Blackhoodie at Grehack 2020 - Virtual


Thursday November 19, 2020 from 9h00 CET to 17h00 CET (this is an indication, agenda may change, you will have more precise information when you register.)




Registration here


Registration is free

Training Topics:

There are 4 tracks happening at the same time, so you have to choose one:

  1. Red vs Blue: Dissecting a killchain from both perspectives
  2. Reverse a malware 101
  3. Introduction to Windows Kernel: Let’s Keylog all the Things!
  4. Webapp pentest 101

Red vs Blue: Dissecting a killchain from both perspectives

Trainers: Emilie Denis and Juliette Chapalain
Level: Beginner friendly

This workshop aims to explain why and how a Red Team engagement is done and how the Blue Team can tune its detection to various common demonstrated techniques. This workshop will be reviewing each step of the beginning of a realistic attack scenario, from the offensive and defensive perspectives.

The hands-on session includes the following steps:

  • Initial access: an example of a spear phishing attack
  • Persistence
  • Auditing and exploiting a vulnerable service to elevate our rights
  • Credential dumping For each of these steps, the attendees will be using sysmon for detection.


  • A Laptop with minimum 4GB of RAM
  • Windows basic knowledge
  • Being familiar in C# and using Visual Studio is a plus

Reverse a malware 101

Trainer: Ponpon (Marion Lafon) from TEHTRIS
Level: Beginner friendly

The workshop will be about a funny ransomware, to understand its behavior we will analyze it through .Net decompilation, reverse it (we will perform some automatization thanks to miasm) and observe it through a debugger to ease the analysis.

Prerequisites :

  • Basic knowledge in programing (be able to write some lines in python)
  • Basic knowledge in assembly (know the notions of registries and instructions on assembly)


  • A Laptop with minimum 4GB of RAM

Introduction to Windows Kernel: Let’s Keylog all the Things!

Trainer: Gaby
Level: Advanced

This workshop allows attendees to take their first steps in kernel debugging as well as introduces them to several important concepts related to OS internals. The content is mainly focused on understanding the interrupts mechanism and how low-level tasks are dispatched from the hardware to specific drivers. For this purpose, we will take the example of the keyboard: by reviewing the different elements involved in key strokes handling, we will show how these components work and communicate between each other. This analysis will then be used to imagine how a kernel keylogger could leverage the internal structures involved in the process in order to sniff keyboard inputs.


  • No previous knowledge in OS internals is required but the attendees should be familiar with reversing and debugging x86_64 asm code.
  • Basic knowledge in C and/or javascript (yup yup!) programing is preferred: depending on the attendees progress we may have the time to implement a basic keylogger and/or some windbg scripts.
  • Being familiar with either windbg or gdb is definitely a plus: we won’t use any graphical debugger so be ready to type a lot of commands. :)
  • A computer able to run at least one Windows 10 VM (2 if the host is on Linux or OSX)
  • Painkillers: let’s get real, this workshop is pretty dense and some brains may fry a lil bit… :-^

Webapp pentest 101

Trainer: Claire
Level: Beginner friendly

The goal of this workshop is to give an overview of what is it like to perform a Web application penetration test. The workshop will include all the most important steps of a WebApp penetration test, including knowing how a Web application is working, exploiting a vulnerability or handling a good penetration test report.


  • A computer able to run a Kali VM
  • Curiosity, because you need a lot of it when doing a penetration test !

What is BlackHoodie?

BlackHoodie is a series of free, women-only reverse engineering bootcamps, which started in 2015 and in 2018 slowly became a global initiative, with events happening in different locations in Europe and the United States. More information on the idea of BlackHoodie and upcoming events can be found at

This edition is the first edition in France, thanks to Grehack for hosting us !