julien.moinard@opale-security.com: A complete toolbox for IoT security

Presented at 32C3 (2015), Dec. 28, 2015, 8:30 p.m. (60 minutes)

It is clear that something is needed to help the security community to evaluate, audit and control the security level of hardware products. Hardsploit is a complete tool box (hardware & software), a framework which aims to: - Facilitate the audit of electronic systems for industry 'security' workers (consultants, auditors, pentesters, product designers, etc.) - Increase the level of security (and trust !) of new products designed by the industry Hardsploit is an all-in-one hardware pentesting tool with software and electronic aspects. It's a technical and modular platform (using FPGA) to perform security tests by using electronic communication bus. The main hardware security audit functions are: - Sniffer - Interact - Dump Hardsploit's modules will let users intercept, replay and / or send data via each type of electronic bus used by the target. The level of interaction that pentesters will have depends on the targeted bus features. Hardsploit's modules also enable you to analyze electronic bus (serial and parallel types) like JTAG, SPI, I2C's, parallel addresses and more will come ! We also provide a graphical interface to manage your components and their commands. A wiring helper module is available too. It will help you connect easily your target to Hardsploit. Our ambition is to provide a tool equivalent to those offered by the company Qualys or the Metasploit Framework but in the domain of embedded systems/electronics.

Presenters:

• Gwénolé Audic
• Julien Moinard   as Julien MOINARD
  Julien MOINARD, an electronics engineer with a solid background in this field (over 8 years) associated with many personal and professional experiments in the field of microcontrollers & FPGA. Furthermore, he contributes to several training in university. Julien is also the senior hardware pentester of OPALE SECURITY and a Blackhat Speaker and trainer at Hack in Paris. Julien is the Team Leader of the Hardsploit Project (Hardsploit.io): a framework dedicated to hardware hacking.
• Yann.A
  Yann ALLAIN, CEO of OPALE SECURITY, BlackHat Speaker and Trainer at HackInParis. I work in the security industry since 20 years now. I'm graduated from a computer and electronic engineering school (University Pierre et Marie Curie). After a time in the electronic industry as an engineer in embedded system conception, I made a career move towards IT. I started as a production manager for a company in the financial sector (Private Banking), and evolved towards IT security when he became part of the ACCOR group. I was in charge of applicative security for the group. I'm the actual director of Opale Security, a company I created in 2008 : Our business is 100% on IT security and Embedded Security. Julien Moinard, is the architect team leader of the Hardsploit project and he is also a BlackHat Speaker and Trainer at HackInParis + a senior hardware pentesters.

Links:

• https://fahrplan.events.ccc.de/congress/2015/Fahrplan/events/7496.html

Similar Presentations:

• DEF CON 22 (2014) / NSA Playset: DIY WAGONBED Hardware Implant over I2C
• SAINTCON 2019 / Introduction to I2C on the bus pirate
• DEF CON 24 (2016) / CAN i haz car secret plz?