Blackhoodie at Troopers Conference 2024
Kubernetes Security and Mobile Malware Analysis
Guess what, we’re back again! TROOPERS kindly offered to host us for two days of BlackHoodie trainings \m/. This time we are back with two tracks! The dates are approaching fast, and we have very limited capacity. If you are a student, do not forget to write a motivational letter to get the chance to get a free ticket for the Troopers conference! See you very soon in Heidelberg!
TL;DR:
What: Beginner-friendly classes on Kubernetes Security and Mobile Malware Analysis!
When: June 24 and 25, 2024
Where: Heidelberg, Germany
Who: Women
Registration: fill form here, closing when all the seats are taken
Fees: The workshop is free; travel and accommodation is responsibility of attendees!
Agenda
Day 1: Kubernetes Security 101
In this beginner-friendly workshop, we will dive into the fundamentals of Kubernetes, along with concepts of Kubernetes security and potential misconfigurations. Finally, we will engage in hands-on exercises to apply what we have learned in practice.
Topic Overview
- Introduction Kubernetes
- Kubernetes Security
- Kubernetes Misconfiguration
- Hands-on Excercises
Training prerequisites:
- No previous knowledge is required
What to bring:
- Laptop
Who should attend?
This training is for anyone interested in learning the basics of Kubernetes and Kubernetes security.
About the Trainer
Lorin Behringer is an IT Security analyst at the company ERNW Enno Rey Netzwerke. She has been working in the this field for over four years, primarily focusing on web application testing and cloud security. Recently, her work has involved a focus on Kubernetes security. She has been a member of the Blackhoodie community since 2019 and has been part of the organization’s team since 2023.
Day 2: Mobile Malware Analysis 101
In this beginner-friendly training, you’ll step into the shoes of a malware analyst! The training starts with an introduction to the fundamentals of reverse engineering Android applications. With these basics, you’re all set to look into an Android app, which masks as a Messenger, but hides various malicious functionality in both Kotlin and native code. Let’s figure out what the app is doing, which information is leaked, and to whom!
This training teaches all methods and tools required to follow mobile pentesting guides, such as OWASP Mobile, while also providing you with the basics to build your own security analysis tools where needed.
Topic overview:
The internal structure of an Android app. Static analysis of applications written in Java/Kotlin using Ghidra and jadx. Android specifics: Java virtualization, native libraries, JNI, … Dynamic instrumentation of applications that mix Java and native code using Frida. Android security boundaries: Intents, content providers, Binder, SELinux, sandboxing. Using existing tools to bypass TLS certificate pinning, root/jailbreak detection, and modifying SQLite databases.
Training prerequisites:
Basic programming knowledge, ideally one or multiple of the following programming languages: Python, JavaScript, C/C++, Java/Kotlin. Optional: Mobile app development background.
What to bring:
Laptop with at least 8GB of RAM that can run Android Studio and an Android VM, with an Internet connection and possibility to install additional software. Your rooted Android devices can be used as well, but we won’t be able to provide support for this.
Who should attend?
This training is aimed at anyone interested in mobile app security, including up and coming pen testers, security or vulnerability researchers, or app developers.
About the Trainer
Jiska Classen is a wireless and mobile security researcher, leading a research group at Hasso Plattner Institute. The intersection of her research topics means that she digs into iOS internals, reverse engineers wireless firmware, and analyzes proprietary protocols. Her practical work on public Bluetooth security analysis tooling uncovered remote code execution and cryptographic flaws in billions of mobile devices. She also likes to work on obscure and upcoming wireless technologies, for example, she recently uncovered vulnerabilities in Ultra-wideband distance measurement, reverse-engineered Apple’s AirTag communication protocol, and published about Apple’s satellite communication implementation.
She has previously spoken at Black Hat USA, DEF CON, RECon, Hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmer Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and training, and published at prestigious academic venues. Jiska Classen gave iOS and Android security at TROOPERS, Nullcon, and Objective by the Sea, and has teaching experience from creating own lectures and labs as a postdoctoral researcher at TU Darmstadt.
What is BlackHoodie?
BlackHoodie is a free, women only reverse engineering workshop and community. More information can be found here: https://www.blackhoodie.re/about/
Why women-only?
One qualifies to attend an in-person bootcamp either if born and raised female, or if one identifies as a woman. This concept of women-only has no intention of putting up walls or feeling exclusive. Blackhoodie is about creating space in an industry that’s very competitive. It is a comfortable place, where attendees feel encouraged to grow skills without pressure. We do what we do, not to create women-only bubbles, as contradicting as it might sound, but to enable a minority to enter the security space, learn skills that are otherwise expensive to learn, find their interests and grow a professional network.
And, it works. BlackHoodie alumnae have gone far beyond being successful in the classroom since the workshop series started. They ventured out to start community projects and collaborations, got themselves new jobs in the security industry, went to speak at major security conferences, joined review boards and become influencers in our community. Many went on to mentor others after they had found their spot, came back to BlackHoodie to give trainings on their own or are now conference trainers and teach classes to the community.
Finally, why does the security industry need more women at all? The industry is growing and facing a talent shortage. More importantly, jobs are typically well paid, come with certain privileges, and are challenging and often fulfilling. And we do firmly believe our society as a whole can only benefit from having more women with money, independence and confidence. Likewise, the tech sector has grown in size and influence, and with great power comes great responsibility – responsibility best shared among a diverse body of decision makers.