[0x50574E5F46545721] - The Meet

Buckle up, folks! We've cooked up an autumn event to give you the boost to end the year on a high note and that's bound to have you on the edge of your seat.

First up, we've got (@)Duarte Santos ready to take us on a wild ride into the world of shattered sandboxes. Are you a Python aficionado? Think those fancy sandboxes can keep you safe? Brace yourself as Duarte guides us to Remote Code Execution glory, breaking down key CVEs and showcasing the clever tricks that made it all possible.

There's more! If you're more of a corporate crusader and Active Directory is the backbone of your empire, get ready for a masterclass from Tiago Dias (@)td00k and Renato Cruz (@)b1tch0k3r. These two have been busy compromising AD domains using the Golden Certificate attack path, and they're ready to spill all the juicy details. Be sure to grab your notepads.

Secure your spot now – this spooky bag of tricks is your ticket to leveling up your game in a big way.

In the meantime, you can join our Slack chat (https://bit.ly/3XbyGQu) to discuss all kinds of hackish stuff and, of course, interact with other members.

Hope to see you soon!

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

- "Sandbox Escape: Achieving Arbitrary Code Execution" (PT/EN) by (@)Duarte Santos

- "A Story Behind a Compromised Domain" (PT/EN) by Tiago Dias (@td00k) and Renato Cruz (@b1tch0k3r)
 

[Challenge]

Somewhere in the environment variables, something's lying low, waiting for the right moment to disrupt things; one wrong move and unexpected behavior could be triggered.

URL: http://butwhy.0d.al

Grab the flag{...} and ping @simps0n!