Jonathan Brossard also known as endrazine, is a French

hacker A hacker is a person skilled in information technology who achieves goals and solves problems by non-standard means. The term has become associated in popular culture with a security hackersomeone with knowledge of bug (computing), bugs or exp ...

, engineer and a Professor of

computer science Computer science is the study of computation, information, and automation. Computer science spans Theoretical computer science, theoretical disciplines (such as algorithms, theory of computation, and information theory) to Applied science, ...

at the Conservatoire National des Arts et Metiers. He is best known as a pioneer in firmware cybersecurity, having presented the first public example of a

hardware backdoor A hardware backdoor is a backdoor implemented within the physical components of a computer system, also known as its hardware. They can be created by introducing malicious code to a component's firmware, or even during the manufacturing process ...

. The ''

MIT Technology Review ''MIT Technology Review'' is a bimonthly magazine wholly owned by the Massachusetts Institute of Technology. It was founded in 1899 as ''The Technology Review'', and was re-launched without "''The''" in its name on April 23, 1998, under then pu ...

'' called it "undetectable and uncurable". He has presented several times at conferences such as

Defcon The defense readiness condition (DEFCON) is an alert state used by the United States Armed Forces. For security reasons, the U.S. military does not announce a DEFCON level to the public. The DEFCON system was developed by the Joint Chiefs of Sta ...

and Blackhat, as the Director of Security at

Salesforce Salesforce, Inc. is an American cloud-based software company headquartered in San Francisco, California. It provides applications focused on sales, customer service, marketing automation, e-commerce, analytics, artificial intelligence, and ap ...

Research

In 2008, Jonathan presented the first public vulnerability affecting full disk encryption software Microsoft

Bitlocker BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the Advanced Encryption Standard ...

. at

. His generic exploit also affected other full disk encryption software such as

Truecrypt TrueCrypt is a discontinued source-available freeware utility software, utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file, encrypt a Disk partitioning, partition, or encrypt the whole Data storag ...

, and BIOS firmware from

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California, and Delaware General Corporation Law, incorporated in Delaware. Intel designs, manufactures, and sells computer compo ...

. In 2012, Jonathan presented a Proof of Concept BIOS and PCI firmware

malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...

. named Rakshasa, the first known example of a permanent

Hardware backdoor A hardware backdoor is a backdoor implemented within the physical components of a computer system, also known as its hardware. They can be created by introducing malicious code to a component's firmware, or even during the manufacturing process ...

and Blackhat. The attack consisted in the inclusion of a

Bootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exist ...

in firmware either from the BIOS or Network cards. In 2015, along with the security team at

, he presented at Blackhat the first public attacks against

Microsoft Edge Microsoft Edge is a Proprietary Software, proprietary cross-platform software, cross-platform web browser created by Microsoft and based on the Chromium (web browser), Chromium open-source project, superseding Edge Legacy. In Windows 11, Edge ...

. and the

Windows 10 Windows 10 is a major release of Microsoft's Windows NT operating system. The successor to Windows 8.1, it was Software release cycle#Release to manufacturing (RTM), released to manufacturing on July 15, 2015, and later to retail on July 2 ...

operating system, allowing credential theft over the internet. Researchers discovered that

Google Chrome Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, iPadOS, an ...

was vulnerable to the very same

Server Message Block Server Message Block (SMB) is a communication protocol used to share files, printers, serial ports, and miscellaneous communications between nodes on a network. On Microsoft Windows, the SMB implementation consists of two vaguely named Windows ...

vulnerability. Jonathan is the main author of the Witchcraft Compiler Collection, a reverse engineering framework presented at major conferences including

, Blackhat and

USENIX USENIX is an American 501(c)(3) nonprofit membership organization based in Berkeley, California and founded in 1975 that supports advanced computing systems, operating system (OS), and computer networking research. It organizes several confe ...

. This framework allowing to transform an ELF binary into a shared library is available on Linux distributions such as

Debian Debian () is a free and open-source software, free and open source Linux distribution, developed by the Debian Project, which was established by Ian Murdock in August 1993. Debian is one of the oldest operating systems based on the Linux kerne ...

Ubuntu Ubuntu ( ) is a Linux distribution based on Debian and composed primarily of free and open-source software. Developed by the British company Canonical (company), Canonical and a community of contributors under a Meritocracy, meritocratic gover ...

or the

Kali Linux Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. The software is based on the Debian''Testing'' branch: most packages Kali uses are imported from the De ...

distribution. Jonathan served as a security expert for major media outlets, for instance in the

XKeyscore XKeyscore (XKEYSCORE or XKS) is a secret computer system used by the United States National Security Agency (NSA) for searching and analyzing global Internet data, which it collects in real time. The NSA has shared XKeyscore with other intelligen ...

program disclosed by

Edward Snowden Edward Joseph Snowden (born June 21, 1983) is a former National Security Agency (NSA) intelligence contractor and whistleblower who leaked classified documents revealing the existence of global surveillance programs. Born in 1983 in Elizabeth ...

, mass surveillance programs, when the NSA allegedly hacked French President

Nicolas Sarkozy Nicolas Paul Stéphane Sarközy de Nagy-Bocsa ( ; ; born 28 January 1955) is a French politician who served as President of France from 2007 to 2012. In 2021, he was found guilty of having tried to bribe a judge in 2014 to obtain information ...

's emails, or warning the industry about car hacking as early as 2012.

Hacking culture

In 2014 Jonathan was the main cybersecurity consultant to the

Watch Dogs ''Watch Dogs'' (stylized as ''WATCH_DOGS'') is an action-adventure video game franchise published by Ubisoft, and developed primarily by its Montreal and Toronto studios using the Disrupt game engine. The series' eponymous first title was rele ...

Ubisoft Ubisoft Entertainment SA (; ; formerly Ubi Soft Entertainment SA) is a French video game publisher headquartered in Saint-Mandé with development studios across the world. Its video game franchises include '' Anno'', '' Assassin's Creed'', ' ...

, presenting the game to an international press audience in Chicago, with global coverage including Australia, Deutschland, France or Spain. In 2016, Jonathan was also the main consultant for the second opus of the franchise

Watch Dogs 2 ''Watch Dogs 2'' is a 2016 action-adventure game developed by Ubisoft Montreal and published by Ubisoft. It is the sequel to 2014's '' Watch Dogs'' and the second installment in the '' Watch Dogs'' series. It was released for the PlayStation 4 ...

and presented it to the international press. In 2012, Jonathan, along with other top security researchers including

Chris Valasek Chris Valasek is a computer security researcher with Cruise Automation, a self-driving car startup owned by GM, and most recently known for his work in automotive security research. Career Prior to his current employment, he worked for: * ...

Matt Suiche Matthieu Suiche (born September 22, 1988), also known as Matt and under the username msuiche, is a French people, French Hacker (computer security), hacker and entrepreneur. He is widely known as the founder of MoonSols and co-founder of CloudVol ...

and

Jon Oberheide use both this parameter and , birth_date to display the person's date of birth, date of death, and age at death) --> , death_place = , death_cause = , body_discovered = , resting_place = , resting_place_coordinates = ...

submitted a bogus, computer-generated article on

Nmap Nmap (Network Mapper) is a network scanner created by Gordon Lyon (also known by his pseudonym ''Fyodor Vaskovich''). Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap pro ...

to the Hakin9 security magazine, as a way to protest against the constant spamming of top researchers by the magazine. While the stunt was praised by hackers, the response of Hakin9, legally threatening fellow

author

Gordon Lyon Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) is an American network security expert, creator of Nmap and author of books, websites, and technical papers about network security. He is a founding member of the Honeynet Project and ...

was so terrible that it earned the

Pwnie Awards The Pwnie Awards recognize both excellence and incompetence in the field of information security. Winners are selected by a committee of security industry professionals from nominations collected from the information security community. Nominees ...

for most epic fail in 2013. Jonathan is the co-founder of international cybersecurity

conferences A conference is a meeting, often lasting a few days, which is organized on a particular subject, or to bring together people who have a common interest. Conferences can be used as a form of group decision-making, although discussion, not always d ...

Hackito Ergo Sum and NoSuchCon. He also sits on the review boards of the Shakacon (Honolulu, USA) and Nullcon (Goa, India) conferences.

References

External links

* {{DEFAULTSORT:Brossard, Jonathan Computer security specialists Hackers Living people French computer scientists Year of birth missing (living people)

Research

Hacking culture

See also

References

External links