We are excited to bring back BlackHoodie at OffensiveCon! We’re offering a 1 day free training for women, by women, at one of the most prestigious security conferences of the year!

Come hang out with us in Berlin to learn the other side of phone hacking. We will learn about Android application exploitation, something we’ve seen become increasingly prevalent in public hacking competitions.

TL;DR:

What: Class on Android Application Exploitation

When: May 14th 2026

Where: Berlin

Who: Women

Registration link: fill form here

Fees: The training is free; travel and accommodation is responsibility of attendees.

Introduction to Android Application Exploitation

Workshop description

Looking at recent Pwn2Own entries targeting Android phones, we’re noticing a shift in approach. Think of Ken Gannon’s chain against the Samsung S24, where he abused default Samsung applications to achieve arbitrary app installation through logic bugs like URL validation bypasses and insufficient signature checks, or Interrupt Labs’ entry against the S25, where they exploited an input validation flaw to access the camera and track the device’s location.

What do these have in common? The researchers analyzed Samsung’s pre-installed applications, decompiling them with tools like JADX, understanding their permissions and inter-process communication, and chaining multiple seemingly low-severity issues into device compromise. This represents a new era, where memory corruption vulnerabilities become more difficult to exploit and researchers turn to logic bugs. In this training, we will learn how to reverse-engineer vulnerable Android applications and exploit them to our advantage.

Trainers

Amel (@mel337__) is a security researcher specialised in mobile security, focused on detecting threats, securing systems and protecting users.

Paula (@pamoutaf) has a background in penetration testing but as a part of her career switch, she has been learning about reverse engineering and binary exploitation. She has recently given trainings at Hexacon 2025 & BSides Limburg 2026.

Who should attend?

Anyone who wants to learn more about hacking Android applications! This workshop won’t require extensive hacking knowledge, however you should be comfortable with using the CLI & basic scripting.

Requirements

Bring your own device ! You don’t need a specific architecture, we will be sending out more information on the infrastructure in communication e-mails. This course is for beginners, but we will be reading/writing some code (reading Java/Kotlin, writing JavaScript).

What is BlackHoodie?

BlackHoodie is a free, women only reverse engineering workshop and community. More information can be found here: https://www.blackhoodie.re/about/

Why women-only?

One qualifies to attend an in-person bootcamp either if born and raised female, or if one identifies as a woman. This concept of women-only has no intention of putting up walls or feeling exclusive. Blackhoodie is about creating space in an industry that’s very competitive. It is a comfortable place, where attendees feel encouraged to grow skills without pressure. We do what we do, not to create women-only bubbles, as contradicting as it might sound, but to enable a minority to enter the security space, learn skills that are otherwise expensive to learn, find their interests and grow a professional network.

And, it works. BlackHoodie alumnae have gone far beyond being successful in the classroom since the workshop series started. They ventured out to start community projects and collaborations, got themselves new jobs in the security industry, went to speak at major security conferences, joined review boards and become influencers in our community. Many went on to mentor others after they had found their spot, came back to BlackHoodie to give trainings on their own or are now conference trainers and teach classes to the community.

Finally, why does the security industry need more women at all? The industry is growing and facing a talent shortage. More importantly, jobs are typically well paid, come with certain privileges, and are challenging and often fulfilling. And we do firmly believe our society as a whole can only benefit from having more women with money, independence and confidence. Likewise, the tech sector has grown in size and influence, and with great power comes great responsibility – responsibility best shared among a diverse body of decision makers.