[0x0E] - The Virtual Meet
Details
[0x0E] - The Virtual Meet
Messy 2020 is drawing to a close (and maybe that's a good thing). Looking on the bright side, we managed to stick together through all this adversity, and we kept sharing our tricks of the trade. We still have one last trick up our sleeves that will knock your socks off. That's right, the 7th and final meetup of the year is upon us, and we have a bundle of goodies coming your way. It's only fair. You deserve it!
Exceptional times call for exceptional sessions, and it is exactly what you will get! We are proud to announce that we have the honor and pleasure to have Nicolas Grégoire (@Agarri_FR) among us presenting one of his favorite vulnerability classes in his epic talk "Server-side browsing considered harmful".
Nicolas Grégoire is a well-known security researcher with remarkable work in the web security field. If you have been digging the XML, XSLT, or SSRF world, he is undoubtedly no stranger to you. Besides being a speaker at several key security conferences, he shares his knowledge via excellent blog posts and outstanding publications. You can also find him sharing his top-notch tips and tricks at @MasteringBurp. In the last few years, he has dedicated his time to deliver one of the most reliable web security training sessions - "Mastering Burp Suite Pro: 100% Hands-On".
We're sure you will not want to miss out on the opportunity to meet him and spend quality time learning something new. Don't be a stranger. You are more than welcome to drop by.
In the meantime, you can join our Slack chat (https://oposec.herokuapp.com/) to discuss all kind of hackish stuff and, of course, interact with other members.
Hope to see you soon!
[Goals]
Learn something new, get to know other g33ks, and, the most important thing, have fun.
[Agenda]
- "Server-side browsing considered harmful" (EN) by Nicolas Grégoire
Note: And the usual challenge write-up.
[Challenge]
The last mission was a success, and the government forces gave us another project, the information is short, but we know that we are on the path of the 0xOPOLEAKS. We think this is somehow related to mobile communications, can you help us?
File: //sefod.eu/ctf/signal.wav
If you get the juicy content, please ping (@)zezadas (with the flag!).