BlackHoodie at Hexacon 2023
4 Workshop in Paris: Introduction to Software Reverse Engineering, C++ binary Reversing, Cryptographic algorithm identification, AV/EDR bypass on Windows
A new BlackHoodie event appears! We are thrilled to announce that thanks to Hexacon awesome team, we’ll be hosting 4 workshops at Espace Vinci in Paris. The event will take place over four days, right before the conference. And for the icing on the cake, some badass trainers answered our call to share their knowledge and their skills:
- Ponpon (a.k.a Marion Lafon) will introduce the attendees to the fantastic world of Reverse Engineering with a funky piece of malware;
- Hexe (a.k.a. Alice Climent-Pommeret) will dig into process killer drivers and show techniques to bypass AV and EDR;
- 0xGalz (a.k.a. Gal Zaban) will dissect C++ binaries and present the gruesome details hidden behind object-oriented languages;
- Caro (a.k.a Caroline Leman) will show how to efficiently identify cryptographic algorithms and gives life-saving tips and tricks when tackling encryption binaries.
Come meet us in October, we’re waiting for you!
TL;DR:
What: Class on low-level security topics, introductory and intermediate
When: October 9 & 12 2023 - 9am-5pm
Where: Espace Vinci, Rue des Jeuneurs, Paris, France
Who: Women
Registration: fill form here, closing on August 31th or when all the seats are taken
Fees: The training and food are free; travel and accommodation is responsibility of attendees. Beware! Book your hotel quickly: France is hosting the Rugby WorldCup during those dates.
Reverse a malware 101
Trainer: Marion Lafon (@Ponpon)
The workshop will be about a funny ransomware, to understand its behavior we will analyze it through .Net decompilation, reverse it (we will perform some automatization thanks to miasm) and observe it through a debugger to ease the analysis.
What do you need to follow this workshop?
- Basic knowledge in programing (be able to write some lines in python)
- Basic knowledge in assembly (know the notions of registries and instructions on assembly)
- A Laptop with minimum 4GB of RAM
Cryptography Reverse engineering
Trainer: Caroline Leman (@Caro)
In this hands-on workshop, you will be facing a variety of encryption binary. Your mission, if you accept it, will be to code in Python a corresponding decryptor.
We are going to discover some cryptographic algorithm implementation (including RC4, AES, Salsa20 and Chacha20), some hashing function (including MD5, SHA-1 and SHA256). If we have time, we will dig into assymetric cryptography as well with RSA and Diffie-Hellman with ec25519. If you don’t know these algorithms, then this workshop is for you :)
The goal of this workshop is to give you some experience in:
- Recognizing the type of algorithm
- Extract the useful info like the key for example
- Implement using Python a “decryptor” with the info we extracted
What do you need to follow this workshop?
- Basics of x86 disassembly, you can follow this online training by Marion Part1 Part2 Part3 Part4
- A lot of curiosity !
- A laptop with a linux system or a windows machine with a linux virtualmachine kali virtual machines
- Mathematical background will not be useful here.
- Ghidra
C++ Reverse Engineering
Trainer: Gal Zaban (@0xGalz)
This course will be an advanced reverse engineering class for security researchers who want to expand their horizons and skills in reverse engineering C++ binaries.
C++ Binaries are full of mysteries, they have objects, inheritance, templates, vtables and many more and reverse engineering them is a task on its own. In order to correctly and clearly map a C++ compiled binary it requires a vast knowledge of C++ Internals.
The training will explain C++ reverse engineering topics including techniques and tools for dealing with C++ Binaries research. We will start with the identification of basic structures in C++ and continue with C++ Objects and Inheritance in binaries and how to represent them in IDA. We will also study work methods and design patterns in C++, practice, fight and untangle deep and modern C++ programs using static and dynamic analysis.
What do you need to follow this workshop ?
The requirements for the class are basic knowledge working in reverse engineering with IDA, and basic knowledge in C++.
Seek and Destroy (or how to find and exploit Windows process killer drivers)
Trainer: Alice Climent-Pommeret (@Hexe)
In this workshop, attendees we will learn together:
- basis of the internal mechanism of the Windows Kernel
- basis of the workflow between user-mode application and kernel-mode software driver
- the anatomy of a Windows software driver
- how to use LOLDrivers to find some juicy drivers (specifically process killer drivers)
- how to analyze them
- how to write a PoC to exploit them
What do you need to follow this workshop?
Hardware/Software prerequisites
- 16 Go of RAM
- 30 Go of free disk space
- Machine with Virtual Box installed (A Virtual Machine will be provided before the worshop).
Knowledge prerequisites
- Basic knowledge on x86 and x86_64 assembly languages.
- Basic knowledge on C.
- Basic knowledge on Windows system.
What is BlackHoodie?
BlackHoodie is a free, women only reverse engineering workshop and community. More information can be found here: https://www.blackhoodie.re/about/
Why women-only?
One qualifies to attend an in-person bootcamp either if born and raised female, or if one identifies as a woman. This concept of women-only has no intention of putting up walls or feeling exclusive. Blackhoodie is about creating space in an industry that’s very competitive. It is a comfortable place, where attendees feel encouraged to grow skills without pressure. We do what we do, not to create women-only bubbles, as contradicting as it might sound, but to enable a minority to enter the security space, learn skills that are otherwise expensive to learn, find their interests and grow a professional network.
And, it works. BlackHoodie alumnae have gone far beyond being successful in the classroom since the workshop series started. They ventured out to start community projects and collaborations, got themselves new jobs in the security industry, went to speak at major security conferences, joined review boards and become influencers in our community. Many went on to mentor others after they had found their spot, came back to BlackHoodie to give trainings on their own or are now conference trainers and teach classes to the community.
Finally, why does the security industry need more women at all? The industry is growing and facing a talent shortage. More importantly, jobs are typically well paid, come with certain privileges, and are challenging and often fulfilling. And we do firmly believe our society as a whole can only benefit from having more women with money, independence and confidence. Likewise, the tech sector has grown in size and influence, and with great power comes great responsibility – responsibility best shared among a diverse body of decision makers.