BlackHoodie at Hexacon 2025
We’re thrilled to announce that Blackhoodie is coming to Paris for Hexacon this fall!
The event will take place over four days, right before the conference.
TL;DR:
What: Class on low-level security topics, introductory and intermediate
When: October 6th to October 9th 2025
Where: Paris, France
Who: Women
Registration link: fill form here
Fees: The training and food are free; travel and accommodation is responsibility of attendees.
We are thrilled to announce that thanks to Hexacon awesome team, we’ll be hosting 4 workshops at Espace Vinci in Paris. The event will take place over four days, right before the conference. And for the icing on the cake, some badass trainers answered our call to share their knowledge and their skills:
- Sonia will introduce the attendees to the fantastic world of Linux Memory Forensic
- Paula will share her pentesting skills in the Introduction to Web Application Security and also have you discover the wonders of Mobile Application Security.
- Jiska will present you awesome tips and tools to tackle iOS binaries in her workshop;
Introduction to Linux Memory Forensics - Monday October 6th - Sonia
Trainer
Sonia is a Software Engineer with a passion for Digital Forensics and CTFs
Workshop description
What happens in memory, stays in memory! In this beginner workshop, we’ll take our first steps into the fascinating world of Linux Memory Forensics 😊.
This session will introduce the fundamentals of volatile memory, Linux memory management, with a touch on memory acquisition. We will then discover how to investigate memory artefacts and uncover traces of malicious behaviour through a simulated ransomware attack, from identifying suspicious processes and carving out binaries to recovering encryption keys from memory.
We will mostly use the Volatility framework, but this workshop will go beyond a simple command-line tutorial to explore the underlying principles: what are Volatility profiles and why do we need them, what are some interesting artefacts to look for, what do I do when there is no command for what I am looking for, where do I even start looking, etc.
Who should attend?
Anyone who wants to learn more about digital forensics! This workshop won’t require extensive hacking knowledge, however knowing a bit about Linux will help.
Requirements
A laptop capable of running a virtual machine (or a native Linux environment), and a few gigabytes of free disk space (a memory dump can be quite heavy!). We might do a little bit of Python too! The VM will contain all the tools needed for the workshop. If you choose to use your own Linux environment instead, a setup guide will be provided.
Introduction to Web Application Security (Pentesting) - Tuesday October 7th - Paula
Trainer
Paula (pamoutaf) has been doing penetration testing at a Big 4 for the past 3.5 years. During that time she performed tests for clients in the private and public sector, testing Web Applications, Mobile Applications, Cloud security and infrastructure.
Workshop description
This is a beginner-level workshop where you’ll learn the basics of web application security and how attackers find and exploit vulnerabilities. We’ll cover how to conduct a penetration test on a web application, but the focus will be on understanding the most common web application vulnerabilities, how they work, how to exploit them, and how to prevent them.
What you will learn
You’ll learn how to use essential tools like Burp Suite (Community) for intercepting and modifying web requests, how to write custom scripts for exploitation, and how to use open-source tools to help you find weaknesses in web applications. By the end of this workshop, you will: • Understand the main web application vulnerabilities. • Learn how to exploit common vulnerabilities. • Be able to test your own applications for security flaws. • Learn how to secure them.
Prerequisites
This is a practical, hands-on workshop designed for people who are new to application security, no prior hacking experience needed. However, we will do a little bit of scripting so basic Python knowledge is helpful. Also, please make sure you install Docker and BurpSuite Community or Caido.
Introduction to Mobile Application Security (Pentesting) - Wednesday October 8th - Paula
Trainer
Paula (pamoutaf) has been doing penetration testing at a Big 4 for the past 3.5 years. During that time she performed tests for clients in the private and public sector, testing Web Applications, Mobile Applications, Cloud security and infrastructure.
Workshop description
Following the previous Web App security testing workshop, in this workshop we will learn how to pentest Mobile Applications. We’ll cover how to retrieve APKs (android mobile apps), understand what they are and how they work, and use tools to perform static & dynamic analysis. We’ll also look at what kind of sensitive information to search for in the code and how to identify common security issues. In addition, we’ll explore how mobile apps communicate with back-end services, how to intercept and analyze this traffic using tools like Burp Suite, and how to bypass common protections such as certificate pinning or root detection.
What you will learn
By the end of this workshop, you will: • How to set-up a virtual device for testing • How Android applications work. • Learn Static & Dynamic analysis techniques • Understand security mitigations and how to bypass them
Prerequisites
This is a practical, hands-on workshop designed for people who are new to application security, no prior hacking experience needed. Please install Android Studio before the workshop to emulate Android devices. Python / JS Scripting.
iOS Reverse Engineering 101 - Thursday October 9th - Jiska
Trainer
Jiska Classen is a wireless and mobile security researcher and research group leader. The intersection of these topics means that she digs into iOS internals, reverse engineers wireless firmware, and analyzes proprietary protocols. Her practical work on public Bluetooth security analysis tooling uncovered remote code execution and cryptographic flaws in billions of mobile devices. She also likes to work on obscure and upcoming wireless technologies, for example, she recently uncovered vulnerabilities in Ultra-wideband distance measurement and reverse engineered Apple’s AirTag communication protocol. She has previously spoken at Black Hat USA, DEF CON, RECon, hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmier Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and trainings, and published at prestigious academic venues.
Workshop description
This 1-day workshop will equip you with a toolbox of indispensable techniques and methods for diving into the world of hacking apps on Apple’s mobile devices. We will cover all basics to get beginner reverse-engineers started. The course material of this workshop is always kept up to date with the latest version of iOS – so you’ll even learn about features introduced as of iOS 26!
After getting started with static reverse engineering and dynamic testing iOS apps using Ghidra and Frida, we’ll pivot to challenges posed by programs written in Objective-C. We’ll be using Frida to trace control flow, find interesting code paths and manipulate data.
The workshop will include hands-on exercises on physical iOS devices. Advanced iOS app internals are conveyed by breaking them down into small, easily comprehensible chunks and exercises building up on each other to form a general understanding of iOS concepts. Students will be guided through using free and open-source reverse-engineering software and frameworks (such as Ghidra and Frida) to understand the internals and perform security testing of closed-source apps. Students will be provided with slides, exercises, solutions including custom tooling, and cheat sheets to follow along the workshop.
iOS App Reverse Engineering 101
Learning objectives:
At the end of this workshop, students will have the understanding and means to perform basic static and dynamic reverse-engineering of iOS apps to identify and trace the execution of interesting functions, and write scripts to exercise the corresponding code-paths.
Topic overview:
- Apple’s public documentation and source code, public frameworks, and private frameworks.
- Attack surface and threat modeling: How to approach an App from a security point of view.
- The Apple App Store security model: Code signing, App Review, Entitlements, the iOS sandbox, and TCC.
- The internal structure of an iOS application: metadata and resources in Application Bundles, third-party frameworks, AppExtensions, and Mach-O internals, FairPlay DRM & decrypting iOS Apps.
- Static analysis: Introduction to Ghidra, navigating through larger binaries, and Objective-C calling conventions.
- Dynamic Analysis with Frida: Initial approaches using frida-trace, combining static and dynamic analysis, writing stand-alone Frida scripts, hooking functions.
- Calling functions with malicious input to trigger potential security issues in closed-source apps.
- Analysis of a crash log for triage and bug fixing.
Who should attend?
This workshop is aimed at anyone interested in mobile app security, including up and coming pen testers, security or vulnerability researchers, or app developers.
Prerequisites
- Basic programming knowledge, ideally one of the following programming languages: Python, JavaScript, C/C++, Objective-C/Swift.
- Optional: Mobile app development background.
What attendees should bring
Students will need to use a laptop capable of running a virtual machine with internet connectivity, USB pass-through, 16GB of RAM, and 40GB of free disk space. On Windows, the VM is required - tools are also available natively on Linux and macOS.
What attendees will be provided with
As this is a hands-on iOS workshop, attendees will be borrowed a physical iPhone or iPad for the exercises! We will be providing a (x86_64 and Apple Silicon) virtual machine image with all required tooling. Students will get access to all workshop materials, including slides, exercises, solutions including custom tooling, and cheat sheets.
What is BlackHoodie?
BlackHoodie is a free, women only reverse engineering workshop and community. More information can be found here: https://www.blackhoodie.re/about/
Why women-only?
One qualifies to attend an in-person bootcamp either if born and raised female, or if one identifies as a woman. This concept of women-only has no intention of putting up walls or feeling exclusive. Blackhoodie is about creating space in an industry that’s very competitive. It is a comfortable place, where attendees feel encouraged to grow skills without pressure. We do what we do, not to create women-only bubbles, as contradicting as it might sound, but to enable a minority to enter the security space, learn skills that are otherwise expensive to learn, find their interests and grow a professional network.
And, it works. BlackHoodie alumnae have gone far beyond being successful in the classroom since the workshop series started. They ventured out to start community projects and collaborations, got themselves new jobs in the security industry, went to speak at major security conferences, joined review boards and become influencers in our community. Many went on to mentor others after they had found their spot, came back to BlackHoodie to give trainings on their own or are now conference trainers and teach classes to the community.
Finally, why does the security industry need more women at all? The industry is growing and facing a talent shortage. More importantly, jobs are typically well paid, come with certain privileges, and are challenging and often fulfilling. And we do firmly believe our society as a whole can only benefit from having more women with money, independence and confidence. Likewise, the tech sector has grown in size and influence, and with great power comes great responsibility – responsibility best shared among a diverse body of decision makers.