Blackhoodie at NorthSec 2022
Getting cosy with Malware Static Analysis
Course by Suweera De Souza (@sud0suw)
When: It will be held in two 2 hour sessions on May 19th and 20th and has a cap of 10 participants
Where: NorthSec Conference in Montreal
Registration: Reach out to outreach@nsec.io
Fees: The workshop is free
Course Description
This workshop is intended to show how exploring the world of Windows malware in the “eyes” of static analysis can actually be a really fun thing!
The participants will go over the life cycle of malware, by statically analyzing some real malware and learning how to read and understand the intention behind a piece of code.
Topics that will be covered:
- Understanding the PE file format
- Using disassemblers like Ghidra or IDA
- Recognizing some common malware routines (tricks used to stay persistent, obfuscation, etc)
If time permits, there will be a chance to learn how to use scripts to augment and make the experience of static analysis easier.
Pre-Requisites
- Comfortable with x86 assembly language.
- Comfortable with some programming languages.
- Some knowledge of how a CPU works.
- Machine with VMs installed (instructions will be emailed before the workshop).
About Suweera De Souza
Suweera is an enthusiast when it comes to reversing malware and enjoys diving as deep as the hex bytes allow her to.
Why women only?
The number of female engineers working on complex low level security topics is crushingly low. My past teaching experience shows me, that is not due to lack of interest in challenges, but has to do with aspiring hackerettes sporting impressive anxieties. And I get it, modern day exploitation is an intimidating field, and the fact that this field’s engineers are usually all male, fancy death metal fashion and are offensive by definition, doesn’t help. But, among us, one doesn’t need to be male and death metal to be successful there. The BlackHoodie workshops aim to make complex subjects more tangible and less intimidating for women, in order to get motivated hackerettes started on their security careers. It is not about building walls around a minority, but about creating space, where participants can build confidence, foster shared interests, build connections, and in the end contribute themselves as part of a happier community. It keeps fascinating me how many former BlackHoodies keep sticking around, and do impressive work in several different areas of security.
What is BlackHoodie?
BlackHoodie is a series of free, women only reverse engineering bootcamps, which started in 2015 and since 2018 is supported by a number of spin off events. More information on the idea of BlackHoodie and the upcoming main event can be found at www.blackhoodie.re.