Are you sure about losing your spot?
Don't forget that if you change your rsvp status, you may need to join event waiting list.
![[0x3433312D6C333374] - The Meet](https://media.kommunity.com/communities/0xoposec/events/0x3433312d6c333374-25bc2d39/83051/0x3433312d6c333374-the-me.jpeg?p=event-640)
About
[0x3433312D6C333374] - The Meet
Hello 2026!
The new year is here, and we're kicking it off with our first meetup of the year, ready to push limits, explore the unknown, and dive straight into hack mode. Calendars may roll over, but our appetite for learning, sharing knowledge, and challenging ourselves is still fully armed and running hot.
To kick things off, João Marono (@r0n0) will explore how modern tooling and infrastructure, while powerful and convenient, can sometimes hide surprising trust assumptions beneath the surface. You'll see how internal DNS, certificate trust, and Git integrations interact in complex ways, and how attackers can exploit them. By the end of the session, you will not want to miss practical takeaways on reducing risk and why thinking beyond the "intended" use of technology is so important.
And if you still need more, Rafael Castilho (@castilho) will guide us through the unexpected ways systems behave when pushed to their limits. You'll see how seemingly "small" or harmless quirks can snowball into real-world security issues. Rafael will showcase research revealing how server size limits or unexpected error behavior can turn a simple XSS flaw into something far more serious. To close, you'll understand the underlying web mechanisms and how different components interact to create real edge-case behaviors.
Just a friendly reminder, this is an in-person event. Before RSVPing, please double-check that you can attend and be there in person. Good logistics rely on it!
In the meantime, you can join our Slack chat (https://bit.ly/3XbyGQu) to discuss all kinds of hackish stuff and, of course, interact with other members.
Don't miss out. Your FOMO will be justified if you are looking to level up your security game.
[Goals]
Learn something new, get to know other g33ks, and, the most important thing, have fun.
[Agenda]
- "Stealing the keys from the octopus: Exfiltrate Git Credentials in Argocd" (PT/EN) by João Marono (@r0n0)
- "Scream at It Until It Escalates" (PT/EN) by Rafael Castilho (@castilho)
[Challenge]
What goes around comes around!
URL: https://crimson.0x90.zone/
Have fun and drop the flag to (@)darkcookie
Read More
Comments
No comments yet. Be the first to comment!
[0x3433312D6C333374] - The Meet
Tuesday, January 27, 2026
6:00 PM - 8:00 PM
Registration
2 seats left
+108 people going
