by Veronica Valeros & Maria Rigaki
This year we were lucky to be able to attend the 4th edition of the BlackHoodie Bootcamp in Berlin. BlackHoodie is a women-only reverse engineering [intensive] bootcamp, meant to introduce attendees to reverse engineering and other highly technical areas of information security in an intensive weekend. Born in 2015 with only 15 attendees, BlackHoodie has grown now to over 90 participants from all over the world.
The event this year was sponsored by HERE Technologies, which were generous enough to not only provide the venue, but also on-site food, beverages, and also a get-together on Saturday night. All of which was extremely good and made our intensive weekend perfect.
The event consisted in 1 day of conference, and 2 days of intensive workshops split in 3 tracks. In overall, we spend the last three days learning, networking, and meeting old friends!
Day 1: BlackHoodie Conference
In this edition, we were thrilled to be able to contribute to the event as speakers, and to be able to share our work among our peers. In the first talk, we presented “Linux servers under siege: a real case forensic analysis of a cryptocurrency miner attack”. The talk was a walkthrough of the investigation done to identify, remediate and prevent a malware miner infection in one educational server. In the second talk, we presented “Arming malware with GANs“. The talk introduced the concepts of Generative Adversarial Networks and how they can be used to make malware more “smart” and evade detection.
The conference included 12 speakers and the topics covered ranged from Pinball firmware reversing, C++ tricks & fun to a deep dive into malware and the internals of the Chromium Sandbox. The level of the talks was really good, and it was nice to see so many first-time speakers on stage!
Day 2 & 3: Track 2
In track 2 there were three different workshops. The first morning was in the hands of Kristina Balaam. In her workshop, “A Beginner’s Guide to Android Malware Analysis”, we learned how prevalent android/mobile malware actually is, where to find samples, and how to get started with reversing android samples.
The afternoon of day 2 was for the workshop “Capture The Flag: An Introduction To Binary Exploitation” given by Katharina Männle. It was a intensive deep dive and hands-on exercises on stack overflows which left our brains totally melted. Katharina had a CTF-like set up that made it easy for us to try things and being able to attempt to make things work on our own.
The third day was all dedicated to ARM Exploitation by Azeria. It was a fantastic, well taught intensive workshop that walked us through the basics of ARM architecture, key differences with x86, basics of ARM assembly, how to write a reverse shell and also exploitation.
Day 2 & 3: Track 3
The third track was also split into three different workshops. During the first day Marion Videau gave us an introduction to cryptography (for non-cryptographers), including some practical advice and hands-on practice using the amazing cryptopals challenges.
The second day started with a well prepared and fun introduction to Return Oriented Programming (ROP) by chilliz. We went through the basics of ROP, ret2libc and ROP gadgets and we got to practice the concepts in some interesting challenges.
The afternoon session was dedicated to a Windows Kernel debugging workshop given by Gwaby. Although it was a difficult topic and a first dive for most of the participants, it was a great way to get us started.
Overall, it was a great event. We were able to get a intensive introduction to many new topics and concepts that we were barely familiar with and achieved a certain level in where we can continue learning on our own. It was exhausting, but totally worth it. The experience of being surrounded by more than 80 technical women is one of a kind; an experience that for the majority of us was the first as we often encounter ourselves in environments with a huge gender disparity (50 to 1 or more). Finally, we want to express our deep thank you to Marion, Barbie, Priya, Kylma, Gwaby, Ninon, Bhavna, and all the blackhoodies that make this event possible