Monday, March 18, 2019

BlackHoodie comes back to San Francisco

I promised we’d be back! So here we roll again, BlackHoodie is coming back to San Francisco, this time filling the Google campuses in downtown with a crowd of dedicated hackerettes.
The bootcamp will take place in San Francisco downtown, on April 25th and 26th this year. Just like other BlackHoodie events, the classes will be free, women only, and crazy challenging. And as usual, all we want is your everything ;)
TL;DR facts:
What: Classes on code security, application security, x86, and ARM and Android native reverse engineering
When: April 25th & 26th, 2019; 8.45am - 5pm; 25th 3-5pm networking event  
Where: Google campus, 345 Spear St, San Francisco, CA, 94105, 7th floor
Who: Women
Prerequisites Track 1: Experience in C/C++ development, notebook capable of hosting/running a VM
Prerequisites Track 2: notebook capable of hosting/running a VM
Registration: Use our form :) Registration closes April 5th


We will run 2 sessions in parallel, sporting 1 class per day. Track 1 focuses on C/C++ software security and x86 reverse engineering of Windows malware. Track 2 focuses on web application security and ARM reverse engineering.
Track 1:


Day 1: Bug Hunting for Developers


Teacher: Natashenka, top researcher within Google’s Project Zero.
Topic: students will learn how to find and avoid security problems in C and C++ code.


Prerequisites: This class is targeted towards developers and students who are studying programming. Students who have called malloc in the past year (or can explain why they didn’t) will get the most out of this course.  


Day 2: Intro to x86 Malware Reverse Engineering


Teacher: Bhavna Soman, Security Researcher at Microsoft
Topic: Students will go over the basics of x86 and IDAPro, and use that to analyze real world malware samples (VM set up instructions will be provided beforehand). They will learn common techniques that malware authors use to evade detection and analysis. Finally, they’ll be provided with challenge binaries to test their new RE skillz.


Track 2:
Day 1: A hands-on introduction to Web Application Security


Teacher: Jenna Kallaher and Liza Burakova, security engineers at Google
Topic: Workshop on application security, where attendees will learn to break web applications by exploiting an intentionally vulnerable banking application. The workshop will explore prevalent attacks like XSS, CSRF and logic errors.


Day 2: Intro to Android Reverse Engineering  
Teacher: Maddie Stone, world’s favorite firmware reverse engineer,
Topic: This workshop will teach attendees how to go about reverse engineering Android applications. We’re going to cover both the Java and the native code (ARM) aspects of reversing Android apps for fun and profit. (Hello, Android app VRPs!)
Registration for BlackHoodie Bay Area 2019 will work on a first come first serve basis, through a Google form. You will be able to register until April 5th. Space is limited and folks signing up for track 1, please check the prerequisites for the track 1 classes.
You can only sign up for a track, not for a particular class (keeps our attendee management manageable - individual changes can likely be handled on site).
Finally, please note that we cannot cover travel or housing for attendees. We’ll be able to provide one or another snack though. More details will be communicated prior to the event.
Why women only?
The number of female engineers working on complex low level security topics is crushingly low. My past teaching experience shows me, that is not due to lack of interest in challenges, but has to do with aspiring hackerettes sporting impressive anxieties. And I get it, modern day computer security is an intimidating field, and the fact that this field’s engineers are usually all male, fancy death metal fashion and are offensive by definition, doesn’t help. But, among us, one doesn’t need to be male and death metal to be successful there. The BlackHoodie workshops aim to make complex subjects more tangible and less intimidating for women, in order to get motivated hackerettes started on their security careers. It is not about building walls around a minority, but about creating space, where participants can build confidence, foster shared interests, build connections, and in the end contribute themselves as part of a happier community. It keeps fascinating me how many former BlackHoodies keep sticking around, and do impressive work in several different areas of security.
What is BlackHoodie?
BlackHoodie is a series of free, women only hacker bootcamps, which started in 2015, and since 2018 started going global. BlackHoodie Bay Area is organized in cooperation with Google, and in 2018 was the first BlackHoodie event to be held within the United States. More information on the idea of BlackHoodie and upcoming other events can be found at www.blackhoodie.re.

Wednesday, July 11, 2018

BlackHoodie Bay Area 2018

Years ago I was listening to a talk at the CCC Congress in Hamburg, where a hackerette explained to us how she managed to exploit a Tamagotchi. I was starstruck, at the time I didn't even quite understand what single stepping means. Role models gonna role model, and recently this same hackerette agreed to do an offensive security workshop, along with a number of other awesome women.  The workshop will be held in Mountain View, CA on September 7th and 8th this year. Just like other BlackHoodie events, the event will be free, it will be women only, and it will be crazy challenging.

TL;DR facts:
What: Workshops on offensive security, application security, firmware reverse engineering
When: September 7th & 8th, 2018; 10am - 5pm
Where: Google campus, Mountainview, CA
Who: Women
Prerequisites: Some form of education or solid experience in computer science, but don’t be shy, we welcome security newcomers just as well
Registration: CLOSED since July 16, since we're overfull already :)


Sessions: We will run 3 sessions in parallel, all taught by industry leaders.

Session 1: Introduction to Security Code Review
Teacher:  Natashenka, top researcher within Google's Project Zero.
Topic: Students will learn how  to review C and C++ source code for vulnerabilities

Session 2: Intro to Reversing & Reversing Android Native Code
Teacher: Maddie Stone, world’s favorite firmware reverse engineer.
Topic: Day 1 will be an introduction to reverse engineering. No experience in reversing? Come join us and get some experience! Day 2 we’ll apply the basics we learned in Day 1 to how to reverse native code in Android applications. Students will learn how the Java Native Interface works and how to find the fun stuff hidden in the assembly.  .

Session 3: A hands-on introduction to Web Application Security
Teacher: Niru Ragupathy, red teamer at Google.
Topic: Workshop on application security, where attendees will learn to break web applications by exploiting an intentionally vulnerable banking application. Day 1 will explore prevalent attacks like XSS, CSRF and logic errors. Day 2 will explore more esoteric attacks and allow participants to try and achieve pro status on the fake banking application.             

The workshops will be supported by Amanda Rousseau, Mara Tam, Bhavna Soman, Azeria, Jenna Kallaher and myself.

The Bay Area is full of engineers, even female ones, thus we think to keep registration fair, a lottery is the best option for seat selection. All together, we have plenty of seats; so no worries. 

Finally, please note that we cannot cover travel or housing for attendees. We’ll be able to provide one or another snack though. More details will be communicated prior to the event.


Why women only?
The number of female engineers working on complex low level security topics is crushingly low. My past teaching experience shows me, that is not due to lack of interest in challenges, but has to do with aspiring hackerettes sporting impressive anxieties. And I get it, modern day exploitation is an intimidating field, and the fact that this field’s engineers are usually all male, fancy death metal fashion and are offensive by definition, doesn’t help. But, among us, one doesn’t need to be male and death metal to be successful there. The BlackHoodie workshops aim to make complex subjects more tangible and less intimidating for women, in order to get motivated hackerettes started on their security careers. It is not about building walls around a minority, but about creating space, where participants can build confidence, foster shared interests, build connections, and in the end contribute themselves as part of a happier community. It keeps fascinating me how many former BlackHoodies keep sticking around, and do impressive work in several different areas of security.

What is BlackHoodie?
BlackHoodie is a series of free, women only reverse engineering bootcamps, which started in 2015 and since 2018 is supported by a number of spin off events. BlackHoodie Bay Area is a spin off event, organized in cooperation with Google, and is the first BlackHoodie event to be held within the United States. More information on the idea of BlackHoodie and the upcoming main event can be found at blackhoodie.re.

Friday, July 7, 2017

BlackHoodie #3 - Staring assembly to death

I am happy to announce BlackHoodie #3, a free reverse engineering workshop for women, taking place the 25th and 26th of November in the beautiful city of Luxembourg. :D The first two editions rocked my socks off, quite literally; I got to meet the most stunning crowd of engineers on both occasions.

The workshop will be held at the offices of CIRCL, the Computer Incident Response Center Luxembourg, whose fine people kindly offered space and support. Also, this year there will again be one or two or more travel grants, to be given out to participants who cannot afford the trip on their own. Please note, the grants will be distributed by random selection. I will post more details, as soon as I figured them out :)

Finally, I'm insanely thrilled this will be happening again. I'm looking forward to the next most wonderful workshop, with oh so many inspiring participants, who then walk out and stir up our industry.


Why women only?

Because a girl-to-girl conversation is so much more fruitful than a full classroom with only one or two women hiding in the corners. I've done so many things in my life where I was the only girl among X other participants, and I promise I've been hiding in the corners more than once.

For the gents it might not be that obvious, but it is not easy for young women who haven't yet found their place in life to walk into a class room, a university lecture, an office, or a conference room full of men. Who, generally speaking, often seem to be very comfortable where they are.

I've had girls in my classes before, hiding and holding back. I am certain they would have been capable of so much more than what their final results showed. So yeah, this will be women only, for every female should feel welcomed, and encouraged to do her best, and get the most out of it.


Why do we want to see more women in low-level technical jobs? 

It’s difficult, but mastering something difficult makes you happy. I want all of you to be happy.

Also, it pays well. While money makes you also happy, what’s more important, the cash gives you courage and independence.

It keeps you busy. There are lots of open job positions globally for this kind of work. Better, believe it or not, it is addictively fun, and you might even find yourself a new hobby.


Hardfacts

- There won't be slides, there will be you, and your debugger, only.
- Online preparation assignments, 4 of them, over the course of two months prior to the workshop
- Workshop 25./26. of November at CIRCL offices, Luxembourg
- No fees, no strings attached, all you have to do is get there
- Please register with your name or nickname and a short note about your background at blackhoodie at 0x1338 .at


Prerequisites

- Being female
- Computer science background in a sense you understand programming logic, how a processor works and how an operating system works
- A Notebook capable of running at least one virtual machine
- A virtual machine, preferred WinXP 32-bit
- Guts :) (It is going to be a lot to learn in a very short time)


REGISTRATION:

Please register with your name or nickname and a short note about your background at blackhoodie at 0x1338 .at. About two weeks before the event you will be asked for a final confirmation of your participation. Registration will close by September 3rd, 2017.

Thursday, April 20, 2017

The Mighty Superpowers Of A Well-Established "Us"

Late in 2016 I was honored to deliver a keynote at Hamburgsides, a neat'n'boutique side event of CCC. The talk was titled 'The Magic Superpowers of a well-established "Us"'. Naturally, it was all sparkly fairies and we are hackers expect us hugging the community fuss. Not ;)

A well-established "us" is a team or a group of people who stick together and work together no matter what, who have recognized a shared goal and support one another on the way there. The "us" I have seen on plenty of occasions, it helps CTFers capturing their Fs, it helps incident responders in staying awake for 48 hours, it gets projects done cheaper err quicker I mean, than what the plan was. It is magic.

Last year in November I have witnessed an "us" I had not been aware was there. Indirect base of the Hamburgsides talk is a workshop I organized two years in a row, an event named BlackHoodie. It's a women-only reverse engineering bootcamp, aimed at female engineers who are interested in low-level tech but who are hesitant to jump right at it on their own. The first edition was held at University of Applied Sciences St.Pölten, and in 2016 it was again a 2-day event, this time located at the G Data offices in Bochum, Germany. Believe it or not, 27 attendees made their way, we were 14 nationalities from 5 different continents, with backgrounds in computer science, data science, mathematics, history, applied physics, and, hold your breath, astro physics. We did static RE on an IRCBot, discussed packers and went through some of Upatre's anti-analysis tricks with a debugger.

Under the line, the project is nothing more than two days sitting together talking about a binary. In reality though it is much more. I have failed repeatedly in understanding why the guerrilla-women-RE-bootcamp concept was thus far so successful.

Now, how do I measure success? The magic "us" is a start, but also just a start. The past few years I've been talking so much about women-in-technology, and received many titles for it too; being an advocate and a role model. That’s for some part an honor, for another though, one grows quite tired of being randomly reminded of being -the girl-. But what to do about it – more talking?! Certainly not.

A month ago I went to Troopers conference in Heidelberg, and ran into my workshop homies, four of them. That wasn't planned, just happened. One of them did a remarkable keynote, two presented their security research. Over the past year I saw BlackHoodies at conferences, read papers and blogposts written by them, connected researcherettes over research topics, asked them questions and answered theirs. And that was when I realized, so this is where we are, the workshop is being successful.


XYZ-Only Concepts


Twice a year I do a class of malware reverse engineering at University of Applied Sciencs St. Pölten. It is usually a men-only class. Like with so many of the CTFs, the conference call for papers, the security challenges, the coding challenges, the workshops paid and free, few women dare to sign up. Of course, potential answers for why this is so could fill a book; personally though I believe a major point is that many just don’t feel like they’re supposed to.

I've had a number of controversial conversations, on whether secluding a minority in order to support it makes sense or not. To be honest, I am not 100% sure myself, whether a women-only or given-minority-only approach is in sole favour of said group. There is plenty of arguments which make me assume so - I understand the event as a safe and inviting space, for the present participants to be an inclusive and supportive environment. Countering arguments, are concerns the participants might appear weak or preferred, for receiving protection and special treatment. But what I mean to do by creating space is not building walls; it is just that, creating space. Also I'd like to counter, the workshop is not a tea party, we’re actually working hard, trainer and attendees alike. I make sure everyone is suffering, I promise. Finally, the topics discussed aren't exactly top secret; twinker-twinker ;)

I hope, that with a special invite I can appeal to the very group I want to strengthen, and make them understand that we're having fun; as in, come to the dark side, we got cookies. It is really about evening out opportunities. Equal opportunities mean, that everyone has the same start from the very beginning, which is too often not the case. Because, if you don't feel as comfortable as the person next to you, it is not an equal spot to be in.

Finally, yes, we came to smash patriarchy; except that we didn't. It isn't and has never been an us-against-the-world approach. We sit together and practise, then do amazing things, with confidence. Imagine this like a late-90s garage punk band. No one with dignity ever told THESE to stop, did they.

The Otherness


I asked the (hoodie-dressed) Hamburgsides audience, imagine, you, being the daring hacker that you are, if you were to start work at a real estate agency tomorrow, and had a meeting scheduled with property tycoons, wearing a suit and talking finance, how confident would you feel going in there?


I truly believe so, comfort is a factor. Feeling like belonging somewhere, being accepted, welcomed, having your homies around, that’s what gets humans to engage, speak up and if necessary, fight. Wrestling down the otherness, if one is just bound to stick out, is a thing, and mind you, it is not only about gender. Otherness in tech is not at all a problem of women, not even primarily. I've seen boys who are scared too, plenty of them, then I watched them learn stuff, build confidence, be someone and own their topic. On the way though, they need the very same kind of support. Buddies, role models to measure their own growth, constructive feedback, appreciation for success. In lots of my students, I can see a near-desperate desire to rule a topic, any topic, for exactly these reasons.

While it looks a lot like being a woman at BlackHoodie matters, in reality it is about creating a place where for once it doesn't matter. Not being the alien for once is nice, and makes feeling daring so much easier.

Being Padawan


The security field by itself is very competitive. The whole idea of hacking is a lot about confidence and courage, it is key to walk into the unknown and to then tap in the dark for a considerable amount of time, not giving up. This is a rather toxic prospect for a community that classically lacks self-esteem and ever so often suffers imposter syndrome. I’ve met but so many smarts and smartettes who were very quick in saying "I will never", or who would just not be happy upon hearing '"you're doing great", from me or anyone else. I've literally urged someone to grow a fake-it-til-you-make-it attitude, faking being able to do something she was already good at, just so she'd get over the confidence building a little quicker. I am that evil.

I think there might be solutions to this though, other than tricking the candidates. Our industry, believe it or not, is full of Master Yodas. Skilled individuals, who are happy to offer a helping hand to worthy Padawans, give advice, share experience and push the procrastinators.

But then, how to live up to the Padawan-ing? I'll tell you about my own secret force, what it is that gets me to not analyze malware but to rip it apart, to not write write-ups but testimonies, frequently fat enough so the printout can literally be used in hit-back attacks. It is not curiosity, neither is it nice salaries or, I'll admit, the drive to make the world a better place. I've identified my motivators as anger and fear; anger, that some wouldn't believe that I was able to do what I wanted to do, and fear that I would disappoint others who trusted I was.

A friend once told me that passion wears off, while greed is sustainable. I also think that’s funny, but I personally believe that my greed is limited, while my fear is not. Needless to say, this concept is far from perfect, but it taught me over time what it takes to become a worthy Padawan. It means to pick the challenging and scary tasks, to do things that are too difficult; then sticking to it, making it yours. It means practise, practise and practise more. Stay hungry, stay humble. And in the end, never forget to trust Yoda. A great Yoda told me a short eternity ago that reverse engineering is one part being smart, three parts being able to bear pain. So there's that. Days of failing to eat, sleep and shower, because the assembly in front of you hasn't given up yet.

Building a Community


Frequently individuals come up and ask me how to support the effort. Yes, indeed, plenty of fellow-hackers would be happy to welcome plentiful fellow-hackerettes. So, I came to think, landslides don't change things for the better, but little actions do. Can't really regulate people into happiness, can we? This is why I put together a list of things that help getting more smart imposters into security; and a list of things that are rather in the way.

How to support:


-  give them a smile, be welcoming
-  ask questions about their work, and listen
-  engage in conversations
-  before you explain things, make sure the explanation is needed
-  help folks understand their own achievements
-  push, gently, then support
-  connect other like-minded minds
-  naturally, be a decent human being at all times

On the other side, don’'t ...

-  ask how did you get here, what are you doing here, why did you decide to do $technology
-  ask for a phone number, a date or a place to spend the night
-  assume from the start someone is present because of their significant other
-  assume from the start a third party is responsible for someone’s achievements
-  take over someone else’s tasks
-  intentionally play down someone’s achievements
-  act offensive

It's really not easy to see the world through the eyes of someone else. I've explained to curious questioners so damn often why I decided to work with binaries, that I got to think myself I'm a weirdo. Just sayin.

There lies great potential, right there at the feet of the smart but scared infosec population. Potential, that security teams also desperately need. I have never been in a position where I was responsible for other people's work, can understand though, how such team dynamics turn out complex in practise. If you build a team, of course skill is key, but there is a lot more to it. You'll want people on your team who appreciate feedback, who are hungry. You want the learners, not the know-it-alls, you want the smart folks that manage problems for you, not those who need to be managed themselves. A good friend of mine told me this, in a hotel bar in Vegas - I hire specialists to have them tell me what to do, not the other way around. You'll make your employees specialists by handing them the difficult tasks, not the simple ones.


In a recently published blog post Justine Bone points out how "... we as minorities are not a problem, but an opportunity, and we'd probably find the whole scene more appealing if it were addressed as such". True that. I'm all in for showing what an amazing opportunity we are.

The next BlackHoodie is being planned, will take place this fall or winter, probably in Europe, but that is still to be decided. It will always be free, it will always be hardcore. Lookin forward \m/

Slides for the Hamburgsides keynote can be found here and the recordings of this talk and other Hamburgsides sessions can be viewed here.




Friday, July 29, 2016

BlackHoodie #2 – We roll again :)



Last year I held a free reverse engineering workshop for women, mainly in the not entirely un-selfish interest to see more of them around in the whole security field. More about the motivations, the why's and obstacles and how it turned out you can read up here, here and here. Looking back, I'm super happy with this little project and, leaning out the window a bit further, call it a big success.

That said, I gleefully announce BlackHoodie #2, the next women-only reversing workshop, to take place in Bochum, Germany the weekend of 19th + 20th of November 2016. This edition will be held in cooperation with Katja Hahn, a splendid binary analyst herself, and Priya Chalakkal, an up-and-coming hacker of all things; and comply to the same principles as last year. It will be free of charge, no strings attached, and aim to help femgineers entering a field thats not easily accessible.

Moreover, in a wonderful initiative community members announced their support of this year's edition by covering the travel expenses of a BlackHoodie attendee. The US startup Iperlane and Thomas Dullien aka. Halvar Flake will cover the trip for a lady, who decides to come join the workshop. The lucky attendee will be randomly selected from the group of registered participants.

May there be oh so many participants :) :) So here we go again..

Why women only?

Because a girl-to-girl conversation is so much more fruitful than a full classroom with only one or two women hiding in the corners. I've done so many things in my life where I was the *only* girl among X other participants, and I promise I've been hiding in the corners more than once.

For the gents it might not be that obvious, but it is not easy for young females who haven't yet found their place in life to walk into a class room, a university lecture, an office or a conference room full of men. Who, generally speaking, very often very well seem to know their place.

I've had girls in my classes before, hiding and holding back although I am so certain they would have been capable to be so much better than what their final results showed. So yeah this will be women only, for every female should feel welcomed and encouraged to do her best and get the most out of it.

Why more women in low-level technical jobs in general?
  • It’s difficult. Mastering something difficult makes you happy. I want all of you to be happy.
  • It pays well. While money makes you also happy, what’s more important, it gives you courage and independence.
  • It keeps you busy. Lots of open job positions globally, even better, believe it or not it is addictive and you might even find yourself a new hobby.

Hardfacts
  • Its gonna be Katja, and Priya, and me, and a binary, and you, and plenty of debuggers
  • Online preparation assignments, 4 of them, over the course of two months prior to the workshop
  • Workshop 19./20. of November at G DATA Academy, Bochum Germany
  • No fees, no strings attached, all you have to do is get there
  • Please register with your name or nickname and a short note about your background at blackhoodie at 0x1338 .at

Prerequisites
  • Being female
  • Computer science background in a sense you understand programming logic, how a processor works and how an operating system works
  • A Notebook capable of running at least one virtual machine
  • A virtual machine, preferred WinXP 32-bit
  • Guts :) (It is going to be a lot to learn in a very short time)


REGISTRATION:

Please register with your name or nickname and a short note about your background at blackhoodie at 0x1338 .at. About two weeks before the event you will be asked for a final confirmation of your participation.


Tuesday, June 14, 2016

That thing with rocking harder and the BlackHoodie story

Last year in September I realized an idea that had manifested in my brains quite some months before. I had wanted to do a workshop with a handful of friends. It should have been a weekend, where I spend time on teaching four ladies the thing I do for a living; reverse engineering malware. Those four had come up to me at different hacker events, telling me yo its cool what you do, how can I learn that? This, in general, is great, but trying to explain the how-to-RE in a few sentences is frustrating, at best. So much for the idea; lets meet somewhere, have a fun weekend, and look at a binary, I said.

And this idea, in the end, turned out to be.. a thing. I had planned to write about the workshop long ago, actually right after; then was super busy, postponed, postponed more, thought now is the time, then realised I might just as well wait a bit more and keep watching what happens. And a lot happened.

It was quite flustering, that these girls had come up to me. I've done a lot in my short career, but I'm still very much a student myself. I'm quite sure, almost certain indeed, this isn't directly linked to my mad skills, but rather for I'm someone they weren't afraid to come up to. This could have many reasons, but what I quite frankly believe is the most important one, I'm female. I'm someone they can relate to. It's taken me a while myself to understand what the hell a role model is. I like to believe thats not someone to aspire to, not an individual to adore, but someone that could be you. A person who isn’t outstanding but just normal. Sounds ridiculous? Oh dear. Like three years after I myself had realized debuggers ain't rocket science I'm still asked at every other occasion how I had this funky idea of becoming malware reverser. That.. is ridiculous. Because there shouldn't be any funkiness to this, I'm not a revolutionary, I just like to stare at assembly. For hours.

I frequently wander around tech offices and industry events where I count no more than a handful of women sneaking around the hallways. I say sneaking because lots of us, myself included, do not radiate confidence and determination, but are rather wary, a bit cautious, quite silent. If you're not like very sure of yourself it feels intimidating to walk into a meeting or a lecture full of people who are just different. This nervosity is not primarily a female problem but I'd guess an issue of any minority. But please don't get me wrong, I've never had a bad time at any conference or meetup, also I'm not talking about general fear. The infosec community I know is very welcoming, I've never experienced hostility. But that is also not the point, it doesn't require hostility to feel out of place. Thing is, most of us don't enjoy to feel exotic.

All of this said, I thought its a splendid idea to do that workshop and invite just any woman interested in reverse engineering. This way, I hoped, the binary-affine ladies out there would understand the event is something they’re supposed to attend and feel welcome to join. What it had taken for me to overcome irrational fears of IDAPro was being told that I'm goddamn supposed to use it; might just go and pass that wisdom on. I crafted a blogpost, put it live and then waited.

Truth be told, my expectation was to sit down with the initial four students, +/-2, and was stunned when the registration e-mails came rushing in. By the time we started with workshop preps there were 17 registered participants, 15 of which, no kidding, for real, showed up in person in St. Pölten downtown early September. I was.. speechless. Sou many femgineers <3 The participants were from Switzerland, France, Spain, Germany, Argentina, Israel, Russia and Austria; coming in by train or airplane, lots of them on their own expenses even. This while, St. Pölten isn't quite in the center of all happenings; you know what I mean.

Now, what is it that we actually did. Basically the participants had to complete four assignments before the actual workshop weekend. These assignments included setting up an analysis environment, a virtual machine running Windows XP, and install a number of tools needed for malware analysis tasks. Also up for homework was quite some reading; papers about x86 assembly language, common malware anti-analysis tricks and runtime packers. They had to perform dynamic malware analysis on a Citadel infector within their virtual machine and look at the traces it left with different tools. Finally, they got some exercise binaries to put in a debugger and watch EIP jumping along the execution path. These exercises all together don't teach you how-to-RE. They are meant to help build a base of understanding for malware and binaries, also they provide hints from where to go on after the workshop.

The two days of workshop themselves were meant to be painful. No, really, a weekend to learn RE is either painful, or quite useless. It is a tough subject, even for seasoned information technologists. Thus the goal was to do something that sticks, like, content thats not painful just doesn't stick. So I picked a piece of malware, one that I had worked on before, and made it our workshop content. The binary is a bit more than 20KB big, packed, and if it were a pet it would listen to the name Upatre. I've had fun with Upatre when I was learning reverse engineering, thus I knew its doable for beginners. For the inclined reader, the workshop’s subject of interest is identical to this one here.

The object of interest
When the weekend was over we were somewhere through with the packer and out of all energy. I left the payload as an exercise and called the event a success, for none of the ladies ran away screaming. Two days, 6 to 8 hours each, staring at assembly is dizzying at best, more likely frustrating. Upatre in 2013 came with few, but neat anti-analysis tricks. The protection ‘layer’ is well separated from the decompression and image reconstruction steps. The payload is simple but effective. It was a lot of content and, frankly, I don't expect anyone walked away humming strike, I got it, strike, I got it.

I remember hearing a "cool what you taught them" afterwards. But in reality, I didn't actually teach much. When I myself was working on my first binary I spent a day on a single jumptable. I don't think one can learn to reverse an entire binary within a weekend. But that was also not the goal, much rather I wanted every attendee to understand that binaries don't bite and debuggers ain't built in Hogwarts. The younger me has spent a lot of time hypnotizing tasks, reading books and papers and staring at tools for long, for an unsubstantial fear things would fall apart if I press the wrong button. So the primary news I meant the participants to take home was how to rock'n'roll by getting their hands dirty, whichever field they are working on.

And holy shit they did! We kept in touch after the workshop and I was watching with much amazement as splendid news kept coming in. Now half a year later one of the ladies has taken on her first reverse engineering position with Quarkslab in Paris. One did her first malware research talk at Botconf last year, presenting on botnet analysis, and is going for the next speaking engagement soon; one spoke at RootedCon this year about iOS malware attacking non-jailbroken devices. Two ladies decided to pick up RE as topic for their thesis, one focusing on analyzing threat actor TTPs, one on analyzing the NDIS stack relying on memory images. Finally, an eager participant collected her first CVEs this year by exploiting BMC Logic's BladeLogic Server Automation product, presenting the findings at Troopers conference. Needless to say, among the participants are seasoned engineers, who excel in cryptography, software development, incident response and security management every day. I can't stress enough how happy I am for all their achievements. Once again, just to be clear, I didn't teach them any of this; all I wanted them to do is rock harder :)

And then, one insomnia night early this year, I made the decision to do that again, there will be another BlackHoodie workshop. It will again be free, most likely be located in Germany, will be painful again, lots of fun and a wonderful community exchange. Besides exhausting the weekend was indeed a lot of fun. I'll surely never forget the face of the waiter at the greek restaurant where we had dinner, when he saw 15 women walking in, as I told him we're a hacking workshop :,D

Wednesday, July 1, 2015

BlackHoodie - Reversing Workshop for Women at UAS St. Pölten



In the past year at every other event a girl came up to me, telling me how cool she thinks that is what I do. I’ve had that conversation with each of them, reversing is fun, there are too few women, stuff is scary and hard to learn and good sources of comprehensible knowledge are hard to find. 

Thus, I thought it’d be a good idea to sit down with them and help them get their head around reverse engineering malware. The idea is, we do a workshop on how to take binaries apart. I've been teaching exactly that at UAS St. Pölten in the past, and be happy to do it once again in a women-only class.

Why women only?

Because a girl-to-girl conversation is so much more fruitful than a full classroom with only one or two women hiding in the corners. I've done so many things in my life where I was the *only* girl among X other participants, and I promise I've been hiding in the corners more than once.            

For the gents it might not be that obvious, but it is not easy for young females who haven't yet found their place in life to walk into a class room, a university lecture, an office or a conference room full of men. Who, generally speaking, very often very well seem to know their place.

I've had girls in my classes before, hiding and holding back although I am so certain they would have been capable to be so much better than what their final results showed. So yeah this will be women only, for every female should feel welcomed and encouraged to do her best and get the most out of it.

Why more women in low-level technical jobs in general?
  • It’s difficult. Mastering something difficult makes you happy. I want all of you to be happy.
  • It pays well. While money makes you also happy, what’s more important, it gives you courage and independence.
  • It keeps you busy. Lots of open job positions globally, even better, believe it or not it is addictive and you might even find yourself a new hobby.
Hardfacts?
  • Online preparation assignments
  • Workshop 5./6. of September at University of Applied Sciences St. Pölten, Austria
  • No fees, no strings attached, all you have to do is get there
  • Please register with your name or nickname and a short note about your background at blackhoodie at 0x1338 .at
Prerequisites?
  • Being female
  • Computer science background in a sense you understand programming logic, how a processor works and how an operating system works
  • A Notebook capable of running at least one virtual machine
  • A virtual machine, preferred WinXP 32-bit
  • Guts :) (It is going to be a lot to learn in a very short time)

REGISTRATION: 

Please register with your name or nickname and a short note about your background at blackhoodie at 0x1338 .at. About two weeks before the event you will be asked for a final confirmation of your participation.

Announcement from University of Applied Sciences St. Pölten