Who: Women Where: Online When: November 25th, 2022

This Blackhoodie event will be held online, to reach women all around the world!

Schedule

Download .ics version here: Blackhoodie Virtual 2022 - Agenda ics file

Schedule Summary

Where

Online

Registration

Registration here

Fee

Registration is free

Training Topics

1. Software Reversing by Dr. Kayla Afanador
2. Malware Development 101 by Alice Climent-Pommeret
3. Unpacking 101 by Lily Chalupowski

Software Reversing by Dr. Kayla Afanador

When

• CET (fri) 11:00 am
• IST (fri) 3:30 pm
• PST (fri) 2:00 am
• EST (fri) 5:00 am
• AEST (fri) 8:00 pm

What is it about?

The art and science of reverse-engineering software is a foundational skill in cybersecurity. It allows us to investigate exactly what a program is doing and how… without source code or documentation. This skill has applications in vulnerability assessments, software compatibility, similarity analysis, and exploitation. This workshop will provide students with a hands-on introduction to software reverse engineering using IDA.

Knowledge prerequisites

No previous reverse engineering experience is expected or required! Students should have basic knowledge of using Linux, a terminal, and some previous programming experience in C and/or Python.

Hardware/Software prerequisites

We will provide students with a Linux virtual machine and all materials/software. Students are expected to run a ~20GB virtual machine. A recommended hardware configuration would have the following:

• 40 GB of free hard disk space
• 8-16 GB of RAM
• At least 4 Processor cores
• VMWare or Virtual Box to import the ova file

Bio

Dr. Kayla Afanador @Kayla0x41 is a senior technical staff member and lead instructor at the Boston Cybernetics Institute (BCI). Prior to BCI, Kayla was the Cyber Research & Development lead for the U.S. Naval Air Warfare Center Weapons Division. Kayla completed her PhD in Computer Science at the Naval Postgraduate School with a focus on automated vulnerability research.

Malware Development 101 by Alice Climent-Pommeret

When

• CET Friday 7:00 pm
• IST Friday 11:30 pm
• PST Friday 10:00 am
• EST Friday 1:00 pm
• AEST Saturday 4:00 am

What is it about?

In this workshop, attendees will study malware from an unusual standpoint, as malware developers.

Usually, at Blackhoodie workshop, attendees reverse and analyze compiled malware and try to understand its purpose.

Here, we are going to learn basic malware injection techniques by actually implementing them.

We will code malware performing:

• Self injection;
• Injection in a remote process;
• DLL injection in a remote process;
• Thread hijacking in a remote process;
• MapView process injection

We will then analyze our binary in live by using a debugger and Process Hacker. By doing so, we will learn to identify these injection techniques from the assembly code.

Hardware/Software prerequisites

• 16 Go of RAM
• 30 Go of free disk space
• Machine with Virtual Box installed (A Virtual Machine will be provided before the worshop).

Knowledge prerequisites

• Basic knowledge on x86 and x86_64 assembly languages.
• Basic knowledge on C.
• Basic knowledge on debugging.

Bio

Alice Climent-Pommeret (@AliceCliment) Offensive Security @ French Health Insurance (Caisse Nationale de l’Assurance Maladie)

Unpacking 101 by Lily Chalupowski

When

• CET Saturday 3:00 am
• IST Saturday 7:30 am
• PST Friday 6:00 pm
• EST Friday 9:00 pm
• AEST Saturday 12:00 pm

What is it about?

At the start of the workshop there will be an introduction to malware theory, which covers prerequisite knowledge needed for unpacking malware. Once the theory has been covered, in the workshop you will unpack multiple multiple different types of process injection such as process hollowing, shellcode injection, PE injection and more. Most of the skills learned in this workshop are transferable, as you will be able to use the skills to unpack other types of process injection and packers.

Key takeaways

• Ability to Unpack Malware

Hardware/Software prerequisites

• Computer
  • 16GB RAM
  • Internet Connection
• Host Software
  • Virtualization Software
  • Windows Virtual Machine
• Software Tools
  • x64dbg
  • PEBear
  • Detect it Easy
  • Resource Hacker

Knowledge prerequisites

• Some Programming
• Minimal Assembly

Bio

I started my career after I hit rock bottom being a single mom who moved back to live with my parents. This was after dropping out of computer science in university, my professors told me I would not be good enough to get a job in computers. I had lost all passion for what I loved and hoped for the future. I worked with my caseworker (social assistance program) and they helped me gain the confidence to try computers again. I was able to teach myself programming and other computer science concepts on my own time (online courses). With this, I was able to regain my confidence regarding computers. I then became really interested in offensive security and applied to work at a cyber security company. I started as an entry-level analyst and worked my way up to starting my own threat research and detection department. I taught myself how to reverse engineer malware from scratch along the way and have not looked back since. If I can train an English teacher to reverse engineer malware, I have the confidence I can train anyone to get the task done. If you are looking for someone to lead your threat research and detection team who has done each job on the way up to the top, I might be the one you are looking for. Since then, I’ve presented research all across North America, appeared on TV as an expert twice and have not looked back. I love reverse engineering, malware analysis, detecting threat actors, the thrill of the hunt, mentoring other women who want to get into cyber security and most importantly, my family and the wonderful people on my team who have grown so much in their careers.

Talks

1. Cobalt Strike Analysis for Incident Response by Hela Lucas
2. What happens when you make a promise to your partner that you’re going to crack a software for them ? by Jessica
3. Botnet as a service or tuning the payload ? by Laura Varano
4. ChromeLoader’s Evolution by Bethany Hardin
5. Get set, Go: An Introduction to Go Reverse Engineering by Christina Johns
6. iOS Reverse Engineering with Frida and Corellium! by Christine Fossaceca
7. The Importance of Knowing Normal by Shelly Giesbrecht

Cobalt Strike Analysis for Incident Response by Hela Lucas

When

• CET (fri) 3:00 pm
• IST (fri) 7:30 pm
• PST (fri) 6:00 am
• EST (fri) 9:00 am
• AEST (fri) 12:00 pm

Abstract

Cobalt Strike is commercial threat emulation software that is widely used by threat actors for real-world attacks. In this talk, the Cobalt Strike software will be described from an operator perspective, and then we will dive in to the forensic artefacts left by the tool, and how they can be analysed during incident response investigations. This talk will aim to be accessible for people without a digital forensics or incident response background, with easy-to-understand explanations of concepts introduced throughout.

Bio

Hela Lucas is a London based Incident Response Consultant at CrowdStrike. She previously worked at KPMG, Facebook, Coinbase and Morgan Stanley in Incident Response and Threat Intelligence teams. Outside of cybersecurity Hela likes cooking and petting dogs.

What happens when you make a promise to your partner that you’re going to crack a software for them ? by Jessica

When

• CET (fri) 3:45 pm
• IST (fri) 8:15 pm
• PST (fri) 6:45 am
• EST (fri) 9:45 am
• AEST (fri) 12:45 pm

Abstract

A walk through my journey trying to analyze a music software. This is a story of betrayal, self-discovery (moslty my limits), and a lot of goal reevaluation.

Bio

Jessica has been working in digital forensics and incident response for the last 2 ½ years with a special interest for reverse engineering.

Botnet as a service or tuning the payload ? by Laura Varano

When

• CET (fri) 4:30 pm
• IST (fri) 8:45 pm
• PST (fri) 7:30 am
• EST (fri) 10:30 am
• AEST (sat) 1:30 am

Abstract

With the constantly changing landscape of IoT botnets it requires a certain effort to stay on top of all the changes introduced by attackers daily to make sure that both adequate detections and the right naming constantly remain in place. Surprisingly, the quality and the arsenal of malware functionality is not always improving or increasing in quantity. In this presentation, we are going to explore some peculiar modifications introduced by the botnet developers over time and try to find an explanation to them.

Bio

Laura works as Cyber Threat Analyst at Nozomi Networks, creating detections and researching current IoT and OT threats.

She has previous experiences as forensic analyst, OSINT analyst and penetration tester in public and private sector. She first learned to reverse engineer binaries at a Blackhoodie workshop in 2018 and fell in love with it.

ChromeLoader’s Evolution by Bethany Hardin

When

• CET Saturday 12:00 am
• IST Saturday 4:30 am
• PST Friday 3:00 pm
• EST Friday 6:00 pm
• AEST Saturday 9:00 am

Abstract

It has been seen before that adware is waved off as just being a nuisance malware, however because of this, malware authors are able to take advantage and use it for wider attacks like Enigma ransomware. This discussion explores how malware authors have used this adware for further campaigns.

Bio

Bethany Hardin is the team lead on VMWare CarbonBlack’s MDR POC team. She has a Master’s of Science in cybersecurity and has worked in several cybersecurity roles including security engineer, analyst, threat intelligence, and forensicator. Her passion in cybersecurity lies in the research of threats.

Get set, Go: An Introduction to Go Reverse Engineering by Christina Johns

When

• CET Saturday 12:45 am
• IST Saturday 5:15 am
• PST Friday 3:45 pm
• EST Friday 6:45 pm
• AEST Saturday 9:45 am

Abstract

Go is becoming increasingly popular and it presents some interesting challenges for reverse engineers. The good news is disassembler and open source tools are catching up fast. This talk will cover an overview of Go, important points for reverse engineers, some of the challenges it can present as well as tools for various disassemblers that can help with analysis.

Bio

Christina Johns is a Principal Malware Analyst at Red Canary with over 10 years experience. Prior to becoming a malware analyst she worked in a variety of areas including web application assessment, android forensics and incident response. Her research interests lie at the intersection of automating binary analysis and malware reverse engineering. She has taught several intro to CTF workshops and enjoys participating in CTFs to build her skills and help others do the same.

iOS Reverse Engineering with Frida and Corellium! by Christine Fossaceca

When

• CET Saturday 1:30 am
• IST Saturday 6:00 am
• PST Friday 4:30 pm
• EST Friday 7:30 pm
• AEST Saturday 10:30 am

Abstract

Are you interested in iOS reverse engineering(RE) but it seems too daunting to even know where to begin? This talk will show you how easy it is to get started in iOS RE with any PC/Mac, an iPhone, and Frida! Frida is a dynamic code instrumentation framework that is an essential tool in an iOS reverse engineer’s toolbelt. Using Javascript, Frida allows you to inject custom code into a native app on a multitude of platforms. And did I mention it is open source? Let Christine will take you from zero to hero as she demonstrates how to get started doing iOS reverse engineering with Frida on both a real iPhone and Corellium, an iPhone emulator!

Bio

Christine Fossaceca is a senior mobile security researcher and reverse engineer at Microsoft. She has experience with Android and iOS. Christine is an IDA Pro afficionado, but is learning to like Ghidra, too. She also enjoys using Frida to aid her in dynamic analysis, and tries not to let her dog distract her too much. She attended her first BlackHoodie in San Francisco in 2019. Follow her on Twitter @x71n3 and listen to her new podcast (herhaxpodcast.com) about breaking into a career in cybersecurity!

The Importance of Knowing Normal by Shelly Giesbrecht

When

• CET Saturday 2:15 am
• IST Saturday 6:45 am
• PST Friday 5:15 pm
• EST Friday 8:15 pm
• AEST Saturday 11:15 am

Abstract

Whether a red or blue teamer, understanding what “normal” looks like in network traffic, on an endpoint, or when a program runs is crucial to understand. If you’re a red teamer and trying to hide in plain sight, you need to know how to blend in. And if you’re a blue teamer, you need to know what normal is so you can spot abnormal and stop it!

Shelly is a long time incident responder and will talk about some of the important points of “normal” and the dangers of not knowing.

Bio

Shelly is a Director of Incident Response for CrowdStrike.

After many years in the help desk/desktop support trenches learning what normal was, Shelly moved to Security Operations to understand abnormal. She then followed her dream to never sleep again and joined the ranks of IR consultants around the world putting out dumpster fires wherever they happen.

Shelly tries to learn one new thing every day, and is a firm believer in the bow-tie. Lego is not a toy, it’s a lifestyle.

What is BlackHoodie?

BlackHoodie is a series of free, women-only reverse engineering bootcamps, which started in 2015 and in 2018 slowly became a global initiative, with events happening in different locations in Europe and the United States. More information on the idea of BlackHoodie and upcoming events can be found at blackhoodie.re