Introduction #
Finding meaningful, well constructed and cheap cyber security training and development can be quite an honest struggle, particularly when your thoughts are governed by indecision and curiousity. Taking a gamble on a course, marked at anywhere over $1,000 USD (which unfortunately, most cyber security courses are…) is enough to not only make you feel frustrated over your now empty pockets, but make you scream if you dived on in, head first willing to learn, only to discover you absolutely abhor the training you so painstakingly selected.
This is precisely way 0xCC is just so valuable to the community. It offers carefully tailored cyber security courses presented by intelligent, working women in the field and all for the very low and honestly shocking cost of nothing. Thats right, all you need to do is sign up. You are thrusted into a safe, respectful envrionment where you are free to dabble in subject matters that have always interested you, that you just might not have felt comfortable (understandably so) spending the money to try.
And that brings me to the reason I am writing this article. After attending this conference in Melbourne, Australia, I really wanted to spend some time summarising my experience and why if you identifiy as a woman, you should seriously consider attending this conference in future. I’ve provided the links to their website just below:
A little about the conference #
Held in Melbourne this year, 0xCC is a cyber security training conference for women, by women, offering free security-related training to anyone who identifies as such. The conference has a wide range of offerings, carefully crafted and delivered by professional women in the field. It takes place over 2 days, and you must select your preferred training course prior to the date. This selection will govern how you spend your 2 days, with ample opportunities to liaise with fellow women in tech or looking to transition into the field. In addition to this, you also have the opportunity to seek out a mentor or provide mentorship for, anyone who has signed up to the conference.
| Training Course | Description | Difficulty |
|---|---|---|
| Hacktastic Voyage: Explore Web App Hacking Fundamentals | Are you ready to embark on an epic adventure, full of danger and discovery? Then join us on our course, where we’ll take you on a thrilling journey through the world of web app hacking. As we set out on our adventure, we’ll encounter countless obstacles and challenges, testing our skills and wits to the limit. Hot topics will include SSRF, broken access controls, injection vulnerabilities, tokens and session management. We’ll cover fundamentals on day 1 and on day 2 you will learn to chain them for impact. Together, we’ll face the unknown and emerge victorious, ready to conquer the world of web app security. | Beginner-Intermediate |
| Introduction to Code Review | In this 2-day face-to-face course, Introduction to Code Review walks students through the numerous cases of undefined and platform specific behavior in C. We’ll start with a refresher of the C programming language, followed by an introduction of how to automate bug discovery using fuzzing and static analysis. We will review numerous real-world examples of bugs and finish by looking at coding recommendations and ways to prevent, fix, and secure buggy C code. | Intermediate |
| Introduction to Digital Forensics | The fundamentals of digital forensics are often not known, or overlooked during an incident and important evidence can easily be overwritten and lost. Shanna is a long term digital forensics practitioner with years of experience and stories to share on what to do, and what not to do. During this workshop you will be introduced to the fundamentals of digital forensics, including artefact collection, preservation and analysis. Participants will learn how to start a digital investigation using open source or freely available tools to demonstrate the theory and challenges will be provided to participants to practice along. We’ll utilise freely available CTF questions and evidence to make it accessible for all, and provide a jump start on how to get involved in DFIR challenges and events. Mostly we want to provide a way to get started with DFIR and get you hooked too. | Intermediate |
| Malware Analysis and Reverse Engineering | In this course, we will learn the basics of x86 assembly language and fundamental tools and techniques of malware analysis. We will learn the malware analysis process from the start to the end. This includes understanding file structures, recognising packed files and how to unpack them, reverse engineering malwares and finally writing scripts to decrypt their encrypted components. | Beginner - Intermediate |
| Scripted Recon: Turning Data into Intelligence | Phishing, bug hunting, penetration testing, exploit development, and threat intelligence - what do these have in common? Information gathering, or reconnaissance (aka recon) is key for any of these to be successful and meaningful. It’s not just one step in a process, but a continuous activity that helps identify vulnerabilities, data breaches, brand impersonations and more - that needle in the haystack that gets us a step further into preventing (or performing) successful exploitation. | Beginner - Intermediate |
Course Review: Malware Analysis and Reverse Engineering #
It should come as no surprise to you by this point that I chose the “Malware Analysis and Reverse Engineering” course out of those available.
Day 1: Assembly and Disassembly #
Our first day started with the fundamentals – a wonderful summary of x86 Assembly, followed by increasingly difficult example scenarios designed to test our collective knowledge and understanding of the language. What was most captivating about this section was the gradual build in difficulty, which ended in the analysis of the EICAR binary (the malware test file for AV vendors), leveraging our newly acquired knowledge to understand how and why AntiVirus vendors identify the behaviour in this file as malicious. It was a refreshing take on analysis with the added benefit of provide a safe and easy program to effectively and efficiently analyse with our newly acquired knowledge. It was lovely to walk away knowing more about the behaviour of the test file, armed with the knowledge of why an AV or EDR solution would earmark it as malicious.
The course delved into manual unpacking of PE files, which once again was very refreshing. Quite a good departure from the standard “unpack with the UPX unpacker” that most courses go with. Instead, the trainers discussed how in real life, many malware types use modified packers and presented a good methodology on how to unpack them.
We ended the first day of learning with the exploration of the OEP (original entry point). We were given a packed program that we analysed in IDA, finding the OEP and restoring the file close to its ‘unpacked’ state to understand the effects a packer has on a program at a deeper level. This exercise included fixing the import address table and was a highly valuable activity. It went above and beyond the usual expectations and actually left you with valuable information about the “why” and “how” behind packers and the unpacking process.
I have to say this aspect of the training simple blew me away. It was delightful to see this was all completed manually, providing a solid foundation of knowledge about OEPs and apply this to real-life malware. It was a great departure from the classic automated tooling approach, which of course is useful, but doesn’t provide you with the ‘why’ behind the action. Alongside the means to tackle the problem of unpacking, where one of these solutions are not available.
Topic Summary for day 1:
- Assembly Language
- Static and Dynamic Analysis (and their tools)
- The PE Header
- Packed Files
- Finding the Original Entry Point
- Unpacking Files
Day 2: Practical Analysis #
With the theory heavy day 1 done and dusted, we spent the majority of day 2 analysing various malware samples. We built on previous knowledge, adding data encoding to our ever-growing arsenal of information. I won’t go into significant detail about the contents of this day, because I think it’s honestly nicer not to know exactly what you’ll be analysing if you opt to attend 0xCC and take this course in the future. What I will say is, though I was initially a little frustated at what we were analysing, it all started to make sense as the day went on. All the samples connected with one another and slowly but surely the bigger picture unraveled and I found myself once again with a smile on my face. Again, another aspect of this training that stood out against others, there was an obvious flow to the sample investigation and you could sit back and appreciate how a phishing campaign turned into something much more sinister through the use of various malware families to facilitate the ecriminal’s objectives.
Topic summary for day 2:
- Data encoding
- Python for malware analysis
- Analysing Windows malware
- Analysing Android malware
Closing Thoughts and Suggestions #
Honestly, for a free course delivered by two industry experts, there is not much that I would change about this course at all. The content well-structured, the lab environment was easy to navigate and use, and I really enjoyed the ‘bigger picture’ thinking that was present throughout the course. The only thing I would say warranted further investigation is this; analysis focused on using very expensive tools such as IDA Pro. I would love to see Ghidra make an appearance in future iterations of the course, simply because it is free and very powerful. Giving people new to the industry the power to leverage these broadly available tools with no cost to entry would make this course infinitely more valuable to a newcomer.