BlackHoodie NorthSec May 2020 - CANCELLED

Blackhoodie Crash Course in Binary Exploitation (CANCELLED)

by Mary Walker (@mairebear)

When: Cancelled

Where: Online

Who: Women, as self-identified (Why? See Blackhoodie about)

Registration: Via Google form We’ll email you to confirm your registration and we’ll have a waitlist if the event fills up.

Fees: The training is free.


In the wake of the Covid-19 situation, the Blackhoodie workshop at NorthSec has been cancelled. However the conference will be free and will happen online on May 14-15, 2020. Stay tuned for the speakers’ announcement and the procedure by following the NorthSec twitter account (@NorthSec_io)


Have you ever wondered how to write an exploit for a piece of vulnerable software? When a program is vulnerable to remote code execution— what does that even mean? What’s a buffer overflow, and why does it matter in the context of information security? This two day workshop aims to shed some light on these topics with a crash course in the wild and weird world of binary exploitation, or taking advantage of a software bug to get a program to do something you, a hacker, want it to.

This course is hands-on, so be prepared to dive right in! I hope you’ll grow to love assembly, debuggers, and the rush of popping a shell from a buffer overflow just as much as I do.

Day 1

On the first day we’ll spend some time understanding what makes this class of vulnerabilities possible and why this still matters in 2020. After just a little bit of background, we’ll start to dive in with some hands on labs. To learn the process of writing simple stack based overflows, we’ll work on both Linux and Windows systems (x86 architecture)— first modifying exploits and eventually writing one from scratch. This means we’ll be getting down into assembly and talking about processor registers, memory management and more.

Day 2

On day two we’ll talk both about mitigations that software and operating systems can employ against these exploits and how we can bypass those protections as attackers. Mitigations discussed (and evaded!) will include ASLR and stack canaries.

What prerequisites should registrants have?

  • Curiosity and willingness to ask questions!
  • Some basic scripting or programming knowledge (any language will do, but we’ll be using python, PowerShell, and bash)
  • A laptop with
    • Virtualization software such as virtual box or VMware (virtual box recommended)
    • USB 3.0 or USB C port
    • Chrome or Firefox
    • Administrator privileges

Who should take this course?

Please note, this is a Blackhoodie workshop– as such, registration is restricted to those identifying [partially or wholly] as female. Who should take this course?

  • Curious people interested in how software bugs can lead to security incidents
  • Beginners interested in understanding program execution at a low level
  • Novice hackers wanting to peek under the cover of how exploits work
  • Novice defenders wanting to understand what goes into exploiting systems they defend
  • This is an introductory course, so if ROP chains are familiar friends this isn’t the workshop for you

About Mary Walker

Mary is a security engineer who works on digital forensics and malware analysis with a focus on all things malware. Her current role is structured to support incident response, and she loves helping defenders keep organizations secure. She writes and tests binary exploit challenges for capture the flag competitions for fun and got her start in security by writing buffer overflows. She has been working in Infosec for just over three years after earning an MS in Cyber Security; she holds an OSCP, GCFA, GREM, and GXPN.

Mary lives in Seattle, WA with her husband along with her German Shepherd and cat. Outside of security, she’s excited about mechanical keyboards, PC gaming, dogs, coffee, and books. Feel free to reach out to her on Twitter - @mairebear.

About BlackHoodie

BlackHoodie is a free, women only reverse engineering workshop. More information can be found here: