About

Andrea Barisani is an internationally recognized security researcher. Since owning his first Commodore-64 he has never stopped studying new technologies, developing unconventional attack vectors and exploring what makes things tick...and break.

His experience builds on large-scale infrastructure defense, penetration testing and code auditing with particular focus on safety critical environments, with more than 15 years of professional experience in security consulting.

His main focus lies on the converge between secure hardware and software, an interest consolidated in the authorship of the USB armory hardware project and the TamaGo bare metal framework.

He is a well known international speaker, having presented at BlackHat, CanSecWest, Chaos Communication Congress, DEFCON, Hack In The Box, among many other conferences, speaking about innovative research on automotive hacking, side-channel attacks, payment systems, embedded system security and many other topics.

Work

Current:

2017/02 ----- now | Head of Hardware Security - WithSecure (formerly known as F-Secure)
2017/02 --------- | F-Secure acquires Inverse Path - press release
2005/11 - 2017/02 | Founder & Chief Security Engineer - Inverse Path

Past:

2005/06 - 2007/12 | Senior System Engineer - University of Trieste, Department of Astronomy
2004/11 - 2004/12 | UNIX Programming Consultant - London Internet Exchange
2003/07 - 2006/02 | Infrastructure Developer - Gentoo Linux
2001/10 - 2005/10 | UNIX Security Engineer - Live Network Security
2000/11 - 2001/07 | Sysadmin and Security Officer - NE&T, Webtechna

Outdoor

🏔 🏂 🚁 ⛰ 🧗 🏃

Contact

Andrea "lcars" Barisani | andrea@inversepath.com | PGP/GPG key: 0x864C9B9E | @andreabarisani | Trieste, Italy

Expertise

security engineering, {software,firmware,hardware} auditing, penetration testing, reverse engineering, cross-domain isolation on safety critical systems, data diodes, embedded system design, HSMs & TEEs, ...

Advisories

Industries

Projects

• TamaGo - bare metal Go for ARM SoCs


• USB armory - open source flash-drive-sized computer


• GoTEE - Go Trusted Execution Environment (TEE)


• Armored Witness - Trusted Notary


• GoKey - The bare metal Go smart card


• Armory Drive - USB encrypted drive with mobile unlock over BLE


• crucible - One-Time-Programmable (OTP) fusing tool


• INTERLOCK - file manager for encrypted storage


• NXP Cryptographic Acceleration and Assurance Module (CAAM) - Linux driver


• NXP Security Controller (SCCv2) - Linux driver


• jobun - FPGA board with integrated 802.3u PHY for Ethernet "soft" MAC experimentation


• SerialCanBus - Ruby library for serial CAN bus adapters


• tenshi - log monitoring tool


• FTester - firewall and IDS testing tool


• oCERT - Open Source Computer Security Incident Response Team

Research

• Fully arbitrary 802.3 packet injection: maximizing the Ethernet attack surface


• Chip & PIN is definitely broken - Credit card skimming and PIN harvesting in an EMV world


• Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage


• Unusual Car Navigation Tricks: Injecting RDS-TMC Traffic Information Signals


• Practical Exploitation of Embedded Systems (features 1st publication of Apple SMC hacking)

CanSecWest	2024-03-20/2024-03-22	Vancouver, Canada	🖧
Airbus CYCON	2023-10-10	The Internet	🥚
GoLab	2020-10-19/2020-10-25	The Internet	🥚
Chaos Communication Congress	2019-12-27/2019-12-30	Leipzig, Germany	🥚
escar europe	2019-11-19/2019-11-20	Stuttgart, Germany	🐞
Pacsec	2019-11-06/2019-11-07	Tokyo, Japan	🐞
t2	2019-10-24/2019-10-25	Helsinki, Finland	🔒
escar asia	2019-10-01/2019-10-02	Tokyo, Japan	🐞
BSidesVarazdin	2019-09-18	Varaždin, Croatia	🔒
No Hat	2019-09-14	Bergamo, Italy	🔒
Hack In The Box	2018-11-01/2018-11-02	Beijing, China	🔒
Air Power Conference	2018-10-30/2018-11-01	Helsinki, Finland	✈
FSec IoT Hacking Summer School	2018-07-16/2018-07-22	Varaždin, Croatia	✈, TrustZone
Aero'Nov Connection	2018-06-27/2018-06-28	Marseille, France	✈
SPIME	2017-09-20/2017-09-21	Torino, Italy	IoT Security
Airbus's Aircraft Security User Panel	2016-10-17/2016-10-20	Marseille, France	🎵
FSEC	2016-09-14/2016-09-15	Varaždin, Croatia	🔒
The Internet of Broken Things (POLIMI)	2016-09-07	Milano, Italy	✈
RMLL	2016-07-04/2016-07-06	Paris, France	🔒
Area41	2016-06-10/2016-06-11	Zurich, Switzerland	🔒
International Journalism Festival	2016-04-06/2016-04-10	Perugia, Italy	🛃
CanSecWest	2016-03-15/2016-03-18	Vancouver, Canada	🏫
t2	2015-10-29/2015-10-30	Helsinki, Finland	🔒
Hack.lu	2015-10-20/2015-10-22	Luxembourg City, Luxembourg	🔒
HackInBo	2015-10-17	Bologna, Italy	☲, ✈
44CON	2015-09-14/2015-09-15	London, United Kingdom	🔒
Black Hat USA	2015-08-01/2015-08-06	Las Vegas, USA	🔒
Hack In The Box	2015-05-26/2015-05-29	Amsterdam, Netherlands	🔒
Black Hat Asia	2015-03-26/2015-03-27	Singapore	🔒
CanSecWest	2015-03-18/2015-03-20	Vancouver, Canada	🏫
BSidesLjubljana	2015-03-12	Ljubljana, Slovenia	🔒
Chaos Communication Congress	2014-12-27/2014-12-30	Hamburg, Germany	🔒, 💳
NoSuchCon	2014-11-19/2014-11-21	Paris, France	🔒
Pacsec	2014-11-12/2014-11-13	Tokyo, Japan	🔒
Hack In The Box	2014-10-13/2014-1-16	Kuala Lumpur, Malaysia	🔒
PXE	2014-05-30	Berlin, Germany	█
t2	2013-10-24/2013-10-25	Helsinki, Finland	☲
Hack.lu	2013-10-22/2013-10-24	Luxembourg City, Luxembourg	☲
Black Hat USA	2013-07-27/2013-08-01	Las Vegas, USA	☲
HITCON	2013-07-19/2013-07-20	Taipei, Taiwan	💳
NoSuchCon	2013-05-15/2013-05-17	Paris, France	🎵
SOURCE	2013-04-16/2013-04-18	Boston, USA	💻
CFI-CIRT PDD	2013-03-26	Toronto, Canada	💳
IT-Defense	2013-01-30/2013-01-31	Berlin, Germany	💻
Hack In The Box	2012-10-08/2012-10-08	Kuala Lumpur, Malaysia	💻
Airbus's Aircraft Security User Panel	2012-06-19/2012-06-22	Montauban, France	✈
(the last) PH-Neutral	2012-05-25	Berlin, Germany	☲
IT-Defense	2011-02-08/2011-02-10	Munich, Germany	💳
AVTOKYO	2011-11-12	Tokyo, Japan	💳
t2	2011-10-27/2011-10-28	Helsinki, Finland	💳
Hack In The Box	2011-10-10/2011-10-13	Kuala Lumpur, Malaysia	💳
Hack.lu	2011-09-19/2011-09-21	Luxembourg City, Luxembourg	💳
XCon	2011-09-01/2011-09-02	Beijing, China	💳
DEFCON	2011-08-04/2011-08-07	Las Vegas, USA	💳
Black Hat USA	2011-08-03/2011-08-04	Las Vegas, USA	💳
PH-Neutral	2011-05-27/2011-05-29	Berlin, Germany	💳
CanSecWest	2011-03-09/2011-03-11	Vancouver, Canada	💳
TEDx	2011-02-25	Trieste, Italy	Hacking
PacSec	2010-11-10/2010-11-11	Tokyo, Japan	👥
IT-SECA, CERT-BW	2010-06-11	Stuttgart, Germany	🚗, 📡
HackCon	2010-02-16/2010-02-18	Oslo, Norway	📡
IT-Defense	2010-02-03/2010-02-05	Cologne, Germany	📡
t2	2009-10-29/2009-10-30	Helsinki, Finland	📡
Hack In The Box	2009-10-05/2009-10-08	Kuala Lumpur, Malaysia	📡
DEFCON	2009-07-30/2009-08-02	Las Vegas, USA	📡
Black Hat USA	2009-07-25/2009-07-30	Las Vegas, USA	📡
Shakacon	2009-06-08/2009-06-12	Honolulu, Hawaii	📡
PH-Neutral	2009-05-29/2009-05-31	Berlin, Germany	📡
CanSecWest	2009-03-16/2009-03-20	Vancouver, Canada	📡, 🏫
PacSec	2008-11-10/2008-11-13	Tokyo, Japan	🏫
SecVest	2008-09-23/2008-09-24	Bergen, Norway	oCERT
CanSecWest	2008-03-24/2008-03-28	Vancouver, Canada	🏫
HackCon	2008-02-06/2008-02-07	Oslo, Norway	🚗
IT-Defense	2008-01-21/2008-01-25	Hamburg, Germany	🚗
PacSec	2007-11-29/2007-11-30	Tokyo, Japan	🏫
MEITSEC	2007-11-12/2007-11-13	Sharjah, Arab Emirates	🚗
Hack.lu	2007-10-18/2007-10-20	Luxembourg City, Luxembourg	🚗
Hack In The Box	2007-09-03/2007-09-06	Kuala Lumpur, Malaysia	🚗
DEFCON	2007-08-03/2007-08-05	Las Vegas, USA	🚗
Black Hat USA	2007-08-01/2007-08-03	Las Vegas, USA	🚗
PH-Neutral	2007-05-25/2007-05-27	Berlin, Germany	🚗
AusCERT	2007-05-21/2007-05-25	Gold Coast, Australia	☣, 🛂
CanSecWest	2007-04-16/2007-04-20	Vancouver, Canada	🚗
IT Underground	2007-03-07/2007-03-09	Prague, Czech Republic	🛂
IT Underground	2006-10-26/2006-10-27	Warsaw, Poland	🛂
0sec	2006-10-13/2006-10-15	Bern, Switzerland	🛂
FOSDEM	2006-02-26	Brussels, Belgium	🛂
EuSecWest	2006-02-20/2006-02-21	London, UK	☣
PacSec	2005-11-15/2005-11-16	Tokyo, Japan	🛂