Wednesday, July 11, 2018

BlackHoodie Bay Area 2018

Years ago I was listening to a talk at the CCC Congress in Hamburg, where a hackerette explained to us how she managed to exploit a Tamagotchi. I was starstruck, at the time I didn't even quite understand what single stepping means. Role models gonna role model, and recently this same hackerette agreed to do an offensive security workshop, along with a number of other awesome women.  The workshop will be held in Mountain View, CA on September 7th and 8th this year. Just like other BlackHoodie events, the event will be free, it will be women only, and it will be crazy challenging.

TL;DR facts:
What: Workshops on offensive security, application security, firmware reverse engineering
When: September 7th & 8th, 2018; 10am - 5pm
Where: Google campus, Mountainview, CA
Who: Women
Prerequisites: Some form of education or solid experience in computer science, but don’t be shy, we welcome security newcomers just as well
Registration: CLOSED since July 16, since we're overfull already :)


Sessions: We will run 3 sessions in parallel, all taught by industry leaders.

Session 1: Introduction to Security Code Review
Teacher:  Natashenka, top researcher within Google's Project Zero.
Topic: Students will learn how  to review C and C++ source code for vulnerabilities

Session 2: Intro to Reversing & Reversing Android Native Code
Teacher: Maddie Stone, world’s favorite firmware reverse engineer.
Topic: Day 1 will be an introduction to reverse engineering. No experience in reversing? Come join us and get some experience! Day 2 we’ll apply the basics we learned in Day 1 to how to reverse native code in Android applications. Students will learn how the Java Native Interface works and how to find the fun stuff hidden in the assembly.  .

Session 3: A hands-on introduction to Web Application Security
Teacher: Niru Ragupathy, red teamer at Google.
Topic: Workshop on application security, where attendees will learn to break web applications by exploiting an intentionally vulnerable banking application. Day 1 will explore prevalent attacks like XSS, CSRF and logic errors. Day 2 will explore more esoteric attacks and allow participants to try and achieve pro status on the fake banking application.             

The workshops will be supported by Amanda Rousseau, Mara Tam, Bhavna Soman, Azeria, Jenna Kallaher and myself.

The Bay Area is full of engineers, even female ones, thus we think to keep registration fair, a lottery is the best option for seat selection. All together, we have plenty of seats; so no worries. 

Finally, please note that we cannot cover travel or housing for attendees. We’ll be able to provide one or another snack though. More details will be communicated prior to the event.


Why women only?
The number of female engineers working on complex low level security topics is crushingly low. My past teaching experience shows me, that is not due to lack of interest in challenges, but has to do with aspiring hackerettes sporting impressive anxieties. And I get it, modern day exploitation is an intimidating field, and the fact that this field’s engineers are usually all male, fancy death metal fashion and are offensive by definition, doesn’t help. But, among us, one doesn’t need to be male and death metal to be successful there. The BlackHoodie workshops aim to make complex subjects more tangible and less intimidating for women, in order to get motivated hackerettes started on their security careers. It is not about building walls around a minority, but about creating space, where participants can build confidence, foster shared interests, build connections, and in the end contribute themselves as part of a happier community. It keeps fascinating me how many former BlackHoodies keep sticking around, and do impressive work in several different areas of security.

What is BlackHoodie?
BlackHoodie is a series of free, women only reverse engineering bootcamps, which started in 2015 and since 2018 is supported by a number of spin off events. BlackHoodie Bay Area is a spin off event, organized in cooperation with Google, and is the first BlackHoodie event to be held within the United States. More information on the idea of BlackHoodie and the upcoming main event can be found at blackhoodie.re.

6 comments:

  1. Shouldn't this event follow Google's Event Community Guidelines?

    >Google is dedicated to providing a harassment-free and inclusive event experience for everyone regardless of gender identity and expression...

    https://www.google.com/events/policy/anti-harassmentpolicy.html

    ReplyDelete
    Replies
    1. Google is hosting BlackHoodie, and Googlers are volunteering to teach, but it is a BlackHoodie event.

      Delete
  2. Hey,
    What does a "lottery is the best option for seat selection" mean?
    I am very interested in attending, but I want to know 100% I will have a seat, otherwise I'd have to pay the plane tickets and the hotel for nothing.
    Please let me know, thanks!

    ReplyDelete
    Replies
    1. Same, when will we find out if we got a seat? Need to ask for time off

      Delete
    2. We changed the deadline from 31st to 16th, hence notifications will go out next week.

      Delete
    3. Hey, so basically I have to wait until I receive the notification on the email before I book the plane tickets, right? Or will everyone who registered in the allotted time join?

      Delete