[0x6E7972656728716562617229] - The Meet

No time to stop. After another great session packed with AI automation, practical insights, and eye-opening content, we keep pushing forward. May brings a fresh round of deep dives into how modern systems work, fail, and can be abused. Trust us, this will be another event where you'll want to keep your notebook close by.

To kick things off, Dinis Costa (@varanda)  jumps from the audience to the front line for the first time, taking us into the world of iframe abuse, Same-Origin Policy quirks, and the infamous "iframe sandwich". From theory to a real-world Account Takeover case, the talk will break down how seemingly harmless browser behaviors can become powerful attack vectors, culminating in a live demo showing the full exploitation path in action.

Still hungry for more? Good.

Back on our stage, Duarte Monteiro (@d0kt0r), a longtime community veteran still on active duty, will guide us through a practical approach to threat modeling unmanned aerial systems, mapping trust zones across physical, airborne, RF, and cloud trust zones. From onboard systems and ground control stations to LTE/satellite links and remote infrastructure, the talk explores how modern drone ecosystems expose critical pathways that defenders can no longer ignore.

Just a friendly reminder, this is an in-person event. Before RSVPing, please double-check that you can attend and be there in person. Good logistics rely on it!

In the meantime, you can join our Slack chat to discuss all kinds of hackish stuff and, of course, interact with other members.

Don't miss out. Your FOMO will be justified if you are looking to level up your security game.

[Goals]

Learn something new, get to know other g33ks, and, the most important thing, have fun.

[Agenda]

- "From Out-Of-Scope XSS to Account Takeover: The iFrame Sandwich" (PT/EN) by Dinis Costa (@varanda)

- "Trust Zones Above Ground: Threat Modeling UAV Platforms" (PT/EN) by Duarte Monteiro (@d0kt0r)

[Challenge]

AI Everywhere!

URL: http://madlabs.pw

Find the flag, ping @simps0n, and most importantly, have fun!