Blackhoodie @ HackLu announcements

You already knew we had a master plan to come back to Luxembourg. You asked for it, we heard and we know you are pressing F5 like crazy to check what we have for you this time! So here it is! We are finally publishing the agenda for yet another Blackhoodie event in 2019.

Hard facts can be found here and if you want to join us, please register to your favorite track using our form.

Track 1:

Offensive Security 101

Teacher: Valentine M., ethical hacker for application and infrastructure pentesting, KPN - Royal Dutch Telekom

Topic: An advanced introduction to Offensive Security. This includes offensive security principles, some hacking demos, and common techniques on how to break into things.

Prerequisites: some web application, coding, and Unix knowledge.

Windows pwning

Teacher: Essy

Topic: Congrats, you’ve made it, after some exploit shenanigans you’ve got your first foothold on a Windows client at Kitty Corporation. Now what? Where to go from here? Where am I? Who am I? Who can I (pretend to) be? And what can I do? We’ll explore some tools and techniques that help us try to answer those questions. This is going to be a starter workshop to get a first feeling on how to have fun with (domain joined) Windows systems. We’ll be focusing on the basic concepts of a Windows based infrastructure that you’ll usually find in corporate environments. This will include authentication protocols and weaknesses as well as tools that let’s you have fun in those infrastructures.

Prerequisites: Ability to run 2 Windows based VMs at the same time (>=8GB RAM, >=60GB free disk space). That’s it, detailed knowledge of Windows is not required to attend the training, we’ll start with the basics and explore this playground together. I’ll provide you with information & scripts how to setup the lab beforehand.

Track 2:

Writing Open-Source Detection for Android Stalkerware

Teacher: Joanne Kim, Research Engineer, Talos Intellingence, gardener and learner of new and old languages

Topic: I will guide the attendees on how to find, reverse, and write Snort rules and ClamAV signatures for Android stalkerware samples. With the exception of VirusTotal Intelligence, this workshop relies on open source tools and programs, like jd-gui and dex2jar, to reverse these APKs. These apps are rarely obfuscated and insecure, making reversing and writing coverage simple for newcomers to reversing Android malware and writing Snort and ClamAV signatures.

Windows EDR 101

Teachers: Dana Baril, Security Software Engineer, Microsoft Defender ATP & Noa Bratman, Software Engineer, Microsoft Defender ATP

We would like to provide a glimpse to a day in the blue team. In the beginning, we will explain the idea behind EDR in general, and share implementation concepts. In the end of this part you will practice code writing for EDR features. In the second part, we will discuss malware analysis using EDR data and together you will run an exercise of data analysis, hunting malicious activity.

Java Web Application Secure Coding

Teacher: Eva Szilagyi, IT Security Consultant, Alzette Information Security

Topic: Context-dependent output encoding? Prepared statement with bind variables? Disable external entity resolution? Storing passwords in salted hash format? If you are involved in Java development, you should join this workshop and see, why these are important from a security perspective! This workshop is meant for developers and security professionals alike. It is delivered by an information security professional with the purpose of demystifying web application secure coding.

Prerequisites: A laptop with at least 8 GB of RAM and 40-50 GB of free disk space, VMware Workstation, VMware Fusion or VMware Player installed.

Track 3:

Linux Device Drivers and Loadable Kernel Modules for Offensive and Defensive Purposes

Teachers: Dalila Lima & Anna-Lena

Topic: This workshop intends to dive into the world of hardware devices, how they and their drivers work and how this is interesting to know for both offensive and defensive security purposes. Attendees will be able to write a rootkit keylogger Linux Loadable Kernel Module and experiment with it inside a VM. If you have ever wondered what happens whenever you press a key in your keyboard, move your mouse or even how you can see everything that appears in your screen and are curious to understand how attackers can use that to their own benefit, this workshop is for you.

Prerequisites: a laptops with VMware or Virtual Box. Virtual machine image will be provided before the workshop date.

Scripting the reverse of a malware using Miasm

Teacher: Caroline Leman, Security Research Engineer, CEA DAM, focus on RE and log analysis.

Topic: I am going to introduce concepts which can be generalized to other reverse-engineering tools. We will study 2 samples that focuses each on different aspect of reverse engineering analysis. We will study: dependency analysis, emulation, ida scripting (for auto commenting code).

Prerequisites: a basic knowledge of x86 assembly, things like ABI, calling conventions and so on.

Please notice that the registration will be worked on FIFO basis and the space is limited. Be sure you check the prerequisites for the workshops before signing in, as you can only sign for a track and not for a single class.

The conference day will be on Monday and the schedule for it can also be found if you just scroll down for some seconds :)

Also, please note that we cannot cover travel or accommodation for attendees. We’ll be able to provide one or another snack though. More details will be communicated prior to the event.

What is BlackHoodie?

BlackHoodie is a series of free, women only hacker bootcamps, which started in 2015, and since 2018 started going global. BlackHoodie Bay Area is organized in cooperation with Google, and in 2018 was the first BlackHoodie event to be held within the United States. More information on the idea of BlackHoodie and upcoming other events can be found at

Why women only?

The number of female engineers working on complex low level security topics is crushingly low. My past teaching experience shows me, that is not due to lack of interest in challenges, but has to do with aspiring hackerettes sporting impressive anxieties. And I get it, modern day computer security is an intimidating field, and the fact that this field’s engineers are usually all male, fancy death metal fashion and are offensive by definition, doesn’t help. But, among us, one doesn’t need to be male and death metal to be successful there. The BlackHoodie workshops aim to make complex subjects more tangible and less intimidating for women, in order to get motivated hackerettes started on their security careers. It is not about building walls around a minority, but about creating space, where participants can build confidence, foster shared interests, build connections, and in the end contribute themselves as part of a happier community. It keeps fascinating me how many former BlackHoodies keep sticking around, and do impressive work in several different areas of security.

Monday, October 21th, 2019 - Conference schedule

Time Talk Presenter
09:00 Welcome :D  
09:30 Introduction to Web Application Penetration Testing Andrea Hauser
10:30 Pentesting Mobile Apps with Frida Laura Garcia & Marta Barrio
11:30 Linux Kernel and/or Driver Development 101 Anna-Lena
12:30 BinCAT: purrfecting binary static analysis Sarah Zennou
13:00 Lunch  
14:00 Exploiting bug report systems in the game industry Andreia Gaita
15:00 A QuickLook at macOS cache forensics Kinga Kieczkowska
15:30 Don’t think outside the box - keep it to yourself (and your VM) Bell Levin
16:00 Losing Face: Hacking Facial Recognition
Technology with Makeup and Other Tricks
Camilla Montonen
17: 00 Closing Remarks