Presented at
32C3 (2015),
Dec. 28, 2015, 8:30 p.m.
(60 minutes).
It is clear that something is needed to help the security community to evaluate, audit and control the security level of hardware products.
Hardsploit is a complete tool box (hardware & software), a framework which aims to:
- Facilitate the audit of electronic systems for industry 'security' workers (consultants, auditors, pentesters, product designers, etc.)
- Increase the level of security (and trust !) of new products designed by the industry
Hardsploit is an all-in-one hardware pentesting tool with software and electronic aspects. It's a technical and modular platform (using FPGA) to perform security tests by using electronic communication bus.
The main hardware security audit functions are:
- Sniffer
- Interact
- Dump
Hardsploit's modules will let users intercept, replay and / or send data via each type of electronic bus used by the target. The level of interaction that pentesters will have depends on the targeted bus features.
Hardsploit's modules also enable you to analyze electronic bus (serial and parallel types) like JTAG, SPI, I2C's, parallel addresses and more will come !
We also provide a graphical interface to manage your components and their commands. A wiring helper module is available too. It will help you connect easily your target to Hardsploit.
Our ambition is to provide a tool equivalent to those offered by the company Qualys or the Metasploit Framework but in the domain of embedded systems/electronics.
Presenters:
-
Yann.A
Yann ALLAIN, CEO of OPALE SECURITY, BlackHat Speaker and Trainer at HackInParis. I work in the security industry since 20 years now. I'm graduated from a computer and electronic engineering school (University Pierre et Marie Curie). After a time in the electronic industry as an engineer in embedded system conception, I made a career move towards IT. I started as a production manager for a company in the financial sector (Private Banking), and evolved towards IT security when he became part of the ACCOR group. I was in charge of applicative security for the group. I'm the actual director of Opale Security, a company I created in 2008 : Our business is 100% on IT security and Embedded Security.
Julien Moinard, is the architect team leader of the Hardsploit project and he is also a BlackHat Speaker and Trainer at HackInParis + a senior hardware pentesters.
-
Julien Moinard
as Julien MOINARD
Julien MOINARD, an electronics engineer with a solid background in this field (over 8 years) associated with many personal and professional experiments in the field of microcontrollers & FPGA. Furthermore, he contributes to several training in university. Julien is also the senior hardware pentester of OPALE SECURITY and a Blackhat Speaker and trainer at Hack in Paris. Julien is the Team Leader of the Hardsploit Project (Hardsploit.io): a framework dedicated to hardware hacking.
-
Gwénolé Audic
Links:
Similar Presentations: