Wednesday, July 11, 2018

BlackHoodie Bay Area 2018

Years ago I was listening to a talk at the CCC Congress in Hamburg, where a hackerette explained to us how she managed to exploit a Tamagotchi. I was starstruck, at the time I didn't even quite understand what single stepping means. Role models gonna role model, and recently this same hackerette agreed to do an offensive security workshop, along with a number of other awesome women.  The workshop will be held in Mountain View, CA on September 7th and 8th this year. Just like other BlackHoodie events, the event will be free, it will be women only, and it will be crazy challenging.

TL;DR facts:
What: Workshops on offensive security, application security, firmware reverse engineering
When: September 7th & 8th, 2018; 10am - 5pm
Where: Google campus, Mountainview, CA
Who: Women
Prerequisites: Some form of education or solid experience in computer science, but don’t be shy, we welcome security newcomers just as well
Registration: CLOSED since July 16, since we're overfull already :)


Sessions: We will run 3 sessions in parallel, all taught by industry leaders.

Session 1: Introduction to Security Code Review
Teacher:  Natashenka, top researcher within Google's Project Zero.
Topic: Students will learn how  to review C and C++ source code for vulnerabilities

Session 2: Intro to Reversing & Reversing Android Native Code
Teacher: Maddie Stone, world’s favorite firmware reverse engineer.
Topic: Day 1 will be an introduction to reverse engineering. No experience in reversing? Come join us and get some experience! Day 2 we’ll apply the basics we learned in Day 1 to how to reverse native code in Android applications. Students will learn how the Java Native Interface works and how to find the fun stuff hidden in the assembly.  .

Session 3: A hands-on introduction to Web Application Security
Teacher: Niru Ragupathy, red teamer at Google.
Topic: Workshop on application security, where attendees will learn to break web applications by exploiting an intentionally vulnerable banking application. Day 1 will explore prevalent attacks like XSS, CSRF and logic errors. Day 2 will explore more esoteric attacks and allow participants to try and achieve pro status on the fake banking application.             

The workshops will be supported by Amanda Rousseau, Mara Tam, Bhavna Soman, Azeria, Jenna Kallaher and myself.

The Bay Area is full of engineers, even female ones, thus we think to keep registration fair, a lottery is the best option for seat selection. All together, we have plenty of seats; so no worries. 

Finally, please note that we cannot cover travel or housing for attendees. We’ll be able to provide one or another snack though. More details will be communicated prior to the event.


Why women only?
The number of female engineers working on complex low level security topics is crushingly low. My past teaching experience shows me, that is not due to lack of interest in challenges, but has to do with aspiring hackerettes sporting impressive anxieties. And I get it, modern day exploitation is an intimidating field, and the fact that this field’s engineers are usually all male, fancy death metal fashion and are offensive by definition, doesn’t help. But, among us, one doesn’t need to be male and death metal to be successful there. The BlackHoodie workshops aim to make complex subjects more tangible and less intimidating for women, in order to get motivated hackerettes started on their security careers. It is not about building walls around a minority, but about creating space, where participants can build confidence, foster shared interests, build connections, and in the end contribute themselves as part of a happier community. It keeps fascinating me how many former BlackHoodies keep sticking around, and do impressive work in several different areas of security.

What is BlackHoodie?
BlackHoodie is a series of free, women only reverse engineering bootcamps, which started in 2015 and since 2018 is supported by a number of spin off events. BlackHoodie Bay Area is a spin off event, organized in cooperation with Google, and is the first BlackHoodie event to be held within the United States. More information on the idea of BlackHoodie and the upcoming main event can be found at blackhoodie.re.

10 comments:

  1. Shouldn't this event follow Google's Event Community Guidelines?

    >Google is dedicated to providing a harassment-free and inclusive event experience for everyone regardless of gender identity and expression...

    https://www.google.com/events/policy/anti-harassmentpolicy.html

    ReplyDelete
    Replies
    1. Google is hosting BlackHoodie, and Googlers are volunteering to teach, but it is a BlackHoodie event.

      Delete
  2. Hey,
    What does a "lottery is the best option for seat selection" mean?
    I am very interested in attending, but I want to know 100% I will have a seat, otherwise I'd have to pay the plane tickets and the hotel for nothing.
    Please let me know, thanks!

    ReplyDelete
    Replies
    1. Same, when will we find out if we got a seat? Need to ask for time off

      Delete
    2. We changed the deadline from 31st to 16th, hence notifications will go out next week.

      Delete
    3. Hey, so basically I have to wait until I receive the notification on the email before I book the plane tickets, right? Or will everyone who registered in the allotted time join?

      Delete

  3. Hello, Do you need a loan from The most trusted and reliable company
    in the world? if yes then contact us now for we offer loan to all
    categories of seekers be it companies or for staff usage. We offer
    loan at 3% interest rate, Contact us via Whats app +919205646839
    mohanmendcompany01@gmail.com

    LOAN SEEKERS APPLICATION FORM
    ******************************
    1) Full Name:
    2) Gender:
    3) Loan Amount Needed:
    4) Loan Duration:
    5) Country:
    6) Home Address:
    7) Mobile Number:
    8) Fax Number:
    9) Occupation:
    10) Monthly Income:
    11) Salary Date:
    12) Purpose of loan:
    13) Where did you get our loan advertisement:
    mohanmendcompany01@gmail.com

    ReplyDelete
  4. Have notification has been sent?

    ReplyDelete
  5. We are authorized Financial consulting firm that work directly with
    A rated banks eg Lloyds Bank,Barclays Bank,hsbc bank etc

    We provide BG, SBLC, LC, LOAN and lots more for client all over the world.

    Equally,we are ready to work with Brokers and financial
    consultants/consulting firms in their respective countries.

    We are equally ready to pay commission to those Brokers and financial
    consultants/consulting firms.

    Awaiting a favourable response from you.

    Best regards
    WALSH SMITH, ROBERT
    email : info.iqfinanceplc@gmail.com
    skype: cpt_young1
    Tel contact: +447031968934

    ReplyDelete
  6. πŸŽ†THE HACK GEEKSπŸŽ†

    Have you ever wondered if it's possible to hack things the way hackers do it in the movies.πŸ€”πŸ€”

     

             Yeah its possible!!!😁😁😁

    "AS LONG AS IT'S TECHNOLOGY, IT CAN BE HACKED"


    Hacking can easily be done by planting a computer virus or spyware(depending on what the hacker intend to do) in the targeted device.🀐🀐


        We at THE HACK GEEKS give you the best hacking service there ever is.πŸ‘ŒπŸ‘Œ

    We understand the Issues of scammers all over the internet and that's why we give you a solid prove of our services.


    We have got the top hackers in hackerone.com that are always ready to hack for you anytime ,anywhere, any device, organisation, federal agencies, university, college you just think of it.

     We can help:

    *To Hack, Clone or Track a Phone?πŸ“±πŸ“²

    *To Sniff, Erase or Change a file in a Company, Organisation or in a Federal agency?πŸ“–πŸ“ƒ

    Eg: Changing of grades in a university.

          Changing of identity.

          Deleting of files such as criminal records and evidence.

          Changing of files and evidence in federal facilities.

          Stealing of files and document from companies and organizations.

    *To retrieve lost BitCoinπŸ’°πŸ’°

    *Mining of BitCoinπŸ’°πŸ’°

    *To hack an Email or any Social Media account?πŸ’ž

    *To Transfer funds without been detected?πŸ’΄πŸ’΅πŸ’·

    *To increase your credit score?πŸ”πŸ”

    *To Hack Credit/Debit card?πŸ’³πŸ’³


       All these are what we can do for you.


    We are descrete and won't expose our service to you to anyone.

    Contact:

    thehackgeeks@gmail.com

    We look forward to hacking for you

    ReplyDelete