BlackHoodie is Back at BlueHat Seattle!

We’re partnering with BlueHat Seattle again this year!! Get set for the second BlackHoodie event in the USA for 2019! Just like other BlackHoodie events, this will be free, it will be for women, and it will be crazy challenging.


Date: October 22nd-23rd, 2019
Venue: Living Computer Museum, Seattle, WA
Time: 9.00 AM - 6.00 PM
Who: Women

This event will have five tracks.

Track 1: Intro to Reverse Engineering Malware

Dates: 22-23 Oct 2019

Description: Bhavna Soman and Michelle Bergeron will be teaching Introduction to Reverse Engineering Malware. Students will go over the basics of x86 and IDAPro, and use that to analyze real world malware samples (VM set up instructions will be provided beforehand). They will learn common techniques that malware authors use to evade detection and analysis. Finally, they’ll be provided with challenge binaries to test their new RE skillz.


  • Ideally some form of computer science background
  • Laptop with minimum 8GB RAM and 25GB free disk space for VM

Capacity: 30

Track 2: Hands-on introduction to web application security

Dates: 22-23 Oct 2019

Description: Niru Ragupathy and Jenna Kallaher from Google will be teaching this course. It is structured to start from the basics of web application security and explores common web attacks. Half of the first day will be packed with theory, while we are all for jumping into exercises having a solid grasp of the fundamentals will be crucial to your success in this course. At the end of the course you will have understood the concept, exploited and learnt to fix - XSS, CSRF and SQL injection. You will also get an opportunity to dabble in more esoteric attacks like XXE and SSRF on the second day.

Day 1: Theory - CIA model, HTTP, DOM, Cookies, Same Origin Policy, HTTP Methods, HTTP Headers and CORS Attacks - CSRF*, SQLi*, Command Injection, Broken session management*, Insecure Direct Object Reference*, Missing function access control, Logic Errors*

Day 2: Attacks - Reflected XSS*, Stored XSS&, DOM XSS*, CSP*, Vulnerability chaining, SSRF*, XXE*

* has hands-on exercises


  • A basic understanding of HTML, JS
  • A laptop with Burp proxy setup (Link to setup guide), a community version is sufficient for this course

Capacity: 30

Track 3: How to Auto-Feed Your Dragon: Hatchlings First Ghidra Script

Dates: 22-23 Oct 2019

Description: Morgan Whitlow from Mitre will be teaching. Two-day workshop focused on exposing students to creating and using scripts in Ghidra. Topics will include a brief overview and tour of Ghidra itself highlighting some of its features, various ways of integrating scripting into the reverse engineering workflow (e.g. headless analysis), Java vs Python scripts, and a quick overview of some of the functions in Ghidra’s Flat API. Students will be guided through writing basic scripts of their own, with an eye towards aiding analysis. This course is intended to be at an intermediate level. While proficiency is not expected, students should have at least a cursory understanding of an assembly language (ARM or x86 is acceptable) and at least one higher level programming language such as Python, Java, or C/C++.


  • Cursory understanding of an assembly language (ARM or x86)
  • Knowledge of one higher level language

Track 4: Purple Perspectives: When Blue Meets Red

Dates: 22 Oct 2019

Description: Michelle Lam and Tera Joyce from Microsoft will be teaching this track. In this workshop, we will be discussing the cat and mouse game that the red and blue teams need to navigate as part of the hunt for adversaries. One of the roles of a red team is to help with the first step of defending: understanding the adversary’s point of view, motive, and tooling. As part of the blue team, we follow the breadcrumbs left behind by an attack to piece together a story and ways to catch this activity in the future. Combining these perspectives helps build the full picture of an attack.


  • A basic background in security

Track 5: Bypassing ARM Exploit Mitigations

Dates: 23 Oct 2019

Description: Maria ‘Azeria’ Markstedter wil be teaching this track. In this 1-day workshop, attendees will learn how hackers break into Arm-based IoT devices using memory-corruption vulnerabilities such as buffer overflows, how developers can defend against these types of attacks using “exploit mitigations”, and what the limits of these mitigations are. During the labs, attendees will be writing their own exploits against vulnerable programs, and learn how to bypass exploit mitigations such as NX, ASLR, and Stack Canaries.


  • Able to read simple code written in the C programming language
  • Familiar with writing and editing basic scripts written in the Python programming language
  • Willing to dive into a Linux debugging environment
  • Willing to read and interact with Arm assembly language for several hours
  • Have a strong desire to learn, and be ready to think outside-of-the-box
  • Comfortable with troubleshooting the laptop’s host operating system
  • Comfortable with administering Linux from the command line
  • Able to use VMware to access the hands-on labs

Blackhoodie @ BlueHat 2019 Registration link: Link

Registration timeline: Registration will open 16th September 2019 at 2.00 PM and will remain open till slots are available. Seats will be allotted on a first come first served basis.

Finally, please note that we cannot cover travel or housing for attendees. There may be snacks and some form of caffeine :). More details will be communicated prior to the event.

What is BlackHoodie?

BlackHoodie is a free, women only reverse engineering workshop. More information can be found here.

Why women-only?

The number of female engineers working on complex low level security topics is crushingly low. Past teaching experience has shown, that is not due to lack of interest in challenges, but has to do with aspiring hackerettes sporting impressive anxieties. It is understandable– modern day computer security is an intimidating field, and the fact that this field’s engineers are usually all male, fancy death metal fashion and are offensive by definition, doesn’t help. But, among us, one doesn’t need to be male and death metal to be successful there. The BlackHoodie workshops aim to make complex subjects more tangible and less intimidating for women, in order to get motivated hackerettes started on their security careers. It is not about building walls around a minority, but about creating space, where participants can build confidence, foster shared interests, build connections, and in the end contribute themselves as part of a happier community. It keeps fascinating us how many former BlackHoodies keep sticking around, and do impressive work in several different areas of security.

-Bhavna and Marion