Monday, March 18, 2019

BlackHoodie comes back to San Francisco

I promised we’d be back! So here we roll again, BlackHoodie is coming back to San Francisco, this time filling the Google campuses in downtown with a crowd of dedicated hackerettes.
The bootcamp will take place in San Francisco downtown, on April 25th and 26th this year. Just like other BlackHoodie events, the classes will be free, women only, and crazy challenging. And as usual, all we want is your everything ;)
TL;DR facts:
What: Classes on code security, application security, x86, and ARM and Android native reverse engineering
When: April 25th & 26th, 2019; 8.45am - 5pm; 25th 3-5pm networking event  
Where: Google campus, 345 Spear St, San Francisco, CA, 94105, 7th floor
Who: Women
Prerequisites Track 1: Experience in C/C++ development, notebook capable of hosting/running a VM
Prerequisites Track 2: notebook capable of hosting/running a VM
Registration: Use our form :) Registration closes April 5th


We will run 2 sessions in parallel, sporting 1 class per day. Track 1 focuses on C/C++ software security and x86 reverse engineering of Windows malware. Track 2 focuses on web application security and ARM reverse engineering.
Track 1:


Day 1: Bug Hunting for Developers


Teacher: Natashenka, top researcher within Google’s Project Zero.
Topic: students will learn how to find and avoid security problems in C and C++ code.


Prerequisites: This class is targeted towards developers and students who are studying programming. Students who have called malloc in the past year (or can explain why they didn’t) will get the most out of this course.  


Day 2: Intro to x86 Malware Reverse Engineering


Teacher: Bhavna Soman, Security Researcher at Microsoft
Topic: Students will go over the basics of x86 and IDAPro, and use that to analyze real world malware samples (VM set up instructions will be provided beforehand). They will learn common techniques that malware authors use to evade detection and analysis. Finally, they’ll be provided with challenge binaries to test their new RE skillz.


Track 2:
Day 1: A hands-on introduction to Web Application Security


Teacher: Jenna Kallaher and Liza Burakova, security engineers at Google
Topic: Workshop on application security, where attendees will learn to break web applications by exploiting an intentionally vulnerable banking application. The workshop will explore prevalent attacks like XSS, CSRF and logic errors.


Day 2: Intro to Android Reverse Engineering  
Teacher: Maddie Stone, world’s favorite firmware reverse engineer,
Topic: This workshop will teach attendees how to go about reverse engineering Android applications. We’re going to cover both the Java and the native code (ARM) aspects of reversing Android apps for fun and profit. (Hello, Android app VRPs!)
Registration for BlackHoodie Bay Area 2019 will work on a first come first serve basis, through a Google form. You will be able to register until April 5th. Space is limited and folks signing up for track 1, please check the prerequisites for the track 1 classes.
You can only sign up for a track, not for a particular class (keeps our attendee management manageable - individual changes can likely be handled on site).
Finally, please note that we cannot cover travel or housing for attendees. We’ll be able to provide one or another snack though. More details will be communicated prior to the event.
Why women only?
The number of female engineers working on complex low level security topics is crushingly low. My past teaching experience shows me, that is not due to lack of interest in challenges, but has to do with aspiring hackerettes sporting impressive anxieties. And I get it, modern day computer security is an intimidating field, and the fact that this field’s engineers are usually all male, fancy death metal fashion and are offensive by definition, doesn’t help. But, among us, one doesn’t need to be male and death metal to be successful there. The BlackHoodie workshops aim to make complex subjects more tangible and less intimidating for women, in order to get motivated hackerettes started on their security careers. It is not about building walls around a minority, but about creating space, where participants can build confidence, foster shared interests, build connections, and in the end contribute themselves as part of a happier community. It keeps fascinating me how many former BlackHoodies keep sticking around, and do impressive work in several different areas of security.
What is BlackHoodie?
BlackHoodie is a series of free, women only hacker bootcamps, which started in 2015, and since 2018 started going global. BlackHoodie Bay Area is organized in cooperation with Google, and in 2018 was the first BlackHoodie event to be held within the United States. More information on the idea of BlackHoodie and upcoming other events can be found at www.blackhoodie.re.