ØxOPOSɆC
This page serves as a repository for all presentations from the Meetup.
[INIT] - The Gathering
 XXE and XEE detection by Ana Gomes
 Node.js Problems in Paradise (Demo) by Renato Rodrigues (@SiMpS0N)
 (Un)Securing Stuff with IoT by David Gouveia (@zatarra)
[0x31] - The Meet
 Bug Bounties by Miguel Regala (@fisher)
 Security Headers by Renato Rodrigues (@SiMpS0N)
 Terminal and Shell attacks: Targeting the Sysadmin (Demos) by Federico Bento (@uid1000)
[0x32] - The Meet
 ZSUN Wifi Card Reader by David Gouveia (@zatarra)
 Mobile Security in iOS by Herman Duarte (@hdontwit)
 Challenge Solution by André Baptista (@0xACB)
[0x33] - The Meet
 Lockpicking 101 by Duarte Monteiro (@d0kt0r) and Miguel Regala (@fisher)
 A hands-on approach on botnets for a learning purpose by José Pinto and João Dias
[0x34] - The Meet
 Template Injection 101 by Miguel Regala (@fisher)
 Live Streaming Security: Inner Security and Anti Leeching Tips by Joao Duarte (@Deluxor)
[0x35] - The Meet
 SSRF.. aka.. how to pierce perimeter defences like a boss!!!” by Ricardo Almeida (@vibrio)
 Hacking World 101 by Miguel Regala (@fisher)
[0x36] - The Meet
 Ransomware 101: Threats & Countermeasures by Alexandre Ferreira (@netshark)
 In Headers/ Padlocks / site Seals / CA’s we trust! by pipas
[0x37] - The Meet
 OSSIM, the Open Source Security Information Management by Alexandre Ferreira (@netshark)
 (a primer on) General Data Protection Regulation by António Pinto (@aap)
[0x38] - The Meet
 CSRF, JSON, JSONP by Dalila AL
 OSSEC 101 by Lúcio Guerra
 Poor Man’s RubberDucky by David Gouveia (@zatarra)
 Challenge Solution by Duarte Monteiro (@d0kt0r)
[0x39] - The Meet
 Is there an EFI monster inside your apple? Pedro Vilaça (@fG)
 RSA for CTF’ers (Demos) by José Sousa (@k414x) and Joana
[0x61] - The Meet
 CrackMe Up: An Introduction To Binary Reverse Engineering by André Baptista (@0xACB)
 Nagios monitoring FTW, an 11km look by Alexandre Ferreira (@netshark)
[0x62] - The Meet
 Don’t Stand So Close To Me RFID/NFC Cloning by Pedro Cabral
 Home Network Security - Tips/Tricks by Deluxor
[0x63] - The Meet
 Lessons from Billions of Breached Records by Troy Hunt
 Knock knock, who’s there? NSA! by Pedro Vilaça (@fG)
[0x64] - The Meet
 Trust issues by pushdword
 From zero to something, with HackRF by José Moreira (@zezadas)
[0x65] - The Meet
 Browsers - For better or worse… by Renato Rodrigues (@SiMpS0N)
 Risk Based Assessment in CI/CD by Duarte Duarte (@dduarte)
 Summer Challenge A (Write-up) by António Pinto (@aap)
 Summer Challenge B (Solution) by José Sousa (@k414x)
[0x66] - The Meet
 Mimi Who? (Labs) by César Silva
 The adventures of XSS payloads in strange places (PoC) by Ricardo Almeida
[0x67] - The Meet
 AP2SI Presentation by Jorge Pinto
 CERT.PT - Serviço e Estrutura by Rogério Gil Raposo
 Detecting Rogue Access Points by Anotherik
 Challenge Solution by Anotherik
[0x68] - The Meet
 Briareos, a Modular Framework for Elastic Intrusion Detection and Prevention by André Baptista (@0xACB)
 Game of Bounties by Miguel Regala (@fisher)
[0x69] - The Meet
 Cryptanalysis 101 - Breaking a password ‘hash’ by João Gil (@jack64)
 The idea of a Self-sovereignty by Pedro Coelho (@toipacoelho)
 Data Recovery in your basement 101 by Miguel Oliveira (@drug)
 Challenge Write-up (PoC)by José Sousa (@k414x)
[0x6A] - The Meet
 Fuzzing the Stock market by Duarte Monteiro (@d0kt0r)
 GDPR: the impact on how we develop and maintain our services by Ricardo Castro
 Challenge Write-up by Davide Teixeira (@davidepaalte)
[0x6B] - The Meet
 Homomorphic Encryption 101 by Rui Araújo (@ra)
 Decrypting Jobcrypter by João Gil (@jack64)
[0x6C] - The Meet
 Industry 4.0: why are we so interested in cyber security? by Armindo Carvalho
 Completely Automated Public Turing test to tell Computers and Humans Apart by David Magalhães (@speeddragon)
 Admin rights, everyone gets Admin rights! by Pedro Tarrinho (@Tarrinho)
[0x6D] - The Meet
 Bug bounties and CTFs: A new approach to Information Security by André Baptista (@0xACB)
 GSM - The wake up call by Duarte Monteiro (@d0kt0r)
[0x6E] - The Meet
 Lets play a game by Ricardo Almeida (@vibrio)
 Designing and delivering a Bug Bounty program by João Lima (@joaolima)
 0xOPOSEC Summer Challenge Write-ups:
 - By Zezadas
 - By Anotherik
 - By Zebisnaga
 - By ArmySick
[0x6F] - The Meet
 Controlling your neighbor’s lights - Dissecting ZigBee Protocol by André Garrido
 One Trick and one Treat (Short Talk) by Renato Rodrigues (@SiMpS0N)
 SDR Challenge Write-up By José Moreira (@zezadas)
[0x6G] - The Overflow
 From Crash to Win! by Guilherme Scombatti (@scombatti) and César Silva
 Using supply chain attacks for software dependencies to spread malicious code in the wild. by Preben Ver Eecke, Jelle Criel and Timothy Van Heddegem
[0x70] - The Meet
 Ataques e outros casos de Cibersegurança by António Pinto (@aap)
 Vulnerabilities in the Anda app by (@)Gustavo Silva
 Challenge Write-ups:
 - By Jpdias
 - By Vibrio
 - By ArmySick
[0x71] - The Meet
 Assuma o controlo total da sua casa numa só aplicação - EDP IoT 101 by Luís Catarino and Pedro Rodrigues (@darkcookie)
 Insecure Deserialization 101 by César Silva
 Challenge Write-up:
 - By Vibrio
[0x72] - The Meet
 How to transform security awareness into a product - an experimental approach by Anett Stoica
 Configuration Management and Security with Salt by João Valente
 Challenge Write-up:
 - By Simps0n
[0x73] - The Meet
 Internet-of-b̶r̶o̶k̶e̶n̶ -Things: A highly-opinionated overview by João Pedro Dias (@)jpdias
 Low Hanging Fruit On Android by José Moreira (@zezadas)
 Challenge Write-up:
 - By JPDias
[0x74] - The Meet
 Who are you talking to?! Analyzing Android applications with Frida by Pedro Rodrigues (@darkcookie)
 Golden Chickens & Malware-as-a-Service by Tiago Marques
 Challenge Write-up by João Morais (@jmoraissec)
[0x75] - The Meet
 Blockchain, A security perspective by António Pinto (@aap)
 Bounty Life by André Baptista (@0xACB)
 Challenge Write-up:
 - By aap
 - By JPDias
 - By Hugo Sereno
[0x76] - The Meet
 Can I haz credentials? - Using honeypots to extract passwords from live scanners by Pedro Rodrigues (@darkcookie)
 Hacking your cable modem by Local Underground Greyhat
[0x77] - The Meet
 The Fall of the Summer Challenge by (@)nunohumberto, Gustavo Pinto (@ArmySick) and César Silva
 Hacking your cable modem - Part 2 by Pedro Vilaça (@fG)
[0x78] - The Meet
 Surf the new wave! by Guilherme Scombatti (@scombatti)
 Post domain admin exploitation in Office 365 environments by Miguel Freitas (@mfbie)
 Challenge Write-up:
 - By Zezadas
[0x79] - The Meet
 Proxy Re-Encryption 101 by António Pinto (@aap)
 Let’s Get Physical! + Media by Pedro Rodrigues (@darkcookie)
 Challenge Write-up:
 - By Nuno Humberto
[0x7A] - The Meet
 4th Anniversary Celebration
 Automating Web Software Version Auditing with WVAT by Rui Alves
 Angular xsS by Rui Godinho
 Challenge Write-up:
 - Solvers
 - By Nuno Humberto
[0x0A] - The Virtual Meet
 RF Shadow Plays by Sébastien Dudek
 Challenge Write-up:
 - By Zezadas
[0x0B] - The Virtual Meet
 The approach that made me find 5 Wordpress 0days by Simon Scannell
[0x0C] - The Virtual Meet
 Get in, Drop the Implant and GTFO by David Sopas (@dsopas)
 The Fall of the Summer Challenge by Nuno Humberto
 0xOPOSEC Summer Challenge Write-ups:
 - By JPDias
[0x0D] - The Virtual Meet
 Get in, drop the implant, GTFO II by Pedro Umbelino
 Challenge Write-up:
 - By Zezadas
[0x0E] - The Virtual Meet
 Server-side browsing considered harmful by Nicolas Grégoire
 Challenge Write-up:
 - By Zezadas
[0x0F] - The Virtual Meet
 The Curious Case of a PDF and an MBR by José Moreira (@zezadas)
[0x4842443231] - The Virtual Meet
 Automated standard based security assessment for IoT by André Cirne
 Edge Side Includes Injections by Rui Godinho
 Challenge Write-up:
 - By Inês
[0xD4C3B2A1] - The Virtual Meet
 Vulnerabilidades em Equipamentos de Rede: Passado, Presente, Futuro? by Pedro Ribeiro
 Challenge Write-up:
 - By Miguel
[0x3433334d487a] - The Virtual Meet
 IO433 - From ramblings to DIY by Pedro Umbelino (@kripthor)
 Challenge Write-up:
 - By Miguel Duarte
[0x41757468] - The Virtual Meet
 (O)Auth Gone South by César Silva
[0xF09F8EA3] - The Virtual Meet
 Post-phishing automation with Muraena and NecroBrowser by Michele Orrù
 Challenge Write-up:
 - By Gustavo Pinto
[0x6B3873] - The Virtual Meet
 Kubernetes Security 101: Best Practices to Secure your Cluster by Magno Logan
[0x696E74656E743A2F2F] - The Virtual Meet
 Exploiting Deep Links in Android by Inês Martins
[0x3C6E6F7363726970743E] - The Virtual Meet
 mXSS in 2021 - One long solved problem? by Dr.-Ing. Mario Heiderich
[0x6C6461703A2F2F] - The Virtual Meet
 Pentesting Stories: From Web to DA in a few simple steps by Ricardo Almeida (@vibrio) and Gustavo Pinto (@ArmySick)
[0x6C6F63616C686F7374] - The Virtual Meet
 DNS Cache Snooping and its applications in 2̵0̵2̵1̵ 2022 by Luis Grangeia
[0x6C6F67346A] - The Virtual Meet
 Fighting Log4shell - Real Incident Walkthrough by João Morais (@jmoraissec) and David Mendes
[0x737072696E67] - The Virtual Meet
 Shifting Left at Enterprise Scale by Glenn Pegden
[0x00201A] - The Virtual Meet
 Reversing Computer Peripherals - Free your Keyboard, Unleash the Colors by José Moreira (@zezadas)
[0x636C6173734C6F61646572] - The Virtual Meet
 Spring4Shell - A Deep Dive by Pedro Ribeiro
[0x54504D] - The Virtual Meet
 Breaking Azure AD joined endpoints in zero-trust environments by Dirk-jan Mollema
[0x49524C] - The Meet
 Ring! Ring! Who’s there? Your data. by David Sopas (@dsopas) and João Morais (@jmoraissec)
 The Fall of the Summer Challenge by Pedro Rodrigues (@darkcookie)
[0x584D4153] - The Meet
 OWASP SAMM: Thoughts and Experiences by Duarte Monteiro (@d0kt0r)
 Rooting Devices && Prank Your Friends by José Moreira (@zezadas)
[0x4F53494E54] - The Meet
 OSINT - Beware. Your data is out there by Pedro Vieira (Shell5)
 Once Upon a Time a Xmas Challenge by The Crew
[0x5245636F6C6C61707365] - The Meet
 Till REcollapse: Fuzzing the Web for Mysterious Bugs by André Baptista (@0xACB)
 Celebrating 7 years of sharing! by Renato Rodrigues (@SiMpS0N)
[0x582D526179] - The Meet
 The fine line between sharing and oversharing by Guilherme Scombatti (@scombatti)
 Reversing my way into an infostealer Telegram chat group by Miguel Freitas (@mfbie)
[0x73656D67726570] - The Meet
 Semgrep: The Open Source Tool for Finding Vulnerable Code by Duarte Duarte (@dduarte)
 Av3rMed1a liberation story by José Moreira (@zezadas)
ØxOPOSɆCHack Day!
[0x6261636B] - The Meet
 Butchering The Pig Butchers by Miguel Santareno (@MiguelSantareno)
 The Fall of the Summer Challenge by Renato Rodrigues (@SiMpS0N)
[0x73706F6F6B79] - The Meet
 Beyond Directories - Breaking APIs by Guilherme Scombatti (@scombatti)
 WiFi is Your Perimeter Too by Pedro Rodrigues (@darkcookie)
[0x53414D58] - The Meet
 Prototype Pollution by Renato Rodrigues (@SiMpS0N)
 Where’s the flag? Reverse engineering Flare On #12 Virtual Machine by Pedro Vilaça (@fG)
 Challenge Write-up:
 - By Miguel Santareno
[0x696E69743234] - The Meet
 Hardware Chips and Security by Jean François Mousinho (@jemos)
 The Fall of the Xmas Challenge by Gustavo Pinto (@ArmySick)
[0x4F766572313021] - The Meet
 Celebrating 8 years of sharing! by Renato Rodrigues (@SiMpS0N)
 How I stay hidden in your network by Mario Lima (@comet)
 Abusing Windows Privileged File Operations by Ricardo Almeida (@vibrio)
[0x626F6F74686F6C65] - The Meet
 Test Drive - The Challenges of Race Conditions in Security Testing by Bruno Caseiro (@Bruno Caseiro)
 Unpatchable arbitrary code execution on the NVIDIA Tegra X1 SoC (and the Nintendo Switch) by Marco Carneiro (@quietsolitude)
 Challenge Write-up by Nuno Humberto (@nunohumberto)
[0x626C6F6F6D] - The Meet
 Helium Data Recovery and Wild Wild West SSD Techniques by Miguel Oliveira (@datadrug)
 A Collection of Great Security Issues by Nuno Humberto (@nunohumberto)
[0x2E2E2F2E2E2F76343034] - The Meet
 Unlocking obsolescence: exploiting vulnerabilities to extend system’s longevity by João Pedro Dias (@jpdias)
 A Bug Bounty Journey by Guilherme Scombatti (@scombatti)
[0x496E666563746564] - The Meet
 Turnkey Code – Enhancing Secrets Management in Large Scale Organizations by Diogo Lemos (@Diogo Lemos)
 Modern Malware Development by Rodrigo Lima (@Pengrey)
[0x636F6D656261636B] - The Meet
 We build it up, to bring it back down by Pedro Rodrigues (@darkcookie)
 The Fall of the Summer Challenge by Gustavo Pinto (@ArmySick)
[0x50574E5F46545721] - The Meet
 Sandbox Escape: Achieving Arbitrary Code Execution by (@)Duarte Santos
 A Story Behind a Compromised Domain by Tiago Dias (@td00k) and Renato Cruz (@b1tch0k3r)
[0x454F4632303234] - The Meet
 LLMs, BOLA and other Authorization Problems: a Dissertation Story by Eunice Juliana Amorim (@0xbugphant)
 Rescuing the FLARE Intergalactic HQ with Linux forensic analysis aka 2024’s Flare-On #5! by Pedro Vilaça (@fG)
[0x76392E393939] - The Meet
 A Brief History of the Playstation Scenes by José Coixão (@José Coixão)
 The Parking Chronicles - A DIY Guide to Controller Detection by David Sopas (@dsopas)
 The End of the Winter Challenge by Pedro Rodrigues (@darkcookie)
[0x39F09FA5B3] - The Meet
 Celebrating 9 years of sharing! by Renato Rodrigues (@SiMpS0N)
 The Bad Side Of Client Side by Rodrigo Lima (@Pengrey)
 Over-the-Air, Under-the-Radar: SIM Card Exploits Overview by Duarte Monteiro (@d0kt0r)
[0x48695F4D617374657221] - The Meet
 No Bluesh*t - A keynote about building a decent SOC by Miguel Freitas (@mbie)
 Breaking the Bot by Guilherme Scombatti (@scombatti)
 Challenge Write-Up by Ricardo Almeida by Ricardo Almeida (@vibrio)
[0x5F7375625F41414141] - The Meet
 Private Business, Public Fallout: How OSINT Took Down Portugal’s Government by Pedro Vieira (@Shell5)
 Maybe Cracking the Crackers - Is Cyber war real? by Pedro Vilaça (@fG)
 Challenge Write-Up by João Morais by João Morais (@jmoraissec)
[0x2428736332352D646F776E29] - The Meet
 Compromising Chrome extensions for passive income by Miguel Freitas (@mbie)
 The Fall of the Summer Challenge by Nuno Humberto (@nunohumberto)