March 19, 2020 · BlackHoodie Conference EN

BlackHoodie @ Troopers2020

This week I planned to attend BlackHoodie and Troopers 2020. With all what is going on right now, both conferences have been cancelled. So I had time to set up the blog (finally!) and looked at my old notes. I hope you enjoy reading about the awesome experience BlackHoodie 2018.

Hi all,
I know I owe you some more information about Blackhoodie preparations and stuff. There has been so much going on, I just was into research and learning and stuff. I had three great days at the BlackHoodie18 Workshop. For a complete beginner, it was a bit demanding but also motivating. The energy is awesome!

For the preparations, I've read a lot of stuff and did exercises. Lucky me, my old laptop did work with the 12 GB RAM and a new SSD.

First day:
Talks! I was not able to follow all of them, but the thing is that you can ask questions, which I would highly recommend. :-) Now I know roughly what a bootloader does, what happend within the tinynuke-trojan and how a crypto miner attacked some servers. At the end of the day, Mari0n gave us her "usual rant" (her words!!). There is challenging stuff out there. There are many, many jobs and so much money to make. So have fun, be confident and make a loooooot of money. <3

Second day:
Beginners track. VM does work (yay!) but the speed is high. We're analyzing some sweet samples of malware. Where is the start, and the endpoint? What is happening within the boxes? We mainly used IDA for that. I made a page of notes for terms and stuff. Yes, reversing is a lot of researching, staring and coffee and staring. When we had breaks, we would talk to each other as much as possible. There are so many ladies out there, doing awesome stuff. One is doing security testing for new products (crashing a smart tv, anyone??), one is a technical expert for voting, some do incident response, others work on compiler security. There are pentesters, data analysts, web designers, and even some governance people. In the evening we had dinner sponsored by HERE. Thanks again! It was so awesome, seeing so much competence and fun in that restaurant hall. <3

Third day:
Again the beginners track. I started to see some structures: where is the information flow? How to find the function, pointer etc. (search engine is your friend)? Now I knew why it has not only been called workshop, but "bootcamp". At some point I was only able to note terms for research, write small comments and do renaming before going to the next issue. Our sample was a bot, which would load itself within the current version of windows. It will be executed, whenever the system is powered on, to create ongoing availability. Our homework now is to find out where it tries to send information to the server. We not only left with homework, but a presentation of a colleague with further tipps & tricks.

Challenge: There was a small challenge to be solved. Honestly, I didn't even try. There was so much to do and learn, I had no time or energy left.

Useful hints: Blackhoodie is challenging. It is really helpful to sleep enough and keep hydrated. Try to eat on a regular basis. We have been hosted by HERE, and the food was great. <3 Try not to cram in other dates or stuff like that. If you need some private (quiet) time, take it. Do your homework, come prepared. And most important: don't give up. Try again, and again. Talk to others, ask a lot of questions, take notes. If you don't understand, ask them to explain it in easier words.

PS: Curious? See twitter #BlackHoodie18 . You'd like to attend next year? Follow @blackhoodie_RE on twitter. See you 2019!