Blackhoodie at Grehack 2020

When

Thursday November 19, 2020

Where

Grenoble, France

Inscription

Inscription will open here on Saturday, October 10 at 10:10 AM CET.

Fee

Registration is free, but we don’t cover for food, travel and accomodation.

Precautions regarding COVID

Some special precautions will be taken because of COVID.

  • Masks covering mouth and nose will be mandatory throughout the event
  • Masks should be changed at the middle of the day (we will provide some masks for those who need it)
  • Before entering a room, everyone is expected to wash hands, we will provide hydroalcoholic gel
  • An empty space between attendees will be left so that we respect physical distancing
  • We are not allowed to serve food, or share food at a buffet. We’re currently working on a solution for individual meals
  • For your travel and accommodation, we recommend buying cancellation options for two reasons:
    • if you feel sick, please let us know and … please don’t come!
    • if the general situation gets worse, we will need to cancel the event (and make it a remote edition)

Training Topics:

There are 3 tracks happening at the same time.

Red vs Blue: Dissecting a killchain from both perspectives

Trainers: Emilie Denis and Juliette Chapalain
Level: Beginner friendly

This workshop aims to explain why and how a Red Team engagement is done and how the Blue Team can tune its detection to various common demonstrated techniques. This workshop will be reviewing each step of the beginning of a realistic attack scenario, from the offensive and defensive perspectives.

The hands-on session includes the following steps:

  • Initial access: an example of a spear phishing attack
  • Persistence
  • Auditing and exploiting a vulnerable service to elevate our rights
  • Credential dumping For each of these steps, the attendees will be using sysmon for detection.

Prerequisites:

  • A Laptop with minimum 4GB of RAM
  • Windows basic knowledge
  • Being familiar in C# and using Visual Studio is a plus

Reverse a malware 101

Trainer: Ponpon (Marion Lafon) from TEHTRIS
Level: Beginner friendly

The workshop will be about a funny ransomware, to understand its behavior we will analyze it through .Net decompilation, reverse it (we will perform some automatization thanks to miasm) and observe it through a debugger to ease the analysis.

Prerequisites :

  • Basic knowledge in programing (be able to write some lines in python)
  • Basic knowledge in assembly (know the notions of registries and instructions on assembly)

Equipment:

  • A Laptop with minimum 4GB of RAM

Introduction to Windows Kernel: Let’s Keylog all the Things!

Trainer: Gaby
Level: Advanced

This workshop allows attendees to take their first steps in kernel debugging as well as introduces them to several important concepts related to OS internals. The content is mainly focused on understanding the interrupts mechanism and how low-level tasks are dispatched from the hardware to specific drivers. For this purpose, we will take the example of the keyboard: by reviewing the different elements involved in key strokes handling, we will show how these components work and communicate between each other. This analysis will then be used to imagine how a kernel keylogger could leverage the internal structures involved in the process in order to sniff keyboard inputs.

Prerequisites:

  • No previous knowledge in OS internals is required but the attendees should be familiar with reversing and debugging x86_64 asm code.
  • Basic knowledge in C and/or javascript (yup yup!) programing is preferred: depending on the attendees progress we may have the time to implement a basic keylogger and/or some windbg scripts.
  • Being familiar with either windbg or gdb is definitely a plus: we won’t use any graphical debugger so be ready to type a lot of commands. :)
  • A computer able to run at least one Windows 10 VM (2 if the host is on Linux or OSX)
  • Painkillers: let’s get real, this workshop is pretty dense and some brains may fry a lil bit… :-^

What is BlackHoodie?

BlackHoodie is a series of free, women-only reverse engineering bootcamps, which started in 2015 and in 2018 slowly became a global initiative, with events happening in different locations in Europe and the United States. More information on the idea of BlackHoodie and upcoming events can be found at blackhoodie.re

This edition is the first edition in France, thanks to Grehack for hosting us !

Contact

Email: blackhoodie.grehack@gmail.com