Blackhoodie @Troopers Conference 2025

Guess what, we’re back again! TROOPERS kindly offered to host us for two days of BlackHoodie trainings \m/, like last year with two tracks. The dates are approaching fast, and we have very limited capacity.

Don’t forget: All Blackhoodie students have the opportunity to submit a Student Letter for a chance to get a free ticket to the Troopers Conference. Just send your letter to blackhoodie@troopers.de. See you very soon in Heidelberg!

TL;DR:

What:

• Day 1: Malware Analysis & OSINT by Cora and Anso, from @openfacto
• Day 2: Cryptography Reverse Engineering by Caroline Leman (@Caro)

When: June 23rd and 24th, 2025

Where: Heidelberg, Germany

Who: Women

Registration: fill form here, closing when all the seats are taken

Fees: The workshop is free; travel and accommodation is responsibility of attendees!

Agenda

Day 1: Malware Analysis & OSINT (Open Source INTelligence)

An introduction to Windows malware analysis and OSINT, or how to dig through a malware to track down the cyber vilains behind it

Trainers: Cora and Anso, from @openfacto

Topic: Join us for a thrilling workshop where you’ll learn the basics of Windows malware analysis, OSINT and CTI, by extracting interesting information from a malware and using it to track down cybercriminals.

Ever wondered how people could make malicious binaries talk? Or how from a single string in a code an analyst could find its developer’s favorite music band? We bring you the best of two worlds, malware analysis and OSINT, in this introduction workshop.

By using some basic malware analysis techniques, you’ll be able to easily extract interesting information from a malware and its functionalities. With OSINT methods, you’ll find how to use the information found in the malware to pivot on data from websites, social networks, and media to extract hidden or forgotten information on your target.

With this one-day workshop, you won’t become an expert in both fields, but you’ll have the opportunity to better understand how they work and discover how they can interact with each other.

Target audience: Curious people from all backgrounds, who want to learn the basics of malware analysis and OSINT in the context of Cyber Threat Intelligence investigations.

Key learning objectives:

• learn the basics of malware analysis;
• learn what OSINT is and is not;
• get a glimpse at CTI, main threat actor types and how the cybercriminal ecosystem works;
• try out quick wins for Windows malware analysis by examining its strings, the PE header, imported Windows API functions, and by recognizing some common cryptographic algorithms without having to understand all the assembly code;
• study basic pivots based on personal information such as email addresses, pseudonyms, pictures,… as well as technical data like IP addresses and domain names.

Requirements:

• know how to install a plugin on firefox/chromium;
• know how to install and use a virtual machine (specifications and tutorials will be sent at a later date);
• basic knowledge on algorithmics;
• know how to download a tool from GitHub and run a program from a terminal.

Day 2: Cryptography Reverse engineering

Trainer: Caroline Leman (@Caro)

Topic: In this hands-on workshop, you will be facing a variety of encryption binary. Your mission, if you accept it, will be to code in Python a corresponding decryptor.

We are going to discover some cryptographic algorithm implementation (including RC4, AES, Salsa20 and Chacha20), some hashing function (including MD5, SHA-1 and SHA256). If you don’t know these algorithms, then this workshop is for you 🙂

The goal of this workshop is to give you some experience in:

• Recognizing the type of algorithm
• Extract the useful info like the key for example
• Implement using Python a “decryptor” with the info we extracted

What do you need to follow this workshop?

• Basics of x86 disassembly, you can follow this online training by Marion Part1 Part2 Part3 Part4
• A lot of curiosity !
• A laptop with a linux system or a windows machine with a linux virtualmachine kali virtual machines
• Mathematical background will not be useful here

What is BlackHoodie?

BlackHoodie is a free, women only reverse engineering workshop and community. More information can be found here: https://www.blackhoodie.re/about/

Why women-only?

One qualifies to attend an in-person bootcamp either if born and raised female, or if one identifies as a woman. This concept of women-only has no intention of putting up walls or feeling exclusive. Blackhoodie is about creating space in an industry that’s very competitive. It is a comfortable place, where attendees feel encouraged to grow skills without pressure. We do what we do, not to create women-only bubbles, as contradicting as it might sound, but to enable a minority to enter the security space, learn skills that are otherwise expensive to learn, find their interests and grow a professional network.

And, it works. BlackHoodie alumnae have gone far beyond being successful in the classroom since the workshop series started. They ventured out to start community projects and collaborations, got themselves new jobs in the security industry, went to speak at major security conferences, joined review boards and become influencers in our community. Many went on to mentor others after they had found their spot, came back to BlackHoodie to give trainings on their own or are now conference trainers and teach classes to the community.

Finally, why does the security industry need more women at all? The industry is growing and facing a talent shortage. More importantly, jobs are typically well paid, come with certain privileges, and are challenging and often fulfilling. And we do firmly believe our society as a whole can only benefit from having more women with money, independence and confidence. Likewise, the tech sector has grown in size and influence, and with great power comes great responsibility – responsibility best shared among a diverse body of decision makers.