From 545f782aa014b8e5fe9781802e73b40e7fbe17d1 Mon Sep 17 00:00:00 2001 From: Alpastx Date: Mon, 15 Dec 2025 15:29:19 +0530 Subject: [PATCH 1/5] docs: add summary for OTC CatchUp #262 --- summary/sessions/262/attendees.adoc | 10 +++++++ summary/sessions/262/content.adoc | 42 +++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 summary/sessions/262/attendees.adoc create mode 100644 summary/sessions/262/content.adoc diff --git a/summary/sessions/262/attendees.adoc b/summary/sessions/262/attendees.adoc new file mode 100644 index 0000000..ccf0246 --- /dev/null +++ b/summary/sessions/262/attendees.adoc @@ -0,0 +1,10 @@ +==== Attendees + +. link:https://x.com/Alpastx[Alpesh Bhagwatkar^] +. link:https://twitter.com/bhavesh878789[Bhavesh Kukreja^] +. link:https://twitter.com/furtado_jaden[Jaden Furtado^] +. Chirag +. Janvi Matani +. LUEE KASAUDHAN +. Rehan Shaikh +. Suyash Purwar diff --git a/summary/sessions/262/content.adoc b/summary/sessions/262/content.adoc new file mode 100644 index 0000000..41140f3 --- /dev/null +++ b/summary/sessions/262/content.adoc @@ -0,0 +1,42 @@ +Date: 16-11-2025 + +Duration: 2 hrs 30 mins + +==== Topics Discussed + +* Round of introductions. + ** Suyash Purwar introduced himself. He graduated from LPU this year and is currently working at HackerRank. He shared his experience at LPU, mentioning that the hacker culture wasn't great there and he couldn't find many geeks to gel with. He got his internship after his 5th semester and has been working since. + ** Janvi Matani asked for advice on finding internships as a 2nd year IT student. + *** Suyash and others suggested targeting small startups and reaching out directly to founders on LinkedIn rather than relying on job portals like Internshala. +* Rehan Shaikh talked about his work as a junior penetration tester at TCS in the BFSI (Banking, Financial Services and Insurance) vertical. + ** He mentioned TCS recently lost the Marks and Spencer contract. + ** Discussed the freedom in his team checking in, checking out, and working independently on pen testing projects. +* Alpesh Bhagwatkar mentioned the new Android PixNapping vulnerability (CVE-2025-48561). + ** It's a hardware-based vulnerability where malicious apps can steal OAuth keys without user interaction by layering intents. + ** Google decided not to fix it until 2026. + ** link:https://www.malwarebytes.com/blog/news/2025/10/pixel-stealing-pixnapping-attack-targets-android-devices[PixNapping Attack Blog^] +* Discussion about NSO's Pegasus spyware and the incredible techniques used. + ** Rehan shared the Google Project Zero article about how Pegasus exploited iMessage using Turing machine principles to create a virtual machine inside iMessage. + ** link:https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html[Google Project Zero: NSO Zero-Click Deep Dive^] +* Discussion about vibe coding with brain waves. + ** A new technology that reads alpha/gamma brain waves through a headset and uses LLM to generate code based on what you're thinking. + ** link:https://www.youtube.com/watch?v=4bQ2qhfJUjA[Coding with Brain Waves Video^] +* Rehan shared about the Operating System series by Adhokshaj Mishra. + ** Back to basics lectures covering OS fundamentals, focusing on understanding why certain designs were chosen rather than just definitions. + ** Adhokshaj has built his own OS and created a programming language in Sanskrit. + ** link:https://breachforce.net/series/os-intro[OS Introduction Series^] + ** link:https://www.linkedin.com/in/adhokshajmishra/[Adhokshaj Mishra's LinkedIn^] +* Jaden explained what eBPF is. + ** It's like an API for running code at the kernel level, allowing operations that would normally require kernel drivers. + ** Useful for network packet filtering and kernel-level operations without the overhead of traditional syscalls. +* Discussion about the difference between syscall wrappers (glibc) and actual syscalls. + ** Glibc wrappers like `open()` use variadic arguments (the `...` syntax in C) to provide flexibility. + ** The wrapper handles default parameters and then calls the actual syscall. +* Chirag joined and discussed his work. + ** Talked about the difference between product companies and consulting firms for sales engineers. + ** His daily work involves gathering customer requirements for cloud migration and designing proposals. +* Shared resources: + ** link:https://lwn.net/Kernel/Index/[LWN Kernel Index^] + ** link:https://livegrep.com/search/linux[Live Grep Linux Kernel Search^] + ** link:https://academy.hackthebox.com/preview/certifications/htb-certified-penetration-testing-specialist[HTB CPTS Certification^] + ** link:https://www.youtube.com/watch?v=BM62xi4FE3c[ELF Parsing by Harsh Kapadia^] From debf034a29cbe4f5f749bff94dc554f564b872bf Mon Sep 17 00:00:00 2001 From: Alpastx Date: Tue, 16 Dec 2025 22:24:48 +0530 Subject: [PATCH 2/5] docs: add summary for OTC CatchUp #262 corrections --- summary/sessions/262/content.adoc | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/summary/sessions/262/content.adoc b/summary/sessions/262/content.adoc index 41140f3..4830fbe 100644 --- a/summary/sessions/262/content.adoc +++ b/summary/sessions/262/content.adoc @@ -1,15 +1,14 @@ -Date: 16-11-2025 +Date: 15-11-2025 Duration: 2 hrs 30 mins ==== Topics Discussed * Round of introductions. - ** Suyash Purwar introduced himself. He graduated from LPU this year and is currently working at HackerRank. He shared his experience at LPU, mentioning that the hacker culture wasn't great there and he couldn't find many geeks to gel with. He got his internship after his 5th semester and has been working since. + ** Suyash Purwar introduced himself mentioning he works at HackerRank as he was promoted to a full time employee after his internship which he got in 5th sem. ** Janvi Matani asked for advice on finding internships as a 2nd year IT student. *** Suyash and others suggested targeting small startups and reaching out directly to founders on LinkedIn rather than relying on job portals like Internshala. * Rehan Shaikh talked about his work as a junior penetration tester at TCS in the BFSI (Banking, Financial Services and Insurance) vertical. - ** He mentioned TCS recently lost the Marks and Spencer contract. ** Discussed the freedom in his team checking in, checking out, and working independently on pen testing projects. * Alpesh Bhagwatkar mentioned the new Android PixNapping vulnerability (CVE-2025-48561). ** It's a hardware-based vulnerability where malicious apps can steal OAuth keys without user interaction by layering intents. @@ -20,12 +19,12 @@ Duration: 2 hrs 30 mins ** link:https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html[Google Project Zero: NSO Zero-Click Deep Dive^] * Discussion about vibe coding with brain waves. ** A new technology that reads alpha/gamma brain waves through a headset and uses LLM to generate code based on what you're thinking. - ** link:https://www.youtube.com/watch?v=4bQ2qhfJUjA[Coding with Brain Waves Video^] + ** link:https://www.youtube.com/watch?v=4bQ2qhfJUjA[This neural interface writes code from my brain waves… By Fireship^] * Rehan shared about the Operating System series by Adhokshaj Mishra. ** Back to basics lectures covering OS fundamentals, focusing on understanding why certain designs were chosen rather than just definitions. ** Adhokshaj has built his own OS and created a programming language in Sanskrit. ** link:https://breachforce.net/series/os-intro[OS Introduction Series^] - ** link:https://www.linkedin.com/in/adhokshajmishra/[Adhokshaj Mishra's LinkedIn^] + ** link:https://www.linkedin.com/in/adhokshajmishra[Adhokshaj Mishra's LinkedIn^] * Jaden explained what eBPF is. ** It's like an API for running code at the kernel level, allowing operations that would normally require kernel drivers. ** Useful for network packet filtering and kernel-level operations without the overhead of traditional syscalls. From c60638f85acc58e64b55be1b93625d67bb818dd3 Mon Sep 17 00:00:00 2001 From: Alpastx Date: Tue, 16 Dec 2025 22:37:14 +0530 Subject: [PATCH 3/5] docs: add summary for OTC CatchUp #262 : added config --- summary/sessions/262/config | 1 + 1 file changed, 1 insertion(+) create mode 100644 summary/sessions/262/config diff --git a/summary/sessions/262/config b/summary/sessions/262/config new file mode 100644 index 0000000..1a3209e --- /dev/null +++ b/summary/sessions/262/config @@ -0,0 +1 @@ +catchup_config_noimage=1 From 19650bb811fd9c1570d9a5f2960a20066c795288 Mon Sep 17 00:00:00 2001 From: Alpastx Date: Thu, 18 Dec 2025 20:08:03 +0530 Subject: [PATCH 4/5] docs: add summary for OTC CatchUp #262 : added configv2 --- summary/sessions/262/content.adoc | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/summary/sessions/262/content.adoc b/summary/sessions/262/content.adoc index 4830fbe..93353f7 100644 --- a/summary/sessions/262/content.adoc +++ b/summary/sessions/262/content.adoc @@ -4,10 +4,9 @@ Duration: 2 hrs 30 mins ==== Topics Discussed -* Round of introductions. - ** Suyash Purwar introduced himself mentioning he works at HackerRank as he was promoted to a full time employee after his internship which he got in 5th sem. - ** Janvi Matani asked for advice on finding internships as a 2nd year IT student. - *** Suyash and others suggested targeting small startups and reaching out directly to founders on LinkedIn rather than relying on job portals like Internshala. + +* Janvi Matani asked for advice on finding internships as a 2nd year IT student. + ** Suyash and others suggested targeting small startups and reaching out directly to founders on LinkedIn rather than relying on job portals like Internshala. * Rehan Shaikh talked about his work as a junior penetration tester at TCS in the BFSI (Banking, Financial Services and Insurance) vertical. ** Discussed the freedom in his team checking in, checking out, and working independently on pen testing projects. * Alpesh Bhagwatkar mentioned the new Android PixNapping vulnerability (CVE-2025-48561). From a50018e4762a6639b8ed7a590459ecc08ee68b4f Mon Sep 17 00:00:00 2001 From: Ankush Kapoor Date: Thu, 18 Dec 2025 21:53:05 +0530 Subject: [PATCH 5/5] fix: minor fixes --- summary/sessions/262/content.adoc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/summary/sessions/262/content.adoc b/summary/sessions/262/content.adoc index 93353f7..b6a96e3 100644 --- a/summary/sessions/262/content.adoc +++ b/summary/sessions/262/content.adoc @@ -4,7 +4,6 @@ Duration: 2 hrs 30 mins ==== Topics Discussed - * Janvi Matani asked for advice on finding internships as a 2nd year IT student. ** Suyash and others suggested targeting small startups and reaching out directly to founders on LinkedIn rather than relying on job portals like Internshala. * Rehan Shaikh talked about his work as a junior penetration tester at TCS in the BFSI (Banking, Financial Services and Insurance) vertical. @@ -34,7 +33,7 @@ Duration: 2 hrs 30 mins ** Talked about the difference between product companies and consulting firms for sales engineers. ** His daily work involves gathering customer requirements for cloud migration and designing proposals. * Shared resources: - ** link:https://lwn.net/Kernel/Index/[LWN Kernel Index^] + ** link:https://lwn.net/Kernel/Index[LWN Kernel Index^] ** link:https://livegrep.com/search/linux[Live Grep Linux Kernel Search^] ** link:https://academy.hackthebox.com/preview/certifications/htb-certified-penetration-testing-specialist[HTB CPTS Certification^] ** link:https://www.youtube.com/watch?v=BM62xi4FE3c[ELF Parsing by Harsh Kapadia^]