Events

Blackhoodie@Troopers 2020

Once again, we are super excited to announce that Blackhoodie is happening at Troopers 2020. This is the 3rd time that Blackhoodie is joining with Troopers. As always, one of the main motivation for Blackhoodie is bringing more women into reversing and other core security topics. So we would like to see more women apply to the training slots. However, if you are not a woman and still feel really excited about Blackhoodie, you are welcome to apply. The registration is open now.  Please hurry up and make your registration now. We will close the registration once the seats are filled up with enough quality submissions. We do have a very limited number of seats at this training site. So we apologize in advance if we can’t accommodate everyone, even though we wish we could!

How to register?

Blackhoodie is a free event. In order to register, go to this link and fill in your details with a brief motivation of why you would like to join Blackhoodie. We will get back to you with the selection outcome as soon as the registration is closed. Current deadline for registration is Feb 12th 2020.

REGISTER HERE.

When and where?

The event is happening on March 15th, 16th and 17th. We will have an introduction session with lightening talks on March 15th (Sunday) starting at 13:00. On 16th and 17th, there will be workshops. We just have one track with 3 trainings one after the other.

Print Media Academy
Kurfürsten-Anlage 52-60
69115 Heidelberg Germany
Getting there

Agenda?

15th March 2020 – Ligtening talks starting from 13:00

16th – 17th March 2020 – Trainings

Training 1: How to (mis)use TLS? by Caroline 
Description: 
Let’s understand how TLS works and demystify some famous flaws in TLS:
what went wrong ? How could we exploit it ? How was is fixed ? 
To answer this questions, the idea is to get our hands on networking, 
man-in-the-middle, rogue certificates crafting, heartbleed exploitation.
Material: have a kali linux virtual machine installed. 
If you don’t know how to do that, I can provide an installation guide.
Training 2: Untangling C++: Reversing and Auditing C++ Binaries by Gal Zaban
Description:
This training is an advanced class for security researchers who want to 
expand their horizons and skills in reversing modern C++ binaries. 
C++ Binaries are full of mysteries, they have objects, inheritance, 
templates, vtables and many more and reverse engineering them is a task on 
its own. The training will explain advanced C++ reverse engineering topics 
including techniques and tools for dealing with research of C++ Binaries.
We will start with the identification of basic C++ patterns including 
identifying statics, globals, arrays, etc. Than we will continue with objects
and inheritance in a binary and how to represent all of those in IDA, 
afterward, we will study work methods and design patterns in C++.
Finally, we will practice, fight and untangle deep and modern C++ programs 
using both static and dynamic analysis.
Class outline:
 - C++ Reverse Engineering Intro.
 - Globals, Statics and Arrays
 - Objects + Objects Creation.
 - Inheritance.
 - Multiple Inheritance.
 - Understanding relationship between objects.
 - Virtual tables and virtual calls.
 - Templates.
 - Important Design Patterns.
 - IDA Pro- concepts and working methods for reverse engineering C++.
 - Representation of C++ objects in IDA.
 - Tips for creating setup and environment for C++ binaries.
 - Existing tools for C++.
 - Deep understanding of a C++ Binary's Logic.
 - Conclusions and wrap-up.
 - Suggestions for future tasks and resources to keep learning and improving C++ RE skills.
Training 3: Attacking Active Directory by Kelly Villanueva
Active Directory, a service used to manage users, computers, and other 
objects in corporate networks,is used by almost all large corporations, 
making it a prime target for exploitation and abuse. Despite efforts to 
patch existing vulnerabilities and standardize best practices, the security 
exposure derived from Active Directory increases as environments become 
more complex, and offensive security professionals can leverage 
Active Directory to perform activities like lateral movement, 
credential theft, and reconnaissance.
This workshop will provide an overview of Active Directory fundamentals, 
explain common attack primitives, and use open source tools to get 
hands-on experience attacking Active Directory.

If you have any further questions, you can contact me by schalakkal@ernw.de.

Cheers,

Priya

Continue reading
Events

Diversity, Community, Blackhoodie

Gender equality in the Infosec world as a topic of discussion comes with a lot of heated arguments and differences in opinion.
So let me start with some disclaimers on the target audience for this post. If you are in the category who believes everything about gender is perfect in the infosec world, this post is not for you. If you are in the category who believes gender and bringing diversity is not your area of interest, then this post is not for you either. There are so many interesting problems that the world offers you. Climate change, poverty, diseases, unemployment, addiction, science problems and what not. Everybody has the freedom to choose their area of interest and contribute towards it. If you are in the category who thinks gender equality in infosec needs some attention and would like to explore more on the topic without prejudices, then this post may  be interesting to you. Continue reading “Diversity, Community, Blackhoodie”

Continue reading
Events

Yet another edition of BlackHoodie – #BlackHoodie17

I am amazed by how this years BlackHoodie unraveled. Three days that included a pre-conference of lightening talks and two parallel tracks with a total of 64 enthusiastic members. The very spirit of BlackHoodie is nothing other than the quest to gain deep knowledge. Reverse engineering is one of the hardest fields in security. It touches on all fields of computing, starting from assembly, programming, file formats, operating systems, networks and what not. This makes it hard but an extremely fulfilling experience to spend time learning it. For me, the very idea of staring at a binary till you understand what it does is a magical feeling.

Continue reading “Yet another edition of BlackHoodie – #BlackHoodie17”

Continue reading
Events

BlackHoodie 2016

This year’s BlackHoodie workshop rolled out with 28 amazing women from all parts of the world. It was a very vibrant group with students, professionals, engineers, researchers, physicists and what not. This is the second year that Marion Marschalek is running this reverse engineering workshop exclusively for women. There were a variety of topics that were covered. This includes anti emulation tricks, anti debuggers, packers, obfuscation, encryption/decryption functions, and a lot of fun with IDA.

Continue reading “BlackHoodie 2016”

Continue reading