BlackHoodie at TROOPERS 2022

Reverse Engineering with Frida at TROOPERS in Heidelberg

Guess what, we’re back! COVID had us cancel a number of events in 2020, and we needed to go virtual for 2020 and 2021. Now that we’re slowly going back to crowded spaces, we figured it’s time to go back to the classroom. TROOPERS amazingly offered to host us for two days of BlackHoodie trainings \m/ The dates are approaching fast, and we have very limited capacity.

TL;DR:

What: Class on reverse engineering with Frida (intermediate)

When: June 27th & 28th 2022 - 9:00am-5:15pm

Where: ERNW office in Heidelberg (near main station)

Who: Women

Registration: fill form here, closing on June 19th or when all the seats are taken

Fees: The training and food are free; travel and accommodation is responsibility of attendees

Reverse Engineering with Frida (2 days)

Teachers: Jiska Classen (@naehrdine)

Capacity: 11 seats

Topic: Frida is a dynamic instrumentation framework that allows analysis of programs on various systems, such as Android, iOS, macOS, Linux, and Windows. Leaning how Frida works teaches attendees a powerful reverse-engineering skill, useful for many different projects. The first day of the workshop covers Frida basics. Attendees are provided with Android application crackmes containing predefined tasks to solve. This way, they will learn how to use Frida to modify existing code and observe executed functions in a running program. The second day dives deeper into Android system and application internals, thereby enabling attendees to reverse-engineer real-world software, instrument it for fuzzing, and uncover impactful bugs in mobile applications.

Target audience: Researchers and engineers with basic programming knowledge who want to learn reverse engineering, e.g., for program instrumentation and security analysis.

Key learning objectives:

• Reverse engineering of mobile applications and systems.
• Using Frida tools like function discovery, backtraces, and the Frida Stalker.
• Analysis of closed-source components with Ghidra and jadx.
• Leveraging custom Frida scripts for security research.
• Writing a basic fuzzers.
• Interpreting and symbolicating crash logs.

Requirements:

• Laptop with Android Studio and Android VM, Visual Studio Code, Ghidra, jadx, Python and Frida installed (see https://www.youtube.com/watch?v=FbBrBArjWwk for installation instructions).
• Admin privileges to install further software if needed.
• Exercises were tested on Linux and macOS, but Windows or WSL should work as well.
• Optional: rooted Android phone instead of Android VM.
• Basic programming knowledge in any language (C, JavaScript, or Python preferred).

What is BlackHoodie?

BlackHoodie is a free, women only reverse engineering workshop and community. More information can be found here: https://www.blackhoodie.re/about/

Why women-only?

One qualifies to attend an in-person bootcamp either if born and raised female, or if one identifies as a woman. This concept of women-only has no intention of putting up walls or feeling exclusive. Blackhoodie is about creating space in an industry that’s very competitive. It is a comfortable place, where attendees feel encouraged to grow skills without pressure. We do what we do, not to create women-only bubbles, as contradicting as it might sound, but to enable a minority to enter the security space, learn skills that are otherwise expensive to learn, find their interests and grow a professional network.

And, it works. BlackHoodie alumnae have gone far beyond being successful in the classroom since the workshop series started. They ventured out to start community projects and collaborations, got themselves new jobs in the security industry, went to speak at major security conferences, joined review boards and become influencers in our community. Many went on to mentor others after they had found their spot, came back to BlackHoodie to give trainings on their own or are now conference trainers and teach classes to the community.

Finally, why does the security industry need more women at all? The industry is growing and facing a talent shortage. More importantly, jobs are typically well paid, come with certain privileges, and are challenging and often fulfilling. And we do firmly believe our society as a whole can only benefit from having more women with money, independence and confidence. Likewise, the tech sector has grown in size and influence, and with great power comes great responsibility – responsibility best shared among a diverse body of decision makers.