About

Andrea Barisani is an internationally recognized security researcher. Since owning his first Commodore-64 he has never stopped studying new technologies, developing unconventional attack vectors and exploring what makes things tick...and break.

His experience builds on large-scale infrastructure defense, penetration testing and code auditing with particular focus on safety critical environments, with more than 15 years of professional experience in security consulting.

His main focus lies on the converge between secure hardware and software, an interest consolidated in the authorship of the USB armory hardware project and the TamaGo bare metal framework.

He is a well known international speaker, having presented at BlackHat, CanSecWest, Chaos Communication Congress, DEFCON, Hack In The Box, among many other conferences, speaking about innovative research on automotive hacking, side-channel attacks, payment systems, embedded system security and many other topics.

Work

Current:

2017/02 ----- now | Head of Hardware Security - WithSecure (formerly known as F-Secure)
2017/02 --------- | F-Secure acquires Inverse Path - press release
2005/11 - 2017/02 | Founder & Chief Security Engineer - Inverse Path

Past:

2005/06 - 2007/12 | Senior System Engineer - University of Trieste, Department of Astronomy
2004/11 - 2004/12 | UNIX Programming Consultant - London Internet Exchange
2003/07 - 2006/02 | Infrastructure Developer - Gentoo Linux
2001/10 - 2005/10 | UNIX Security Engineer - Live Network Security
2000/11 - 2001/07 | Sysadmin and Security Officer - NE&T, Webtechna

Outdoor

🏔 🏂 🚁 🧗 🏃

Contact

Andrea "lcars" Barisani | andrea@inversepath.com | PGP/GPG key: 0x864C9B9E | @andreabarisani | Trieste, Italy

Expertise

security engineering, {software,firmware,hardware} auditing, penetration testing, reverse engineering, cross-domain isolation on safety critical systems, data diodes, embedded system design, HSMs & TEEs, ...

Advisories

Industries

Automotive
Co-author of the very first research on vehicle security, vast experience in securing all kind of automotive embedded systems such as telematic control units, infotainment systems and ECUs.
Avionics
A focal point, with many years of experience, for aircraft and avionics manufacturers in auditing their safety critical systems from hardware or software security issues.
Consumer
Deep knowledge and experience in the convergence between software and hardware, aimed at securing all layers and protect intellectual property on all kind of consumer electronics.
Enterprise
Vast experience in security auditing for major IT infrastructures of the largest enterprise environments, including large scale penetration testing, application auditing and IDS deployment.
Financial
Co-author of leading research in credit card security, discovering novel flaws in Chip & PIN systems. Vast experience in securing entire banking infrastructures from consumer card chips to POSes and up to transaction backends.
Industrial
Specialized in securing safety critical infrastructure from the ground up, including hardware, firmware and software auditing of proprietary control systems with air, land, sea or space applications.

Projects

Research

Conferences

🎵 Keynote
👥 Panel
🥚 TamaGo
🔒 USB armory
🖧 Armored Witness
🐞 Insecure Boot
💳 Practical EMV PIN interception and fraud detection
Fully arbitrary 802.3 packet injection: maximizing the Ethernet attack surface
💻 Practical exploitation of embedded systems
Real-life experiences in avionics security assessment
TEMPEST inception
📡 Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage
🚗 Unusual Car Navigation Tricks: Injecting RDS-TMC Traffic Information Signals
☣ Lessons in Open Source security: the tale of a 0-Day incident
🛂 Building a modern LDAP based security framework
🏫 Security Masters Dojo
Open Source Firmware Conference 2024-09-03/2024-09-04 Bochum, Germany 🥚
Asilomar Microcomputer Workshop 2024-04-24/2024-04-26 Pacific Grove, USA 🥚
CanSecWest 2024-03-20/2024-03-22 Vancouver, Canada 🖧
Airbus CYCON 2023-10-10 The Internet 🥚
GoLab 2020-10-19/2020-10-25 The Internet 🥚
Chaos Communication Congress 2019-12-27/2019-12-30 Leipzig, Germany 🥚
escar europe 2019-11-19/2019-11-20 Stuttgart, Germany 🐞
Pacsec 2019-11-06/2019-11-07 Tokyo, Japan 🐞
t2 2019-10-24/2019-10-25 Helsinki, Finland 🔒
escar asia 2019-10-01/2019-10-02 Tokyo, Japan 🐞
BSidesVarazdin 2019-09-18 Varaždin, Croatia 🔒
No Hat 2019-09-14 Bergamo, Italy 🔒
Hack In The Box 2018-11-01/2018-11-02 Beijing, China 🔒
Air Power Conference 2018-10-30/2018-11-01 Helsinki, Finland
FSec IoT Hacking Summer School 2018-07-16/2018-07-22 Varaždin, Croatia , TrustZone
Aero'Nov Connection 2018-06-27/2018-06-28 Marseille, France
SPIME 2017-09-20/2017-09-21 Torino, Italy IoT Security
Airbus's Aircraft Security User Panel 2016-10-17/2016-10-20 Marseille, France 🎵
FSEC 2016-09-14/2016-09-15 Varaždin, Croatia 🔒
The Internet of Broken Things (POLIMI) 2016-09-07 Milano, Italy
RMLL 2016-07-04/2016-07-06 Paris, France 🔒
Area41 2016-06-10/2016-06-11 Zurich, Switzerland 🔒
International Journalism Festival 2016-04-06/2016-04-10 Perugia, Italy 🛃
CanSecWest 2016-03-15/2016-03-18 Vancouver, Canada 🏫
t2 2015-10-29/2015-10-30 Helsinki, Finland 🔒
Hack.lu 2015-10-20/2015-10-22 Luxembourg City, Luxembourg 🔒
HackInBo 2015-10-17 Bologna, Italy ,
44CON 2015-09-14/2015-09-15 London, United Kingdom 🔒
Black Hat USA 2015-08-01/2015-08-06 Las Vegas, USA 🔒
Hack In The Box 2015-05-26/2015-05-29 Amsterdam, Netherlands 🔒
Black Hat Asia 2015-03-26/2015-03-27 Singapore 🔒
CanSecWest 2015-03-18/2015-03-20 Vancouver, Canada 🏫
BSidesLjubljana 2015-03-12 Ljubljana, Slovenia 🔒
Chaos Communication Congress 2014-12-27/2014-12-30 Hamburg, Germany 🔒, 💳
NoSuchCon 2014-11-19/2014-11-21 Paris, France 🔒
Pacsec 2014-11-12/2014-11-13 Tokyo, Japan 🔒
Hack In The Box 2014-10-13/2014-1-16 Kuala Lumpur, Malaysia 🔒
PXE 2014-05-30 Berlin, Germany
t2 2013-10-24/2013-10-25 Helsinki, Finland
Hack.lu 2013-10-22/2013-10-24 Luxembourg City, Luxembourg
Black Hat USA 2013-07-27/2013-08-01 Las Vegas, USA
HITCON 2013-07-19/2013-07-20 Taipei, Taiwan 💳
NoSuchCon 2013-05-15/2013-05-17 Paris, France 🎵
SOURCE 2013-04-16/2013-04-18 Boston, USA 💻
CFI-CIRT PDD 2013-03-26 Toronto, Canada 💳
IT-Defense 2013-01-30/2013-01-31 Berlin, Germany 💻
Hack In The Box 2012-10-08/2012-10-08 Kuala Lumpur, Malaysia 💻
Airbus's Aircraft Security User Panel 2012-06-19/2012-06-22 Montauban, France
(the last) PH-Neutral 2012-05-25 Berlin, Germany
IT-Defense 2011-02-08/2011-02-10 Munich, Germany 💳
AVTOKYO 2011-11-12 Tokyo, Japan 💳
t2 2011-10-27/2011-10-28 Helsinki, Finland 💳
Hack In The Box 2011-10-10/2011-10-13 Kuala Lumpur, Malaysia 💳
Hack.lu 2011-09-19/2011-09-21 Luxembourg City, Luxembourg 💳
XCon 2011-09-01/2011-09-02 Beijing, China 💳
DEFCON 2011-08-04/2011-08-07 Las Vegas, USA 💳
Black Hat USA 2011-08-03/2011-08-04 Las Vegas, USA 💳
PH-Neutral 2011-05-27/2011-05-29 Berlin, Germany 💳
CanSecWest 2011-03-09/2011-03-11 Vancouver, Canada 💳
TEDx 2011-02-25 Trieste, Italy Hacking
PacSec 2010-11-10/2010-11-11 Tokyo, Japan 👥
IT-SECA, CERT-BW 2010-06-11 Stuttgart, Germany 🚗, 📡
HackCon 2010-02-16/2010-02-18 Oslo, Norway 📡
IT-Defense 2010-02-03/2010-02-05 Cologne, Germany 📡
t2 2009-10-29/2009-10-30 Helsinki, Finland 📡
Hack In The Box 2009-10-05/2009-10-08 Kuala Lumpur, Malaysia 📡
DEFCON 2009-07-30/2009-08-02 Las Vegas, USA 📡
Black Hat USA 2009-07-25/2009-07-30 Las Vegas, USA 📡
Shakacon 2009-06-08/2009-06-12 Honolulu, Hawaii 📡
PH-Neutral 2009-05-29/2009-05-31 Berlin, Germany 📡
CanSecWest 2009-03-16/2009-03-20 Vancouver, Canada 📡, 🏫
PacSec 2008-11-10/2008-11-13 Tokyo, Japan 🏫
SecVest 2008-09-23/2008-09-24 Bergen, Norway oCERT
CanSecWest 2008-03-24/2008-03-28 Vancouver, Canada 🏫
HackCon 2008-02-06/2008-02-07 Oslo, Norway 🚗
IT-Defense 2008-01-21/2008-01-25 Hamburg, Germany 🚗
PacSec 2007-11-29/2007-11-30 Tokyo, Japan 🏫
MEITSEC 2007-11-12/2007-11-13 Sharjah, Arab Emirates 🚗
Hack.lu 2007-10-18/2007-10-20 Luxembourg City, Luxembourg 🚗
Hack In The Box 2007-09-03/2007-09-06 Kuala Lumpur, Malaysia 🚗
DEFCON 2007-08-03/2007-08-05 Las Vegas, USA 🚗
Black Hat USA 2007-08-01/2007-08-03 Las Vegas, USA 🚗
PH-Neutral 2007-05-25/2007-05-27 Berlin, Germany 🚗
AusCERT 2007-05-21/2007-05-25 Gold Coast, Australia , 🛂
CanSecWest 2007-04-16/2007-04-20 Vancouver, Canada 🚗
IT Underground 2007-03-07/2007-03-09 Prague, Czech Republic 🛂
IT Underground 2006-10-26/2006-10-27 Warsaw, Poland 🛂
0sec 2006-10-13/2006-10-15 Bern, Switzerland 🛂
FOSDEM 2006-02-26 Brussels, Belgium 🛂
EuSecWest 2006-02-20/2006-02-21 London, UK
PacSec 2005-11-15/2005-11-16 Tokyo, Japan 🛂