About

Andrea Barisani is an internationally recognized security researcher. Since owning his first Commodore-64 he has never stopped studying new technologies, developing unconventional attack vectors and exploring what makes things tick...and break.

His experiences focus on large-scale infrastructure defense, penetration testing and code auditing with particular focus on safety critical environments, with more than 15 years of professional experience in security consulting.

Being an active member of the international open source and security community he contributed to several projects, books and open standards. He is the founder of the oCERT effort, the Open Source Computer Security Incident Response Team.

He is a well known international speaker, having presented at BlackHat, CanSecWest, Chaos Communication Congress, DEFCON, Hack In The Box, among many other conferences, speaking about innovative research on automotive hacking, side-channel attacks, payment systems, embedded system security and many other topics.

Work

Current:

02/2017 - now | Head of Hardware Security - F-Secure
02/2017 ----- | F-Secure acquires Inverse Path - press release
11/2005 - now | Founder & Chief Security Engineer - Inverse Path

Past:

06/2005 - 12/2007 | Senior System Engineer - University of Trieste, Department of Astronomy
11/2004 - 12/2004 | UNIX Programming Consultant - London Internet Exchange
07/2003 - 02/2006 | Infrastructure Developer - Gentoo Linux
10/2001 - 10/2005 | UNIX Security Engineer - Live Network Security
11/2000 - 07/2001 | Sysadmin and Security Officer - NE&T, Webtechna

Contact

[email protected] | PGP/GPG key: 0x864C9B9E | @andreabarisani | Trieste, Italy

Expertise

{software,firmware,hardware} auditing, penetration testing, reverse engineering, forensics analysis, system hardening, cross-domain isolation on safety critical systems, data diodes, embedded system design, ...

Industries

Automotive
Co-author of the very first research on vehicle security, vast experience in securing all kind of automotive embedded systems such as telematic control units, infotainment systems and ECUs.
Avionics
A focal point, with many years of experience, for aircraft and avionics manufacturers in auditing their safety critical systems from hardware or software security issues.
Consumer
Deep knowledge and experience in the convergence between software and hardware, aimed at securing all layers and protect intellectual property on all kind of consumer electronics.
Enterprise
Vast experience in security auditing for major IT infrastructures of the largest enterprise environments, including large scale penetration testing, application auditing and IDS deployment.
Financial
Co-author of leading research in credit card security, discovering novel flaws in Chip & PIN systems. Vast experience in securing entire banking infrastructures from consumer card chips to POSes and up to transaction backends.
Industrial
Specialized in securing safety critical infrastructure from the ground up, including hardware, firmware and software auditing of proprietary control systems with air, land, sea or space applications.

Projects

Research

Conferences

🎵 Keynote
👥 Panel
🔒 Forging the USB armory
💳 Practical EMV PIN interception and fraud detection
Fully arbitrary 802.3 packet injection: maximizing the Ethernet attack surface
💻 Practical exploitation of embedded systems
Real-life experiences in avionics security assessment
📡 Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage
🚗 Unusual Car Navigation Tricks: Injecting RDS-TMC Traffic Information Signals
☣ Lessons in Open Source security: the tale of a 0-Day incident
🛂 Building a modern LDAP based security framework
斈 Security Masters Dojo
█ Classified
SPIME 2017-09-20/2017-09-21 Torino, Italy IoT Security
Airbus's Aircraft Security User Panel 2016-10-17/2016-10-20 Marseille, France 🎵
FSEC 2016-09-14/2016-09-15 VaraĹždin, Croatia 🔒
The Internet of Broken Things (POLIMI) 2016-09-07 Milano, Italy
RMLL 2016-07-04/2016-07-06 Paris, France 🔒
Area41 2016-06-10/2016-06-11 Zurich, Switzerland 🔒
International Journalism Festival 2016-04-06/2016-04-10 Perugia, Italy 🛃
CanSecWest 2016-03-15/2016-03-18 Vancouver, Canada
T2 2015-10-29/2015-10-30 Helsinki, Finland 🔒
Hack.lu 2015-10-20/2015-10-22 Luxembourg City, Luxembourg 🔒
HackInBo 2015-10-17 Bologna, Italy ,
44CON 2015-09-14/2015-09-15 London, United Kingdom 🔒
Black Hat USA 2015-08-01/2015-08-06 Las Vegas, USA 🔒
Hack In The Box 2015-05-26/2015-05-29 Amsterdam, Netherlands 🔒
Black Hat Asia 2015-03-26/2015-03-27 Singapore 🔒
CanSecWest 2015-03-18/2015-03-20 Vancouver, Canada
BSidesLjubljana 2015-03-12 Ljubljana, Slovenia 🔒
Chaos Communication Congress 2014-12-27/2014-12-30 Hamburg, Germany 🔒, 💳
NoSuchCon 2014-11-19/2014-11-21 Paris, France 🔒
Pacsec 2014-11-12/2014-11-13 Tokyo, Japan 🔒
Hack In The Box 2014-10-13/2014-1-16 Kuala Lumpur, Malaysia 🔒
PXE 2014-05-30 Berlin, Germany
T2 2013-10-24/2013-10-25 Helsinki, Finland
Hack.lu 2013-10-22/2013-10-24 Luxembourg City, Luxembourg
Black Hat USA 2013-07-27/2013-08-01 Las Vegas, USA
HITCON 2013-07-19/2013-07-20 Taipei, Taiwan 💳
NoSuchCon 2013-05-15/2013-05-17 Paris, France 🎵
SOURCE 2013-04-16/2013-04-18 Boston, USA 💻
CFI-CIRT PDD 2013-03-26 Toronto, Canada 💳
IT-Defense 2013-01-30/2013-01-31 Berlin, Germany 💻
Hack In The Box 2012-10-08/2012-10-08 Kuala Lumpur, Malaysia 💻
Airbus's Aircraft Security User Panel 2012-06-19/2012-06-22 Montauban, France
(the last) PH-Neutral 2012-05-25 Berlin, Germany
IT-Defense 2011-02-08/2011-02-10 Munich, Germany 💳
AVTOKYO 2011-11-12 Tokyo, Japan 💳
T2 2011-10-27/2011-10-28 Helsinki, Finland 💳
Hack In The Box 2011-10-10/2011-10-13 Kuala Lumpur, Malaysia 💳
Hack.lu 2011-09-19/2011-09-21 Luxembourg City, Luxembourg 💳
XCon 2011-09-01/2011-09-02 Beijing, China 💳
DEFCON 2011-08-04/2011-08-07 Las Vegas, USA 💳
Black Hat USA 2011-08-03/2011-08-04 Las Vegas, USA 💳
PH-Neutral 2011-05-27/2011-05-29 Berlin, Germany 💳
CanSecWest 2011-03-09/2011-03-11 Vancouver, Canada 💳
TEDx 2011-02-25 Trieste, Italy Hacking
PacSec 2010-11-10/2010-11-11 Tokyo, Japan 👥
IT-SECA, CERT-BW 2010-06-11 Stuttgart, Germany 🚗, 📡
HackCon 2010-02-16/2010-02-18 Oslo, Norway 📡
IT-Defense 2010-02-03/2010-02-05 Cologne, Germany 📡
T2 2009-10-29/2009-10-30 Helsinki, Finland 📡
Hack In The Box 2009-10-05/2009-10-08 Kuala Lumpur, Malaysia 📡
DEFCON 2009-07-30/2009-08-02 Las Vegas, USA 📡
Black Hat USA 2009-07-25/2009-07-30 Las Vegas, USA 📡
Shakacon 2009-06-08/2009-06-12 Honolulu, Hawaii 📡
PH-Neutral 2009-05-29/2009-05-31 Berlin, Germany 📡
CanSecWest 2009-03-16/2009-03-20 Vancouver, Canada 📡,
PacSec 2008-11-10/2008-11-13 Tokyo, Japan
SecVest 2008-09-23/2008-09-24 Bergen, Norway oCERT
CanSecWest 2008-03-24/2008-03-28 Vancouver, Canada
HackCon 2008-02-06/2008-02-07 Oslo, Norway 🚗
IT-Defense 2008-01-21/2008-01-25 Hamburg, Germany 🚗
PacSec 2007-11-29/2007-11-30 Tokyo, Japan
MEITSEC 2007-11-12/2007-11-13 Sharjah, Arab Emirates 🚗
Hack.lu 2007-10-18/2007-10-20 Luxembourg City, Luxembourg 🚗
Hack In The Box 2007-09-03/2007-09-06 Kuala Lumpur, Malaysia 🚗
DEFCON 2007-08-03/2007-08-05 Las Vegas, USA 🚗
Black Hat USA 2007-08-01/2007-08-03 Las Vegas, USA 🚗
PH-Neutral 2007-05-25/2007-05-27 Berlin, Germany 🚗
AusCERT 2007-05-21/2007-05-25 Gold Coast, Australia , 🛂
CanSecWest 2007-04-16/2007-04-20 Vancouver, Canada 🚗
IT Underground 2007-03-07/2007-03-09 Prague, Czech Republic 🛂
IT Underground 2006-10-26/2006-10-27 Warsaw, Poland 🛂
0sec 2006-10-13/2006-10-15 Bern, Switzerland 🛂
FOSDEM 2006-02-26 Brussels, Belgium 🛂
EuSecWest 2006-02-20/2006-02-21 London, UK
PacSec 2005-11-15/2005-11-16 Tokyo, Japan 🛂