The BOOTSTRAP25 Conference
Welcome To BOOTSTRAP25
Thompson Conference Center, Austin TX // March 18-22
BOOK NOW
Keep Austin reverse-engineering and learn with Ringzer0! Ringzer0…
Cybersecurity Conference and Training
Ottawa's best cybersecurity training and conference event is back for 2025. November 3-7
A PREMIER CYBERSECURITY CONFERENCE AND TRAINING
BOOTSTRAP25 In-Person Training
BOOTSTRAP25 brings the best reverse engineering and debugging training to Austin Texas. March 18-21, 2025.
BOOTSTRAP25 Virtual Training
Can't make it to Austin? BOOTSTRAP25's Virtual Trainings may be just the thing for you! You can study with our amazing trainers from the comfort of your own home! March 9-15.
KEYNOTE: Security products don’t have to suck // Haroon Meer
It has been 15 years since FX famously quipped that by quality level, we are better off defending our networks with Microsoft Word than a Checkpoint firewall. Security products are still pretty terrible - but why? This keynote examines why this keeps happening and plots a path to a different world.
TALK: Musing from Decades of Linux Kernel Security Research // Joshua J. Drake
The Linux Kernel powers billions of devices across industries, making it critical infrastructure. But is it secure? Josh explores this by comparing its security investments to a typical SDLC, sharing a case study of an unresolved security issue, and offering recommendations to reduce risk.
TALK: From 0 to millions: Protecting against AitM phishing at scale // Jacob Torrey
Phishing has evolved to bypass MFA using reverse proxies, while traditional defenses like blocklists are aging and evaded. This talk introduces Cloned Site Canarytoken, which alerts you to phishing attempts before credentials are entered, with real-world attack insights and response strategies.
TALK: Design To Exploit: A Dive Into EV Charger Security // Jonathan Andersson, Connor Ford
This talk examines EVSE security through an analysis of 8 EV chargers and findings from Pwn2Own Automotive 2024 and 2025. It covers typical charger design, common attack surfaces, and the process of researching an EV charger from scratch, including a successfully exploited vulnerability.
Workshop: Fuzz Testing Bare Metal and RTOS Firmware // Tobias Scharnowski, Marius Muench
Fuzz testing is great for finding vulnerabilities, but embedded, bare-metal, and RTOS firmware pose unique challenges. This hands-on workshop explores firmware rehosting, a modern technique for analyzing and fuzz testing deeply embedded firmware.
Workshop: Blue2thprinting: identifying the form and function of the Bluetooth devices // Xeno Kovah
Right now you are enveloped in the warming glow of dozens to hundreds of Bluetooth devices. Aren’t you curious what all those little critters are?! In this workshop we’ll use the Blue2thprinting tools to poke at these apparitions and get a sense of what they are and what they want from us!
Workshop: Compiler Internals for Security Engineers // Marion Marschalek
This workshop covers security aspects of compiler internals, enabling students via guided examples to modify code through a compiler. Students will analyze code through compilation stages and perform early code injection. We will conclude by demonstrating the security relevance of a build chain.
Workshop: Introduction to Automotive Firmware Reverse Engineering // Willem Melching
In this workshop we will cover the basics of reverse engineering automotive firmware. An ECU firmware can consist of millions of lines of code which would take a long time to fully reverse engineer. Tips and tricks will be taught to quickly identify parts of the firmware that are of interest.
Workshop: Offensive Security Tool Development with Ghidra // John McIntosh
Automate reverse engineering with Ghidra’s CLI tools in this hands-on workshop. Set up a productive environment using the Ghidra Python VSCode Devcontainer Skeleton, automate tasks, script analyses, and integrate Ghidra’s powerful decompilation and disassembly features into your CLI workflow
Workshop: Hands-on binary (de)obfuscation // Arnau Gàmez i Montolio
This workshop introduces modern binary (de)obfuscation. After a brief lecture on key concepts, we’ll walk through practical examples, using symbolic execution to extract and simplify obfuscated expressions. Finally, we’ll apply program synthesis to recover the semantics of obfuscated code.
FREE Blackhoodie 1 Day Training // Compiler Internals for Security Engineers
Blackhoodie is a free, women only reverse engineering workshop and community. This FREE 1 day class introduces students to security relevant aspects of compiler internals, and with guided examples enables students to perform their own code modifications through a compiler.
In-Person Training // March 18-22
Practical Car Hacking - A Hands-On Approach
This course covers a wide variety of topics - from automotive networks, diagnostic protocols, firmware extraction and wireless attack surfaces. The course is very hands-on, with many real ECUs to practice on.
Patch Diffing In The Dark: Reverse Engineering Modern CVEs
This course teaches patch diffing to analyze real-world Windows and Android vulnerabilities. Students use open-source tools like Ghidra to reverse engineer recent CVEs, gaining the skills and confidence to discover complex vulnerabilities with tools they already have.
VoidStar Security - Hardware Hacking for Reverse Engineers
This course teaches hardware reverse engineering fundamentals, focusing on low-level protocols like SPI, I2C, JTAG, and SWD in embedded systems. Students develop tools to interface with these protocols. All hardware is provided, and students keep the tools after completing the course.
Bluetooth Low Energy - Full Stack Attack
It's pretty fun to hack things wirelessly. And hey, it turns out there's literally *billions* of Bluetooth Low Energy (BLE) things sold per year, so let's learn how to hack those!
Fuzzing and Attacking Custom Embedded Systems
This training covers analyzing, fuzz testing, and exploiting devices with custom embedded OS. It dives into Arm Firmware, teaches reverse engineering with Ghidra, and offers hands-on exercises to build proficiency with tools like Unicorn, AFL++, and Fuzzware.
Virtual Training // March 9-15
Exploiting the Linux Kernel
This training guides through the field of Linux kernel exploitation. In a series of practical labs, the training explores the process of exploiting kernel bugs in a modern Linux distribution on the x86-64 architecture.
Reversing Cryptography in Black Box Binaries
Learn how to assess the robustness of black box cryptographic blocks in binaries via real-world examples.
Everyday Ghidra: Practical Windows Reverse Engineering
A comprehensive guide to using Ghidra, covering fundamental operations to advanced techniques, with hands-on exercises on real-world Windows applications.
macOS 15 and iOS 18 Kernel Internals for Security Researchers
This course introduces you to the low level internals of the iOS and macOS kernels from the perspective of a security researcher interested in vulnerability analysis, kernel rootkit/malware analysis/detection or kernel exploit development.
Machine Learning for Reverse Engineers
In this course, students will gain the necessary hands-on experience, knowledge, and confidence to conduct automated program analysis at scale using machine learning.
Windows Kernel Exploitation: Foundation and Advanced
Gain hands-on experience in a wide range of topics, including Windows and driver internals, various memory corruption types, exploit development techniques, mitigation bypass techniques, pool internals, and Feng-Shui and then test your skills in a CTF challenge!
Rust Reverse Engineering in Practice
This training equips you with essential skills in Rust reverse engineering. You’ll learn to analyze Rust binaries, understand the language’s compilation and runtime intricacies, utilize tools and plugins, and tackle advanced challenges such as obfuscation and malware analysis.
Reverse Engineering - Binary Program Analysis
Learn the fundamentals of reverse engineering from scratch with this incredible course taught by Tim Blazytko.
Our Sponsors
