Blackhoodie at NorthSec 2022 - Getting cosy with Malware Static Analysis

Back to the list of Speakers and Sessions
May 19 04:00 PM EDT

This workshop is in partnership with the BlackHoodie organization and is intended to be presented by and for women. We hope that all attendees respect this requirement. For further information, the organization's mission is available here.

Workshops are first-come first-serve and have a participant limit. Please register in advance by emailing outreach@nsec.io


This workshop is intended to show how exploring the world of Windows malware in the "eyes" of static analysis can actually be a really fun thing! The participants will go over the life cycle of malware, by statically analyzing some real malware and learning how to read and understand the intention behind a piece of code.

This training is free and for women only as per Blackhoodie standards. It will be held in two 2 hour sessions on consecutive days and has a cap of 10 participants. Registration: Reach out to outreach@nsec.io.

Following Blackhoodie's guidelines regarding COVID, we require proof of vaccination and attendees to wear masks during the workshop

Topics that will be covered: - Understanding the PE file format - Using disassemblers like Ghidra or IDA - Recognizing some common malware routines (tricks used to stay persistent, obfuscation, etc)

If time permits, there will be a chance to learn how to use scripts to augment and make the experience of static analysis easier.

Pre-requisites/assumed knowledge:
  • Comfortable with x86 assembly language.
  • Comfortable with some programming languages.
  • Some knowledge of how a CPU works.
  • Machine with VMs installed (instructions will be emailed before the workshop).

Suweera De Souza Senior Security Researcher, CrowdStrike

Suweera is an enthusiast when it comes to reversing malware and enjoys diving as deep as the hex bytes allow her to. Currently she works as a Senior Security Researcher at CrowdStrike, where she continues to hack away at code.