BLACkHOODIE TRACK

by Women In Cybersecurity Community Amsterdam

OCT 13 - Offensive Security 101

OCT 14 - Car Security 101

What is Blackhoodie?

BlackHoodie is a series of free, women-only security events focused on reverse engineering, which started in 2015 and in 2018 slowly became a global initiative, with events happening in different European and US locations. More information on the idea of BlackHoodie and upcoming events can be found at blackhoodie.re. BlackHoodie is again teaming up with Hack In The Box to bring a women-only Blackhoodie track to HITB! Expect us on October 13th and 14th at Emirates Palace in Abu Dhabi, during the 2019 HITB⁺CyberWeek.

REGISTER FOR FREE

13th October

Offensive Security 101

An introduction to ethical hacking and penetration testing.

We will cover the basics of offsec, including an introduction to infrastructure and web applications, offensive security tools, and common vulnerabilities such as the OWASP top 10.

Key learning objectives

  • Understanding of web applications and organizational networks
  • Overview of common weaknesses and how they can be exploited
  • Understanding how to defend against these vulnerabilities

The session will include plenty of hands-on exercises for attendees to get first-hand experience with how hackers commonly break into things. The target audience is beginners, preferably (but not required) with some understanding of web application and coding.

Topics covered:

• Basic infrastructure and web application introduction

• Web application hacking

• Offensive Security tooling

• Privilege escalation and lateral movement

• Kernel exploits

• Hands-on exercises

What attendees should bring (laptop requirements)

  • Kali VM or Ubuntu VM

14th october

Car HACKING 101

A crash course for beginners who have no knowledge in automotive security to get started on their car hacking journey.

Key learning objectives

  • Learn about the basic understanding of vehicular networks
  • Gain better understanding of vehicular communication protocols
  • Explore the attack surfaces in vehicles

Who should attend

Anyone who is interested to learn how to get started in car security

Topics Covered

Introduction to vehicle threat landscape – Traditional vehicles, Connected Vehicles and Autonomous Vehicles

Introduction to the differences between Connected vehicles and Autonomous vehicles (SAE Levels)

Introduction to connected vehicle technology – V2X, V2I, V2N, V2V

Overview of basic vehicle networks and protocols – (E.g. CAN Bus, Flexray bus, J3016 standard etc.)

–        Introduction to CANbus protocol

–        Introduction to CAN frame

–        Introduction to Car hacking tools

–        Identifying the CAN types

–        Introduction to UDS (Unified Diagnostic Systems)

–        Understanding the ECU (Engine Control Unit)

Practical Hands-on Activities on ICSim and CSQ’s Easel (If sufficient time)

–        Capture CAN bus traffic

–        Replaying CAN bus traffic

–        Reverse engineering the CAN IDs

–        Spoofing the CAN bus traffic

What attendees should bring (laptop requirements)

  • Windows 7 and above
  • Kali VM or Ubuntu VM
  • Administrative Privileges

TRAINERS

Andrea Stehrer

Andrea is an ethical hacker specialized in web application and infrastructure testing. She is also the co-founder of WICCA (Women in Cybersecurity Community Amsterdam) and co- organizer of Blackhoodie Netherlands, where she aims to bring together security-enthusiastic women to learn from and laugh with.

Anneloes Geerts

Anneloes is a criminologist with a passion for ethical hacking. She has over 5 years experience in IT security and performed multiple security tests on web-applications, mobile apps, software and hardware. In her spare time, she loves playing CTF events. Since 2018 she is facilitator of multiple hacking courses and would like to help and learn together with security-enthusiastic women!

Alina Tan

Alina (0x410x54) Tan is the founder of Division Zero’s (Div0) Car Security Quarter (CSQ). Her expertise lies in securing Operational Technology (OT), Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) systems — specifically on the offensive security of these systems. Her interest lies in pentesting OT and automotive systems.

Why Women Only?

The number of female engineers working on complex low-level security topics is crushingly low.

Past teaching experience shows that is not due to lack of interest in challenges, but has to do with aspiring hackerettes sporting impressive anxieties. And I get it, topics like modern day exploitation are intimidating, and the fact that this field’s engineers are usually all male, fancy death metal fashion and are offensive by definition, doesn’t help. But, among us, one doesn’t need to be male and death metal to be successful there.

The BlackHoodie workshops aim to make complex subjects more tangible and less intimidating for women, in order to get motivated hackerettes started on their security careers. It is not about building walls around a minority, but about creating space, where participants can build confidence, foster shared interests, build connections, and in the end, contribute themselves as part of a happier community. It keeps fascinating me how many former BlackHoodies keep sticking around, and do impressive work in several different areas of security.