Blackhoodie Seattle 2023
Malware, Incident Response, Side Channels
On June 22nd & 23rd Leviathan Security Group will host BlackHoodie Seattle, our biggest BlackHoodie event coming back since the start of the pandemic. We’ll be hosting 4 classes over two days, discussion groups and a lot of networking opportunities. We are stupid excited to get back into the classroom with friends we haven’t seen in years, and plenty of new faces we yet need to get to know. Trainings will be held by Thaís Moreira Hamasaki, Bhavna Soman, Supriya M Gowda, and Marion Marschalek, and we’ll cover malware analysis topics, side-channel attacks, and incident response including cloud incidents. Come meet us in Seattle in June, Leviathan offices are spacious and comfy and the trainings will be so much fun <3
TL;DR:
What: class on low-level security topics, introductory and intermediate
When: June 22 & 23 2023 - 9am-5pm
Where: Leviathan Offices 2925 1st Ave S, Seattle, WA 98134
Who: Women
Registration: fill form here
Fees: The trainings are free; food, travel and hotel is responsibility of attendees
COVID: We want everyone to feel comfortable; masks and testing prior to the event are encouraged yet not required. Masks and tests will be provided.
Agenda
Day 1 June 22nd
Track 1: A Lady’s Illustrated Primer to ELF Malware Analysis
Trainer: Bhavna Soman (@bsoman3), Security Research/Machine Learning, AWS Security
Topic: We will build up to reversing some new ELF malware. On the way we may discuss the structure of ELF binaries, C pointers, threads/processes, syscalls etc. We will also learn some tools (as necessary) like radare2, Ghidra, and others and use them in our process. If time permits, we will play with “cloud” malware.
Good to have: Some knowledge of coding in C, basics of CPU architecture, VM (set up instructions will be provided)
Track 2: Incident Response with a Splash of Cloud
Trainer: Supriya Gowda (@supg0x80), Security Engineer ll (DFIR), Amazon
Topic: This class will be an introduction to incident investigations in theory and practice, including a primer on cloud security and cloud forensic investigations.
Day 2 June 23rd
Track 1: Binary Unpacking in a Nutshell
Trainer: Marion Marschalek (@pinkflawd), Senior Security Engineer, AWS Security
Topic: Runtime packers are considered a big hindrance in malware analysis, however in reality there are a few neat tricks that help defeat almost any packer. In a very hands-on class students will learn the concept of self-modifying code and basics of malware anti-analysis tricks.
Good to have: Basics of binary reverse engineering, Windows virtual machine or cloud instance; non-malware exercises can be done on host as well
Track 2: Speculative CPU Shenanigans
Trainer: Thaís Moreira Hamasaki (@barbieauglend) , Offensive Security Researcher, Intel STORM
Topic: In this workshop we will deep-dive into security from the CPU perspective. We will learn about Spectre, Meltdown, and other side-channel attacks exploiting speculative/transient execution. We will learn how to use timing (side-channel) attacks to infer information otherwise not reachable to us. It is going to be very hands-on, no slides, no fancy diagrams, not much of a GUI - it’s going to be you, a text editor, a shell, and me (speculatively) having lots of fun!
Good to have: Fundamentals of modern computer architecture, coding in C and x86 assembly
What is BlackHoodie?
BlackHoodie is a free, women only reverse engineering workshop and community. More information can be found here: https://www.blackhoodie.re/about/
Why women-only?
One qualifies to attend an in-person bootcamp either if born and raised female, or if one identifies as a woman. This concept of women-only has no intention of putting up walls or feeling exclusive. Blackhoodie is about creating space in an industry that’s very competitive. It is a comfortable place, where attendees feel encouraged to grow skills without pressure. We do what we do, not to create women-only bubbles, as contradicting as it might sound, but to enable a minority to enter the security space, learn skills that are otherwise expensive to learn, find their interests and grow a professional network.
And, it works. BlackHoodie alumnae have gone far beyond being successful in the classroom since the workshop series started. They ventured out to start community projects and collaborations, got themselves new jobs in the security industry, went to speak at major security conferences, joined review boards and became influencers in our community. Many went on to mentor others after they had found their spot, came back to BlackHoodie to give trainings on their own or are now conference trainers and teach classes to the community.
Finally, why does the security industry need more women at all? The industry is growing and facing a talent shortage. More importantly, jobs are typically well paid, come with certain privileges, and are challenging and often fulfilling. And we do firmly believe our society as a whole can only benefit from having more women with money, independence and confidence. Likewise, the tech sector has grown in size and influence, and with great power comes great responsibility – responsibility best shared among a diverse body of decision makers.