Wednesday, July 1, 2015

BlackHoodie - Reversing Workshop for Women at UAS St. Pölten

In the past year at every other event a girl came up to me, telling me how cool she thinks that is what I do. I’ve had that conversation with each of them, reversing is fun, there are too few women, stuff is scary and hard to learn and good sources of comprehensible knowledge are hard to find. 

Thus, I thought it’d be a good idea to sit down with them and help them get their head around reverse engineering malware. The idea is, we do a workshop on how to take binaries apart. I've been teaching exactly that at UAS St. Pölten in the past, and be happy to do it once again in a women-only class.

Why women only?

Because a girl-to-girl conversation is so much more fruitful than a full classroom with only one or two women hiding in the corners. I've done so many things in my life where I was the *only* girl among X other participants, and I promise I've been hiding in the corners more than once.            

For the gents it might not be that obvious, but it is not easy for young females who haven't yet found their place in life to walk into a class room, a university lecture, an office or a conference room full of men. Who, generally speaking, very often very well seem to know their place.

I've had girls in my classes before, hiding and holding back although I am so certain they would have been capable to be so much better than what their final results showed. So yeah this will be women only, for every female should feel welcomed and encouraged to do her best and get the most out of it.

Why more women in low-level technical jobs in general?
  • It’s difficult. Mastering something difficult makes you happy. I want all of you to be happy.
  • It pays well. While money makes you also happy, what’s more important, it gives you courage and independence.
  • It keeps you busy. Lots of open job positions globally, even better, believe it or not it is addictive and you might even find yourself a new hobby.
  • Online preparation assignments
  • Workshop 5./6. of September at University of Applied Sciences St. Pölten, Austria
  • No fees, no strings attached, all you have to do is get there
  • Please register with your name or nickname and a short note about your background at blackhoodie at 0x1338 .at
  • Being female
  • Computer science background in a sense you understand programming logic, how a processor works and how an operating system works
  • A Notebook capable of running at least one virtual machine
  • A virtual machine, preferred WinXP 32-bit
  • Guts :) (It is going to be a lot to learn in a very short time)


Please register with your name or nickname and a short note about your background at blackhoodie at 0x1338 .at. About two weeks before the event you will be asked for a final confirmation of your participation.

Announcement from University of Applied Sciences St. Pölten

Sunday, April 5, 2015

Mourning The Last SyScan

An ode to the tiny ones *sniff*

There are a number of happenings that crashed my life since the last blog post like.. oh lets say, like an elephant crashing a porcelain store. The malware clan, calling it clan as it is multiple families, so the clan I've been following since last year’s turned out to be most likely nation-statey, believed to be operated by French intelligence. Who would have thought.

Last week I presented on the most interesting furries out of the 'Animal Farm' or Cartoon Malware as I'd rather call it. This presentation was given at SyScan'15 in Singapore, which, for me personally, is something like the mothership of all cons.

I have done a hell lot of conferences the past two years. Now how that happened is a hell lot of stories, but let me tell you, I had a hell lot of fun. Hell. 

Maybe we agree, more than anything else conferences are about the people you meet there. At a small event you get to meet everyone, at least twice, you have to, even if you try to avoid someone. Not that I ever tried that. Usually the conference is happier to have you than the other way round. I've been to big conferences, not naming any, but all of them left me kind of depressed because.. Welcome, hope you learned something, thanks for your money and take a drink on the way out. Sad. This, while most of the small ones only ever made me sad as they had to end at some point. But always with the note 'See you again next year'.

Not SyScan though, not this year. This year's SyScan was the last one, the organizers giving up concurring with an overload of security conferences flooding Singapore. This is a tragedy, for our industry is losing an event with high quality content and an almost scary density of security professionals gathering there. The magic of SyScan is a mix of having been around forever and being badass technical, not simply attracting but creating a crowd of industry rock stars. 

But being selfish as ever it feels more like a personal tragedy for me. SyScan was the very first security conference I have been to two years ago, and it were the people I met there who were the support and inspiration that kept me going ever after. So this year I happened to meet again with the wizard who sparked my interest in reverse engineering, another wizard who kicked my ass to perform my very first conference submission and with the wizard who pushed me to jump over my shadow to research shit I had never heard of before. 

So.. in case you missed it. Today I occasionally turn nation state malware inside out. The con I submitted to back then was Defcon, and guess what, they accepted; and so did lots of others I submitted to later. And if I am not mistaken I got something lying around here like an 0-.... oops I didn't say that. Imagine, how I felt wandering around the holy halls of Singapore’s Swissotel again? 

Needless to say, being accepted as a speaker for SyScan'15 left me mindblown, unable for a while to actually believe this was happening. The last SyScan was the most exciting, funny, awesome, scary and challenging conference ever. I have never been so scared of screwing up as I have been trying to not miss out on a single minute of conference. And tell you what, it was awesome. Two days of no-bullshit talks, fruitful conversations and valuable insights, meeting folks who me and many others are looking up to. I _so_ hope this is not the end of an era, and I so know I’m not the only one with that wish. 

On the way out I heard a whisper about SyScan’16 and, among us, doesn’t that sound like _so_ good?