About
Andrea Barisani is an internationally recognized security researcher. Since owning his first Commodore-64 he has never stopped studying new technologies, developing unconventional attack vectors and exploring what makes things tick...and break.
His experience builds on large-scale infrastructure defense, penetration testing and code auditing with particular focus on safety critical environments, with more than 15 years of professional experience in security consulting.
His main focus lies on the converge between secure hardware and software, an interest consolidated in the authorship of the USB armory hardware project and the TamaGo bare metal framework.
He is a well known international speaker, having presented at BlackHat, CanSecWest, Chaos Communication Congress, DEFCON, Hack In The Box, among many other conferences, speaking about innovative research on automotive hacking, side-channel attacks, payment systems, embedded system security and many other topics.
Work
Current:
2017/02 ----- now | Head of Hardware Security - WithSecure (formerly known as F-Secure)
2017/02 --------- | F-Secure acquires Inverse Path - press release
2005/11 - 2017/02 | Founder & Chief Security Engineer - Inverse Path
Past:
2005/06 - 2007/12 | Senior System Engineer - University of Trieste, Department of Astronomy
2004/11 - 2004/12 | UNIX Programming Consultant - London Internet Exchange
2003/07 - 2006/02 | Infrastructure Developer - Gentoo Linux
2001/10 - 2005/10 | UNIX Security Engineer - Live Network Security
2000/11 - 2001/07 | Sysadmin and Security Officer - NE&T, Webtechna
Outdoor
Contact
Andrea "lcars" Barisani | andrea@inversepath.com | PGP/GPG key: 0x864C9B9E | @andreabarisani | Trieste, Italy
Expertise
security engineering, {software,firmware,hardware} auditing, penetration testing, reverse engineering, cross-domain isolation on safety critical systems, data diodes, embedded system design, HSMs & TEEs, ...
Advisories
Industries
Projects
- TamaGo - bare metal Go for ARM SoCs
- USB armory - open source flash-drive-sized computer
- GoTEE - Go Trusted Execution Environment (TEE)
- Armored Witness - Trusted Notary
- GoKey - The bare metal Go smart card
- Armory Drive - USB encrypted drive with mobile unlock over BLE
- crucible - One-Time-Programmable (OTP) fusing tool
- INTERLOCK - file manager for encrypted storage
- NXP Cryptographic Acceleration and Assurance Module (CAAM) - Linux driver
- NXP Security Controller (SCCv2) - Linux driver
- jobun - FPGA board with integrated 802.3u PHY for Ethernet "soft" MAC experimentation
- SerialCanBus - Ruby library for serial CAN bus adapters
- tenshi - log monitoring tool
- FTester - firewall and IDS testing tool
- oCERT - Open Source Computer Security Incident Response Team
Research
- Fully arbitrary 802.3 packet injection: maximizing the Ethernet attack surface
- Chip & PIN is definitely broken - Credit card skimming and PIN harvesting in an EMV world
- Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage
- Unusual Car Navigation Tricks: Injecting RDS-TMC Traffic Information Signals
- Practical Exploitation of Embedded Systems (features 1st publication of Apple SMC hacking)
Conferences
Transparency.dev Summit | 2024-10-09/2024-10-11 | London, United Kingdom | 🖧 |
Open Source Firmware Conference | 2024-09-03/2024-09-04 | Bochum, Germany | 🥚 |
Asilomar Microcomputer Workshop | 2024-04-24/2024-04-26 | Pacific Grove, USA | 🥚 |
CanSecWest | 2024-03-20/2024-03-22 | Vancouver, Canada | 🖧 |
Airbus CYCON | 2023-10-10 | The Internet | 🥚 |
GoLab | 2020-10-19/2020-10-25 | The Internet | 🥚 |
Chaos Communication Congress | 2019-12-27/2019-12-30 | Leipzig, Germany | 🥚 |
escar europe | 2019-11-19/2019-11-20 | Stuttgart, Germany | 🐞 |
Pacsec | 2019-11-06/2019-11-07 | Tokyo, Japan | 🐞 |
t2 | 2019-10-24/2019-10-25 | Helsinki, Finland | 🔒 |
escar asia | 2019-10-01/2019-10-02 | Tokyo, Japan | 🐞 |
BSidesVarazdin | 2019-09-18 | Varaždin, Croatia | 🔒 |
No Hat | 2019-09-14 | Bergamo, Italy | 🔒 |
Hack In The Box | 2018-11-01/2018-11-02 | Beijing, China | 🔒 |
Air Power Conference | 2018-10-30/2018-11-01 | Helsinki, Finland | ✈ |
FSec IoT Hacking Summer School | 2018-07-16/2018-07-22 | Varaždin, Croatia | ✈, TrustZone |
Aero'Nov Connection | 2018-06-27/2018-06-28 | Marseille, France | ✈ |
SPIME | 2017-09-20/2017-09-21 | Torino, Italy | IoT Security |
Airbus's Aircraft Security User Panel | 2016-10-17/2016-10-20 | Marseille, France | 🎵 |
FSEC | 2016-09-14/2016-09-15 | Varaždin, Croatia | 🔒 |
The Internet of Broken Things (POLIMI) | 2016-09-07 | Milano, Italy | ✈ |
RMLL | 2016-07-04/2016-07-06 | Paris, France | 🔒 |
Area41 | 2016-06-10/2016-06-11 | Zurich, Switzerland | 🔒 |
International Journalism Festival | 2016-04-06/2016-04-10 | Perugia, Italy | 🛃 |
CanSecWest | 2016-03-15/2016-03-18 | Vancouver, Canada | 🏫 |
t2 | 2015-10-29/2015-10-30 | Helsinki, Finland | 🔒 |
Hack.lu | 2015-10-20/2015-10-22 | Luxembourg City, Luxembourg | 🔒 |
HackInBo | 2015-10-17 | Bologna, Italy | ☲, ✈ |
44CON | 2015-09-14/2015-09-15 | London, United Kingdom | 🔒 |
Black Hat USA | 2015-08-01/2015-08-06 | Las Vegas, USA | 🔒 |
Hack In The Box | 2015-05-26/2015-05-29 | Amsterdam, Netherlands | 🔒 |
Black Hat Asia | 2015-03-26/2015-03-27 | Singapore | 🔒 |
CanSecWest | 2015-03-18/2015-03-20 | Vancouver, Canada | 🏫 |
BSidesLjubljana | 2015-03-12 | Ljubljana, Slovenia | 🔒 |
Chaos Communication Congress | 2014-12-27/2014-12-30 | Hamburg, Germany | 🔒, 💳 |
NoSuchCon | 2014-11-19/2014-11-21 | Paris, France | 🔒 |
Pacsec | 2014-11-12/2014-11-13 | Tokyo, Japan | 🔒 |
Hack In The Box | 2014-10-13/2014-1-16 | Kuala Lumpur, Malaysia | 🔒 |
PXE | 2014-05-30 | Berlin, Germany | █ |
t2 | 2013-10-24/2013-10-25 | Helsinki, Finland | ☲ |
Hack.lu | 2013-10-22/2013-10-24 | Luxembourg City, Luxembourg | ☲ |
Black Hat USA | 2013-07-27/2013-08-01 | Las Vegas, USA | ☲ |
HITCON | 2013-07-19/2013-07-20 | Taipei, Taiwan | 💳 |
NoSuchCon | 2013-05-15/2013-05-17 | Paris, France | 🎵 |
SOURCE | 2013-04-16/2013-04-18 | Boston, USA | 💻 |
CFI-CIRT PDD | 2013-03-26 | Toronto, Canada | 💳 |
IT-Defense | 2013-01-30/2013-01-31 | Berlin, Germany | 💻 |
Hack In The Box | 2012-10-08/2012-10-08 | Kuala Lumpur, Malaysia | 💻 |
Airbus's Aircraft Security User Panel | 2012-06-19/2012-06-22 | Montauban, France | ✈ |
(the last) PH-Neutral | 2012-05-25 | Berlin, Germany | ☲ |
IT-Defense | 2011-02-08/2011-02-10 | Munich, Germany | 💳 |
AVTOKYO | 2011-11-12 | Tokyo, Japan | 💳 |
t2 | 2011-10-27/2011-10-28 | Helsinki, Finland | 💳 |
Hack In The Box | 2011-10-10/2011-10-13 | Kuala Lumpur, Malaysia | 💳 |
Hack.lu | 2011-09-19/2011-09-21 | Luxembourg City, Luxembourg | 💳 |
XCon | 2011-09-01/2011-09-02 | Beijing, China | 💳 |
DEFCON | 2011-08-04/2011-08-07 | Las Vegas, USA | 💳 |
Black Hat USA | 2011-08-03/2011-08-04 | Las Vegas, USA | 💳 |
PH-Neutral | 2011-05-27/2011-05-29 | Berlin, Germany | 💳 |
CanSecWest | 2011-03-09/2011-03-11 | Vancouver, Canada | 💳 |
TEDx | 2011-02-25 | Trieste, Italy | Hacking |
PacSec | 2010-11-10/2010-11-11 | Tokyo, Japan | 👥 |
IT-SECA, CERT-BW | 2010-06-11 | Stuttgart, Germany | 🚗, 📡 |
HackCon | 2010-02-16/2010-02-18 | Oslo, Norway | 📡 |
IT-Defense | 2010-02-03/2010-02-05 | Cologne, Germany | 📡 |
t2 | 2009-10-29/2009-10-30 | Helsinki, Finland | 📡 |
Hack In The Box | 2009-10-05/2009-10-08 | Kuala Lumpur, Malaysia | 📡 |
DEFCON | 2009-07-30/2009-08-02 | Las Vegas, USA | 📡 |
Black Hat USA | 2009-07-25/2009-07-30 | Las Vegas, USA | 📡 |
Shakacon | 2009-06-08/2009-06-12 | Honolulu, Hawaii | 📡 |
PH-Neutral | 2009-05-29/2009-05-31 | Berlin, Germany | 📡 |
CanSecWest | 2009-03-16/2009-03-20 | Vancouver, Canada | 📡, 🏫 |
PacSec | 2008-11-10/2008-11-13 | Tokyo, Japan | 🏫 |
SecVest | 2008-09-23/2008-09-24 | Bergen, Norway | oCERT |
CanSecWest | 2008-03-24/2008-03-28 | Vancouver, Canada | 🏫 |
HackCon | 2008-02-06/2008-02-07 | Oslo, Norway | 🚗 |
IT-Defense | 2008-01-21/2008-01-25 | Hamburg, Germany | 🚗 |
PacSec | 2007-11-29/2007-11-30 | Tokyo, Japan | 🏫 |
MEITSEC | 2007-11-12/2007-11-13 | Sharjah, Arab Emirates | 🚗 |
Hack.lu | 2007-10-18/2007-10-20 | Luxembourg City, Luxembourg | 🚗 |
Hack In The Box | 2007-09-03/2007-09-06 | Kuala Lumpur, Malaysia | 🚗 |
DEFCON | 2007-08-03/2007-08-05 | Las Vegas, USA | 🚗 |
Black Hat USA | 2007-08-01/2007-08-03 | Las Vegas, USA | 🚗 |
PH-Neutral | 2007-05-25/2007-05-27 | Berlin, Germany | 🚗 |
AusCERT | 2007-05-21/2007-05-25 | Gold Coast, Australia | ☣, 🛂 |
CanSecWest | 2007-04-16/2007-04-20 | Vancouver, Canada | 🚗 |
IT Underground | 2007-03-07/2007-03-09 | Prague, Czech Republic | 🛂 |
IT Underground | 2006-10-26/2006-10-27 | Warsaw, Poland | 🛂 |
0sec | 2006-10-13/2006-10-15 | Bern, Switzerland | 🛂 |
FOSDEM | 2006-02-26 | Brussels, Belgium | 🛂 |
EuSecWest | 2006-02-20/2006-02-21 | London, UK | ☣ |
PacSec | 2005-11-15/2005-11-16 | Tokyo, Japan | 🛂 |