Blackhoodie @ Troopers Conference 2026

We’re excited to be back! Once again, TROOPERS is hosting us for two days of BlackHoodie trainings.

The event is coming up fast, and capacity is limited, so make sure to secure your spot soon.

Also, a quick reminder: BlackHoodie students can submit a Student Letter for a chance to win a free ticket to the TROOPERS conference. Just send your letter to blackhoodie@troopers.de. All BlackHoodie attendees can also get a discount on the TROOPERS ticket as a BlackHoodie attendee. Just reach out to us via blackhoodie@troopers.de mail, if you are interested.

TL;DR:

What:

  • Day 1: Breaking Down Android Apps, Malware and Beyond by Geethna TK
  • Day 2: IoT Firmware Reverse Engineering by Jiska Classen

When: June 22nd and 23rd, 2026

Where: Heidelberg, Germany

Who: Women

Registration: fill form here. Registration closes when all seats are taken. Don’t be afraid to join the waiting list, past experience shows that you may still get a seat.

Fees: The workshop is free; travel and accommodation is responsibility of attendees!

Agenda

Day 1: Breaking Down Android Apps, Malware and Beyond

Topic:

Android apps aren’t always what they seem.

This beginner-friendly, hands-on workshop introduces participants to the fundamentals of Android reverse engineering and malware analysis. Using tools like apktool, jd-gui, Android Studio, and adb, attendees will learn how to dissect APKs, understand app internals, and uncover hidden behaviors. Beyond traditional malware, the workshop also explores a growing class of real-world threats: commercial spyware (stalkerware). These apps often appear legitimate—marketed for parental control or monitoring—but can be repurposed for covert surveillance. Through guided analysis, participants will learn how to identify suspicious patterns, excessive permissions, and hidden functionality that signal intrusive behavior. By the end of the session, attendees will not only understand how Android apps work under the hood, but also how to critically analyze them from a security perspective.

Trainer:

Geethna TK is a cybersecurity professional with a strong background in System and application security. Currently serving as a Security Analyst at Google, Geethna has demonstrated expertise in Web, Binary, and Mobile app attacks. Currently working on Infrastructure Security.

Key workshop takeaways:

  • Build a strong foundation in APK structure and Android internals
  • Gain hands-on experience with reversing tools and workflows
  • Learn how to analyze application behavior through static analysis
  • Understand the attack surface of Android applications
  • Identify patterns in malware and surveillance-oriented apps (stalkerware)
  • Develop a security mindset for evaluating mobile applications

Prerequisites:

  • Familiarity with working in either Linux/Windows OS/MacOS.
  • Familiarity with these languages is a good to have but not mandatory:
    • Java
    • Python Programming
  • The setup and all the files/tools required for the workshop will be hosted on drive/github and shared.

Requirements:

  • At least 40GB of free disk space
  • At least 8GB of RAM
  • A laptop with administrative privileges

Day 2: IoT Firmware Reverse Engineering

Topic:

In this beginner-friendly training, you’ll look into the firmware of an IoT device and take it apart! The training introduces the fundamentals of analyzing embedded firmware using the Raspberry Pi Pico 2 W as a target platform. You will explore how compiled firmware looks compared to source code, and how to extract meaningful information from it.

Through a series of hands-on exercises, you will analyze, flash, debug, and emulate firmware. Along the way, you will uncover hidden functionality and flags, gaining practical insight into both static and dynamic analysis techniques for IoT devices.

This training teaches the essential methods and tools required to analyze embedded firmware, providing a foundation for IoT security research and hardware-oriented reverse engineering.

Trainer:

Jiska Classen is a wireless and mobile security researcher, leading a research group at Hasso Plattner Institute. The intersection of her research topics means that she digs into iOS internals, reverse engineers wireless firmware, and analyzes proprietary protocols. Her research includes the security analysis of widely deployed IoT devices such as Fitbit fitness trackers, Apple AirTags, and Neato vacuum cleaning robots.

She has previously spoken at Black Hat USA, DEF CON, RECon, Hardwear.io, Chaos Communication Congress, Chaos Communication Camp, Gulasch Programmer Nacht, MRMCDs, Easterhegg, Troopers, Pass the Salt, NotPinkCon, gave various lectures and training, and published at prestigious academic venues. Jiska Classen gave iOS and Android security trainings at TROOPERS, Nullcon, RE//verse, Countermeasure, and Objective by the Sea, and has teaching experience from creating own lectures and labs in academic settings.

Topic Overview:

  • Introduction to embedded firmware and the Raspberry Pi Pico 2 W platform.
  • Static analysis of Pico firmware using tools such as Ghidra and IDA.
  • Flashing custom firmware onto a Raspberry Pi Pico 2 W.
  • Debugging firmware using a second Pico for dynamic analysis.
  • Manipulating control flow during debugging to trigger hidden functionality.
  • Introduction to firmware emulation using Unicorn/QEMU.
  • Partial emulation of firmware without any hardware.

Training Prerequisites:

  • Basic programming knowledge, ideally C/C++, but other languages will work as a base as well.
  • Basic familiarity with command line tools.
  • No prior embedded or hardware experience required.

What to Bring:

  • Laptop (Windows/Linux/macOS) with at least 8GB of RAM that can run Visual Studio Code with the Raspberry Pi Pico extension.
  • Internet connection and permissions to install additional software.
  • We will provide you with a Pico 2 W throughout the training, so no other hardware to bring from your side :)

Who should attend?

This training is aimed at anyone interested in firmware and IoT security, including up and coming pen testers, security or vulnerability researchers, or IoT device developers.

What is BlackHoodie?

BlackHoodie is a free, women only reverse engineering workshop and community. More information can be found here: https://www.blackhoodie.re/about/

Why women-only?

One qualifies to attend an in-person bootcamp either if born and raised female, or if one identifies as a woman. This concept of women-only has no intention of putting up walls or feeling exclusive. Blackhoodie is about creating space in an industry that’s very competitive. It is a comfortable place, where attendees feel encouraged to grow skills without pressure. We do what we do, not to create women-only bubbles, as contradicting as it might sound, but to enable a minority to enter the security space, learn skills that are otherwise expensive to learn, find their interests and grow a professional network.

And, it works. BlackHoodie alumnae have gone far beyond being successful in the classroom since the workshop series started. They ventured out to start community projects and collaborations, got themselves new jobs in the security industry, went to speak at major security conferences, joined review boards and become influencers in our community. Many went on to mentor others after they had found their spot, came back to BlackHoodie to give trainings on their own or are now conference trainers and teach classes to the community.

Finally, why does the security industry need more women at all? The industry is growing and facing a talent shortage. More importantly, jobs are typically well paid, come with certain privileges, and are challenging and often fulfilling. And we do firmly believe our society as a whole can only benefit from having more women with money, independence and confidence. Likewise, the tech sector has grown in size and influence, and with great power comes great responsibility – responsibility best shared among a diverse body of decision makers.