Blackhoodie at ReCon 2022

Hardware hacking and RE102 at ReCon Montreal

Guess what, we’re back! COVID had us cancel a number of events in 2020, and we needed to go virtual for 2020 and 2021. Now that we’re slowly going back to crowded spaces, we figured it’s time to go back to the classroom. ReCon Montreal amazingly offered to host us for two days of BlackHoodie trainings \m/ What better place to learn about reverse engineering, than at the mother of reverse engineering conferences? The dates are approaching fast, and we have very limited capacity.

TL;DR:

What: classes on hardware hacking and software reverse engineering (intermediate)

When: June 1st & 2nd 2022 - 9am-5pm

Where: Hilton Hotel, 1255 Jeanne Mance St, Montreal

Who: Women

Registration: fill form here, closing on May 25th or when all the seats are taken

COVID: Proof of vaccination will be required to attend, additionally we’ll organize on-site quick testing for attendees

Fees: The workshop is free; food, travel and accommodation is responsibility of attendees


Agenda

Track 1: Introduction to Hardware Hacking (2 days)

Teachers: Morgan Whitlow (@SynapticRewrite) & Emma Benoit (@_kylma)

Capacity: 10 seats

Topic: During these two days of hardware hacking, attendees will get to tear open embedded devices and learn how to tap into them directly in order to bypass security controls, while gaining access to the target operating system in the process. Topics will include common tools and techniques such as using a serial adapter to connect to a device over UART, dumping its firmware and getting a root shell through the bootloader.

Prerequisites: A laptop with USB ports and administrator access. Hardware hacking tools such as logic analyzers and serial adapters will be provided.

Track 2: Reverse Engineering 102 (2 days)

Teachers: Gal Zaban (@0xgalz) & Marion Marschalek (@pinkflawd)

Capacity: 10 seats

Topic: The first day of the training will explain C++ reverse engineering topics including techniques and tools for researching C++ binaries with Gal. We will start with understanding basic C++ objects, how to identify and create their structures in IDA and continue with C++ Inheritance, Virtual Calls and Templates. We will also study work methods for reverse engineering C++, practice, fight and untangle C++ programs using static analysis. On day two, the attendees will explore runtime packers and anti-analysis measures of binaries with Marion. We will start with exploring simple self-modifying code, and eventually look at trickery that software protection usually employs to throw off the analyst.

Prerequisites: A virtual machine of your choice with IDAPro Free installed, basic understanding of x86-64 reverse engineering


What is BlackHoodie?

BlackHoodie is a free, women only reverse engineering workshop and community. More information can be found here: https://www.blackhoodie.re/about/

Why women-only?

One qualifies to attend an in-person bootcamp either if born and raised female, or if one identifies as a woman. This concept of women-only has no intention of putting up walls or feeling exclusive. Blackhoodie is about creating space in an industry that’s very competitive. It is a comfortable place, where attendees feel encouraged to grow skills without pressure. We do what we do, not to create women-only bubbles, as contradicting as it might sound, but to enable a minority to enter the security space, learn skills that are otherwise expensive to learn, find their interests and grow a professional network.

And, it works. BlackHoodie alumnae have gone far beyond being successful in the classroom since the workshop series started. They ventured out to start community projects and collaborations, got themselves new jobs in the security industry, went to speak at major security conferences, joined review boards and become influencers in our community. Many went on to mentor others after they had found their spot, came back to BlackHoodie to give trainings on their own or are now conference trainers and teach classes to the community.

Finally, why does the security industry need more women at all? The industry is growing and facing a talent shortage. More importantly, jobs are typically well paid, come with certain privileges, and are challenging and often fulfilling. And we do firmly believe our society as a whole can only benefit from having more women with money, independence and confidence. Likewise, the tech sector has grown in size and influence, and with great power comes great responsibility – responsibility best shared among a diverse body of decision makers.