Jonathan Brossard
Jonathan Brossard is an Associate Professor at the Conservatoire National des Arts et Métiers (Paris, France), PhD candidate, and Researcher at the ISID laboratory of CEDRIC, teaching more particularly within the Chair of Cybersecurity. In parallel to his Academic activities, Pr. Brossard is the creator and CTO of the startup MOABI, a DeepTech company regularly awarded and acclaimed by the industry for its technological innovations. A globally recognized cybersecurity expert, he has participated in more than fifty conferences across the Planet, authoring original research. He is the inventor of several patents and author of open-source software, including the Witchcraft Compiler Collection (WCC) (available under Debian, Ubuntu, Arch Linux, Kali Linux, etc.), popular among cybersecurity experts. Pr. Brossard published the first known attacks against Microsoft Bitlocker encryption software, as well as the first remote attacks targeting Microsoft Windows 10 and the Microsoft Edge web browser. His research on cyber security has been covered in numerous international media, such as Le Monde, the MIT Technology Review, and Forbes Magazine, which covered his "Proof of Concept" of Malware Rakshasa (the world's first Firmware Backdoor). He regularly participates in popularizing cybersecurity among the general public, providing expertise on subjects such as car hacking, the hacking of the French President by foreign secret services, or reviewing the documents made public by Edward Snowden. Before joining the CNAM, Pr. Brossard previously worked as Director of Security and Principal Engineer at Salesforce (San Francisco, United States). He has also worked in Australia, India and lived in Brazil. Pr. Brossard is finally recognized as a Pioneer in the French IT community for having created the pioneering international cybersecurity conferences in France, Hackito Ergo Sum (in 2009) and NoSuchCon (in 2013), as well as having been a member of the /tmp/lab, the first Hackerspace in France (2009). An Alumni of the Lycée Louis le Grand, Pr. Brossard is an Engineer, holds a Master's degree in Artificial Intelligence and is a PhD candidate in Computer Science at the CNAM. See also his PhD thesis and his profiles on ORCID, Github, Twitter or Linkedin.
2024
Articles de conférence
- Introduction to Procedural Debugging through Binary Libification. In 18th USENIX WOOT Conference on Offensive Technologies, pages 17-25, USENIX Association, Philadelphia, PA, United States, 2024. www
- Toward Partial Proofs of Vulnerabilities. In 2024 IEEE Secure Development Conference (SecDev), pages 180-182, IEEE, Pittsburgh, United States, 2024. doi www
2020
Brevets
Articles de conférence
- Automotive/IoT Network Exploits: From Static Analysis to Reliable Exploits. In RSA Conference, San Francisco, United States, 2020. www
- Reverse Engineering da Morte que Mata. In RoadSec Conference 2020, Sao Paolo, Brazil, 2020. www
- ATTAQUES CONTRE LES SUPPLY CHAINS, RANSOMWARE : DE LA NECESSITE DE NOUVEAUX PROCESSUS. In CESIN : Keynote 2020, Reims, France, 2020. www
Divers
2019
Articles de conférence
- Hardware Backdooring is practical. In Nullcon Conference 2019, Goa, India, 2019. www
2018
2017
Articles de conférence
- Introduction to the Witchcraft Compiler Collection. In BSides San Francisco 2017, San Francisco (CA, USA), United States, 2017. www
- Silent Protest. In Shakacon Conference 2017, Honololu, Hawaii, United States, 2017. www
Divers
- [SHA217/CCC] Silent Protest: DIY wearable protest network. , Recording from the SHA217 Conference, organised by the CCC. www
2016
Livres
- Witchcraft Compiler Collection : User Manual. UBM, 2016. www
Articles de conférence
- Introduction to the Witchcraft Compiler Collection. In Intel Security Conference (iSec) 2016, Hillsboro, United States, 2016. www
- Introduction to the Witchcraft Compiler Collection. In H2HC Conference 2016, Sao Paolo, Brazil, 2016. www
- Introduction to the Witchcraft Compiler Collection. In DEFCON 24, Las Vegas, United States, 2016. www
- The Witchcraft Compiler Collection : Towards Self Aware Computer Programs. In Blackhat Briefings (UK) 2016, London, United Kingdom, 2016. www
- Introduction to the Witchcraft Compiler Collection. In DEFCON 24, Las Vegas, United States, 2016. www
Divers
2015
Articles de conférence
- XXE defence(les)s in JDK XML parsers. In Blackhat USA, Las Vegas, United States, 2015. www
- SMB : Sharing more than your files... In Blackhat USA, Las Vegas, United States, 2015. www
- Filecry : the new age of XXE. In Blackhat USA, Las Vegas, United States, 2015. www
- Hardware Backdooring is Practical. In Shakacon Conference 2015, Honololu, Hawaii, United States, 2015. www
Divers
2014
2013
Articles de conférence
- Hardware Backdooring is Practical. In AusCERT, Brisbane (AU), Australia, 2013. www
- Malware, Sandboxing and You : How Enterprise Malware and 0day detection is about to fail (again). In RUXCON Conference 2013, Melbourne (AUS), Australia, 2013. www
- An introduction to the Katsuni theorem and its application to sandboxing and software emulation. In Syscan Beijing, Beijin, Chine, China, 2013. www
- Sandboxing is (the) shit !. In Hackers to Hackers Conference (H2HC) 2013, Sao Paolo, Brazil, 2013. www
- Katsuni理论介绍以及在沙盒和软件仿真方面的应用. In Syscan 360 2013, Beijing (China), China, 2013. www
Divers
2012
Articles de conférence
- Hardware Backdooring is practical. In Blackhat Briefings (USA) 2012, Las Vegas, United States, 2012. www
- Proprietary Protocols RCE : Research leads. In RUXCON Conference Sydney Monthly 2012, Sydney (AUSTRALIA), Australia, 2012. www
- Hardware Backdooring is Practical. In Nullcon Conference 2012, Goa, India, 2012. www
- Hardware Backdooring is Practical. In Intel Security Conference (iSec) 2012, Hillsboro, United States, 2012. www
- Hardware Backdooring is practical. In Blackhat Briefings (USA) 2012, Las Vegas, United States, 2012. www
- Hardware Backdooring is practical. In RUXCON Conference 2012, Melbourne (AUS), Australia, 2012. www
- Hardware Backdooring is Practical. In Blackhat USA, Las Vegas, United States, 2012. www
- Post Memory Corruption Memory Analysis. In Chaos Communication Congress 2012, Berlin (DE), Germany, 2012. www
- Hardware Backdooring is Practical. In No Such Conference 2012, Paris, France, 2012. www
- Hardware Backdooring is practical. In DEFCON 20, Las Vegas, United States, 2012. www
Divers
2011
Articles de conférence
- Post Memory Corruption Memory Analysis. In Blackhat USA, Las Vegas, United States, 2011. www
- Post Memory Corruption Memory Analysis. In RUXCON Conference 2011, Melbourne (AUS), Australia, 2011. www
- Post Memory Corruption Memory Analysis. In Kiwicon New Zealand 2011, Wellington, New Zealand, New Zealand, 2011. www
- Post Memory Corruption Memory Analysis. In HITB Conference Kuala-Lumpur 2011, Kuala Lumpur, Malaysia, 2011. www
Divers
Rapports
- Beyond Fuzzing : Exploit Automation with PMCMA. Technical Report, HITB, 2011.
2010
Articles de conférence
- Breaking virtualization by any means. In HITB Conference Kuala-Lumpur 2010, Kuala Lumpur, Malaysia, 2010. www
- Breaking Virtualization by switching the CPU to 8086 mode. In Hackito Ergo Sum 2010, Paris, France, 2010. www
- Generic exploitation of invalid memory writes. In Hackers to Hackers Conference (H2HC) 2010, Sao Paolo, Brazil, 2010. www
- Breaking virtualization by switching the cpu to virtual 8086 mode. In RUXCON Conference 2010, Melbourne (AUS), Australia, 2010. www
- Breaking Virtualization by switching to Virtual 8086 mode. In HITB Conference Amsterdam 2010, Amsterdam (NETHERLANDS), Netherlands, 2010. www
- Breaking Virtualization by switching the CPU to 8086 mode. In HITB Conference Kuala-Lumpur 2010, Kuala Lumpur, Malaysia, 2010. www
2009
Articles de conférence
- PreBoot Authentication Password Cracking on a budget. In Hackers to Hackers Conference (H2HC) 2009, Sao Paolo, Brazil, 2009. www
- Zero crypto attacks against preboot authentication passwords. In Telecomix Conference 2009, Goteberg, Sweden, 2009. www
Divers
2008
Articles de conférence
- Reverse Engineering for exploit writers. In ClubHack, Pune, India, India, 2008. www
- Bypassing pre-boot authentication passwords by instrumenting the BIOS keyboard buffer. In DEFCON 16, Las Vegas, United States, 2008. www
- Bypassing pre-boot authentication passwords by instrumenting the BIOS keyboard buffer. In DEFCON 16, Las Vegas, United States, 2008. www