Blackhoodie@Troopers 2020

Once again, we are super excited to announce that Blackhoodie is happening at Troopers 2020. This is the 3rd time that Blackhoodie is joining with Troopers. As always, one of the main motivation for Blackhoodie is bringing more women into reversing and other core security topics. So we would like to see more women apply to the training slots. However, if you are not a woman and still feel really excited about Blackhoodie, you are welcome to apply. The registration is open now.  Please hurry up and make your registration now. We will close the registration once the seats are filled up with enough quality submissions. We do have a very limited number of seats at this training site. So we apologize in advance if we can’t accommodate everyone, even though we wish we could!

How to register?

Blackhoodie is a free event. In order to register, go to this link and fill in your details with a brief motivation of why you would like to join Blackhoodie. We will get back to you with the selection outcome as soon as the registration is closed. Current deadline for registration is Feb 12th 2020.


When and where?

The event is happening on March 15th, 16th and 17th. We will have an introduction session with lightening talks on March 15th (Sunday) starting at 13:00. On 16th and 17th, there will be workshops. We just have one track with 3 trainings one after the other.

Print Media Academy
Kurfürsten-Anlage 52-60
69115 Heidelberg Germany
Getting there


15th March 2020 – Ligtening talks starting from 13:00

16th – 17th March 2020 – Trainings

Training 1: How to (mis)use TLS? by Caroline 
Let’s understand how TLS works and demystify some famous flaws in TLS:
what went wrong ? How could we exploit it ? How was is fixed ? 
To answer this questions, the idea is to get our hands on networking, 
man-in-the-middle, rogue certificates crafting, heartbleed exploitation.
Material: have a kali linux virtual machine installed. 
If you don’t know how to do that, I can provide an installation guide.
Training 2: Untangling C++: Reversing and Auditing C++ Binaries by Gal Zaban
This training is an advanced class for security researchers who want to 
expand their horizons and skills in reversing modern C++ binaries. 
C++ Binaries are full of mysteries, they have objects, inheritance, 
templates, vtables and many more and reverse engineering them is a task on 
its own. The training will explain advanced C++ reverse engineering topics 
including techniques and tools for dealing with research of C++ Binaries.
We will start with the identification of basic C++ patterns including 
identifying statics, globals, arrays, etc. Than we will continue with objects
and inheritance in a binary and how to represent all of those in IDA, 
afterward, we will study work methods and design patterns in C++.
Finally, we will practice, fight and untangle deep and modern C++ programs 
using both static and dynamic analysis.
Class outline:
 - C++ Reverse Engineering Intro.
 - Globals, Statics and Arrays
 - Objects + Objects Creation.
 - Inheritance.
 - Multiple Inheritance.
 - Understanding relationship between objects.
 - Virtual tables and virtual calls.
 - Templates.
 - Important Design Patterns.
 - IDA Pro- concepts and working methods for reverse engineering C++.
 - Representation of C++ objects in IDA.
 - Tips for creating setup and environment for C++ binaries.
 - Existing tools for C++.
 - Deep understanding of a C++ Binary's Logic.
 - Conclusions and wrap-up.
 - Suggestions for future tasks and resources to keep learning and improving C++ RE skills.
Training 3: Attacking Active Directory by Kelly Villanueva
Active Directory, a service used to manage users, computers, and other 
objects in corporate networks,is used by almost all large corporations, 
making it a prime target for exploitation and abuse. Despite efforts to 
patch existing vulnerabilities and standardize best practices, the security 
exposure derived from Active Directory increases as environments become 
more complex, and offensive security professionals can leverage 
Active Directory to perform activities like lateral movement, 
credential theft, and reconnaissance.
This workshop will provide an overview of Active Directory fundamentals, 
explain common attack primitives, and use open source tools to get 
hands-on experience attacking Active Directory.

If you have any further questions, you can contact me by



Continue reading

Windows Insight: The Windows Telemetry ETW Monitor

The Windows Insight repository now hosts the Windows Telemetry ETW Monitor framework. The framework monitors and reports on Windows Telemetry ETW (Event Tracing for Windows) activities – ETW activities for providing data to Windows Telemetry. It consists of two components:

  • the Windbg Framework: a set of scripts for monitoring Windows Telemetry ETW activities. The scripts are fed to a running windbg instance, connected to the Windows instance whose Windows Telemetry ETW activities are monitored.
  • the Telemetry Information Visualization (TIV) framework for visualization of information and statistics. The TIV framework is a set of Python scripts that visualize information and statistics based on the data produced by the Windbg Framework. The output of the TIV framework is a report in the form of a web page.


The Windows Telemetry ETW Monitor has been tested on Windows 10, version 1909.

Continue reading “Windows Insight: The Windows Telemetry ETW Monitor”

Continue reading

TROOPERS20 Training Teaser: TLS in the Enterprise – Post Quantum Security

Our workshop “TLS in the enterprise” was held for the first time at Troopers 2018 and was our special contribution to the IT Security world to increase the usage of TLS and point out the pitfalls, when switching to TLS.

But time is changing and TLS is a kind of standard nowadays, at least when looking at HTTPS, but there are still a lot of things to do regarding other protocols like

  • Jabber
  • LDAP
  • Telnet
  • SMTP, POP3 and IMAP
  • SIP and RTP
  • MySQL
  • Postgres
  • SSL based VPNs

just to name a few ;-). We will cover that in our training too, but the most important new stuff will be Post Quantum Security and how it will affect the future of encryption. We will talk about crypto algorithms and which of them can still be used in the future, we will talk about timelines and preparation (including the actual state of technology) like develop your master plan and we will try to clear up the myths regarding quantum computers to get your enterprise ready for the post quantum era :-).

Become aware that quantum computers will likely break most traditional public key crypto and every secret it protects. Examples for affected crypto: RSA, DH, ECC, ElGamal, PKI, digital certificates, digital signatures, VPNs, WiFi protection, smartcards, HSMs, crypto currencies, two factor authentication which relies on digital certificates (e.g. FIDO keys, Google security keys, etc.) and of course TLS.

And the quantum computers are not that far away, as the following timeline proves:

  • 1998: first working quantum computer
  • 2016: Google develops quantum computer
  • 2017: D-Waves announces the commercial availability of the D-Wave 2000Q™ quantum computer
  • 2017: IBM and Microsoft announces quantum computers
  • 2018: several quantum microprocessors available
  • 2019: likely over 100 quantum computers available

hmm, you are afraid now? No ;-)! You are curious? You got the point, it’s time to get prepared. The early bird catches the worm (which btw. is also true for getting your Troopers ticket and workshop seat 😉 ) the NSA said, and it moved to post-quantum in January 2016.

So to satisfy your curiosity, see you at our workshop “TLS in the enterprise” at Troopers 2020.


Frieder and Michael

Continue reading

TROOPERS20 Training Teaser: Swim with the whales – Docker, DevOps & Security in Enterprise Environments

Containerization dominates the market nowadays. Fancy buzzwords like continuous integration/deployment/delivery, microservices, containers, DevOps are floating around, but what do they mean? What benefits do they offer compared to the old dogmas? You’re gonna find out in our training!

We are going to start with the basics of Docker, Containers and DevOps, but soon you’ll end up with your own applications running inside containers with the images residing in your own registry. Of course, following the microservices approach, and the second day hasn’t even started.After the fundamental topics of containerization are understood, you’re going to create and operate your own Kubernetes cluster. A lot of fun and challenging exercises lie ahead, to give you hands-on experience with all the technologies.

We at ERNW have not only security written on our banner, it is a mindset we share. Therefore, be prepared to get knee deep into security in regards of the discussed technologies. We will tackle the security aspects from the bottom-up, what Containerization tools can offer and how all these can be enforced and enhanced with Kubernetes to secure your clusters. From there on you are ready for the final challenge. You will jump into the role of an attacker who did compromise a Container in the cluster and escalate your privileges to Cluster Admin.

Attendees who absolved the training will have a solid understanding of container technology, especially with Docker and Kubernetes and of course the security challenges those technologies bring to the table.

So, if you’re up to a challenging training and want to get not only your feet wet with Docker and Kubernetes, you can reserve your spot for the training right here.


Thanks and kind regards,
Jan and Simon

Continue reading

TROOPERS20 Training Teaser: Insight Into Windows Internals

Windows 10 is one of the most commonly deployed operating systems at this time. Knowledge about its components and internal working principles is highly beneficial. Among other things, such a knowledge enables:

  • in-depth studies of undocumented, or poorly documented, system functionalities;
  • development of performant and compatible software to monitor or extend the activities of the operating system itself; and
  • analysis of security-related issues, such as persistent malware.

Continue reading “TROOPERS20 Training Teaser: Insight Into Windows Internals”

Continue reading

DevSecCon19 London – How to Secure OpenShift Environments and What Happens If You Don´t

This week I was at DevSecCon in London to present my current research on Red Hat OpenShift. In this talk, I gave a brief introduction to OpenShift, demonstrated some threats that exist for such environments, and dived into different configuration issues that may affect the security of OpenShift environments. The implications of misconfigurations of such an environment have been shown in live demos.

Continue reading “DevSecCon19 London – How to Secure OpenShift Environments and What Happens If You Don´t”

Continue reading

TROOPERS20 Training Teaser: Hacking 101

Hi there,
like in recent years the popular Hacking 101 workshop will take place on TROOPERS20, too! The workshop will give you an insight into the hacking techniques required for penetration testing. These techniques will cover various topics:

  • Information gathering
  • Network scanning
  • Web application hacking
  • Low-level exploitation

…and more!

Continue reading “TROOPERS20 Training Teaser: Hacking 101”

Continue reading

TROOPERS20 Training Teaser: Windows & Linux Binary Exploitation

We are happy to announce that TROOPERS20 will feature the 5th anniversary of the popular Windows & Linux Binary Exploitation workshop!

In this workshop, attendees will learn how to exploit those nasty stack-based buffer overflow vulnerabilities by applying the theoretical methods taught in this course to hands-on exercises. Exercises will be performed for real world (32-bit) software such as the Foxit Reader Plugin for Firefox, Wireshark, and nginx.

Continue reading “TROOPERS20 Training Teaser: Windows & Linux Binary Exploitation”

Continue reading