Blackhoodie at NorthSec 2022 - Getting cosy with Malware Static Analysis

Back to the list of Speakers and Sessions
This workshop is intended to show how exploring the world of Windows malware in the "eyes" of static analysis can actually be a really fun thing! The participants will go over the life cycle of malware, by statically analyzing some real malware and learning how to read and understand the intention behind a piece of code.

This training is free and for women only as per Blackhoodie standards. It will be held in two 2 hour sessions on consecutive days and has a cap of 10 participants. Registration: Reach out to

Following Blackhoodie's guidelines regarding COVID, we require proof of vaccination and attendees to wear masks during the workshop

Topics that will be covered: - Understanding the PE file format - Using disassemblers like Ghidra or IDA - Recognizing some common malware routines (tricks used to stay persistent, obfuscation, etc)

If time permits, there will be a chance to learn how to use scripts to augment and make the experience of static analysis easier.

Pre-requisites/assumed knowledge:
  • Comfortable with x86 assembly language.
  • Comfortable with some programming languages.
  • Some knowledge of how a CPU works.
  • Machine with VMs installed (instructions will be emailed before the workshop).