scombatti (@scombatti)
WiFi is Your Perimeter Too by Pedro Rodrigues (@darkcookie)

[0x53414D58] - The Meet
Prototype Pollution by Renato Rodrigues (@SiMpS0N)
Where’s the flag? Reverse engineering Flare On #12 Virtual Machine by Pedro Vilaça (@fG)
Challenge Write-up:
- By Miguel Santareno

[0x696E69743234] - The Meet
Hardware Chips and Security by Jean François Mousinho (@jemos)
The Fall of the Xmas Challenge by Gustavo Pinto (@ArmySick)

[0x4F766572313021] - The Meet
Celebrating 8 years of sharing! by Renato Rodrigues (@SiMpS0N)
How I stay hidden in your network by Mario Lima (@comet)
Abusing Windows Privileged File Operations by Ricardo Almeida (@vibrio)

[0x626F6F74686F6C65] - The Meet
Test Drive - The Challenges of Race Conditions in Security Testing by Bruno Caseiro (@Bruno Caseiro)
Unpatchable arbitrary code execution on the NVIDIA Tegra X1 SoC (and the Nintendo Switch) by Marco Carneiro (@quietsolitude)
Challenge Write-up by Nuno Humberto (@nunohumberto)

[0x626C6F6F6D] - The Meet
Helium Data Recovery and Wild Wild West SSD Techniques by Miguel Oliveira (@datadrug)
A Collection of Great Security Issues by Nuno Humberto (@nunohumberto)

[0x2E2E2F2E2E2F76343034] - The Meet
Unlocking obsolescence: exploiting vulnerabilities to extend system’s longevity by João Pedro Dias (@jpdias)
A Bug Bounty Journey by Guilherme Scombatti (@scombatti)

[0x496E666563746564] - The Meet
Turnkey Code – Enhancing Secrets Management in Large Scale Organizations by Diogo Lemos (@Diogo Lemos)
Modern Malware Development by Rodrigo Lima (@Pengrey)

[0x636F6D656261636B] - The Meet
We build it up, to bring it back down by Pedro Rodrigues (@darkcookie)
The Fall of the Summer Challenge by Gustavo Pinto (@ArmySick)

[0x50574E5F46545721] - The Meet
Sandbox Escape: Achieving Arbitrary Code Execution by (@)Duarte Santos
A Story Behind a Compromised Domain by Tiago Dias (@td00k) and Renato Cruz (@b1tch0k3r)