Draft:Jonathan Brossard

Review waiting, please be patient. This may take 3 months or more, since drafts are reviewed in no specific order. There are 1,769 pending submissions waiting for review. If the submission is accepted, then this page will be moved into the article space. If the submission is declined, then the reason will be posted here. In the meantime, you can continue to improve this submission by editing normally. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL Easy tools: Citation bot (help) | Advanced: Fix bare URLs Reviewer tools Instructions · What links here · Jonathan Brossard (talk: + · bio) · (log) · Copyvios report · reFill · Citation Bot · (Search: Google, Bing, Wikipedia) · Submitted 20 days ago by StewartSutherland5 (talk: D · +) · Last edited 8 days ago by StewartSutherland5

Submission declined on 14 August 2024 by Jdcomix (talk). This submission's references do not show that the subject qualifies for a Wikipedia article—that is, they do not show significant coverage (not just passing mentions) about the subject in published, reliable, secondary sources that are independent of the subject (see the guidelines on the notability of people). Before any resubmission, additional references meeting these criteria should be added (see technical help and learn about mistakes to avoid when addressing this issue). If no additional references exist, the subject is not suitable for Wikipedia. If you would like to continue working on the submission, click on the "Edit" tab at the top of the window. If you have not resolved the issues listed above, your draft will be declined again and potentially deleted. If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors. Please do not remove reviewer comments or this notice until the submission is accepted. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL Easy tools: Citation bot (help) | Advanced: Fix bare URLs Declined by Jdcomix 21 days ago. Last edited by StewartSutherland5 8 days ago. Reviewer: Inform author. This draft has been resubmitted and is currently awaiting re-review.

Jonathan Brossard
Jonathan Brossard at the Defcon Conference in Las Vegas in 2016
Nationality	French
Known for	Hardware backdoor, Watch Dogs
Scientific career
Fields	Computer science
Institutions	Conservatoire National des Arts et Metiers
Website	endrazine.com

Jonathan Brossard also known under the username endrazine, is a French hacker, Engineer and Professor of computer science at the Conservatoire National des Arts et Metiers^[1]. He is best known as a pioneer in firmware cybersecurity, having presented the first public example of a Hardware backdoor^[2]. The MIT Technology Review called it "undetectable and uncurable"^[3]. He has presented multiple times at conferences such as Defcon^[4] and Blackhat^[5], as the Director of Security at Salesforce.

Security Research

Bitlocker Security

In 2008, Jonathan presented the first public vulnerability affecting full disk encryption software Microsoft Bitlocker^[6] at Defcon. His generic exploit also affected other full disk encryption software such as Truecrypt ^[7], and BIOS firmware from Intel^[8][9].

Hardware Backdooring

In 2012, Jonathan presented a Proof of Concept BIOS and PCI firmware malware ^[10] named Rakshasa^[11], the first known^[12] example of a permanent Hardware backdoor at Defcon and Blackhat^[2][3][13]. The attack consisted in the inclusion of a Bootkit in firmware^[14] either from the BIOS or Network cards^[15].

Microsoft Edge, Chrome and Windows 10

In 2015, along with the security team at Salesforce, he presented at Blackhat the first public attacks against Microsoft Edge^[16] and the Windows 10 operating system^[17], allowing credential theft over the internet. Researchers discovered that Google Chrome was vulnerable to the very same Server Message Block vulnerability^[18][19].

Witchcraft Compiler Collection

Jonathan is the main author of the Witchcraft Compiler Collection, a reverse engineering framework presented at major conferences including Defcon, Blackhat and USENIX^[20]. This framework allowing to transform an ELF binary into a shared library is available on Linux distrubutions such as Debian, Ubuntu or the Kali Linux distribution^[21].

Other Notable Research

Jonathan served as a security expert for major media outlets, for instance in the XKeyscore program^[22][23] disclosed by Edward Snowden, mass surveillance programs^[24], when the NSA allegedly hacked French President Nicolas Sarkozy's emails^[25], or warning the industry about car hacking^[26][27] as early as 2012.

Hacking Culture

Watch Dogs I Video Game

In 2014 Jonathan was the main cybersecurity consultant to the Watch Dogs by Ubisoft, presenting the game to an international press audience in Chicago, with global coverage including Australia^[26], Deutschland^[28] , France^[29][30] or Spain^[31].

Watch Dogs II Video Game

In 2016, Jonathan was also the main consultant^[32] of the second opus of the franchise Watch Dogs 2 and presented it to the international press^[33][34].

Hakin9 bogus nmap article

In 2012, Jonathan, along with other top security researchers including Chris Valasek, Matt Suiche and Jon Oberheide submitted a bogus, computer generated article^[35] on Nmap to the Hakin9 security magazine, as a way to protest against the constant spamming of top researchers by the magazine^[36]. While the stunt was praised by hackers, the response of Hakin9, legally threatening fellow Nmap author Gordon Lyon was so terrible that it earned the Pwnie Awards for most epic fail in 2013.

Conference Organizer

Jonathan is the co-founder of international cybersecurity conferences Hackito Ergo Sum^[37][38] and NoSuchCon^[39][40][29]. He also sits on the review boards of the Shakacon (Honolulu, USA)^[41] and Nullcon (Goa, India)^[42] conferences.

See also

• Hardware_backdoor
• Bitlocker

References

1. "Jonathan Brossard Academic Page". Conservatoire National des Arts et Metiers.
2. "Meet 'Rakshasa,' The Malware Infection Designed To Be Undetectable And Incurable". Forbes.
3. "A Computer Infection that Can Never Be Cured". MIT Technology Review.
4. "Defcon 2016". Defcon Conference.
5. "Black Hat USA 2015". Blackhat Conference.
6. "BitLocker, Brossard's Pre-boot Authentication Research, and the BSI". Microsoft Security. Archived from the original on 2015-07-01. Retrieved 2024-08-14.
7. "Bypassing pre-boot authentiation passwords by instrumenting the BIOS keyboard buffer" (PDF). Defcon Conference.
8. "Intel Keyboard Buffer Information Disclosure Vulnerability". Intel Security.
9. Thirupathi, Devi (2013). "A Novel Method To Access BIOS Through Client Server Technology". International Journal of Computer Applications. 82 (2). Foundation of Computer Science (FCS), NY, USA: 15–19. Bibcode:2013IJCA...82b..15P. doi:10.5120/14087-1352.
10. "Difficult for PC viruses to stay invisible indefinitely". Zdnet.
11. "Black Hat: Researcher Demonstrates Hardware Backdoor". Dark Reading.
12. Matrosov, Alex (May 2019). Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats. No Starch Press. p. 259. ISBN 978-1593277161.
13. "Menace sur la sécurité des PC" (in French). Le Monde. 26 April 2012.
14. "Persistent, undetectable malware presented at Black Hat 2012". The Verge. August 2012.
15. "Researcher Creates Proof-of-concept Malware That Infects BIOS, Network Cards". PC World.
16. "First Vulnerability Found in Microsoft Edge, Affects Other Software as Well". Softopedia.
17. "New SMB Relay Attack Steals User Credentials Over Internet". Dark Reading.
18. "Celah Keamanan Kredensial Windows Pada Google Chrome". Research Gate.
19. "Google Chrome WARNING - This terrifying new HACK leaves Windows PCs open to ATTACK too". Daily Express. 18 May 2017.
20. Brossard, Jonathan (2024). Introduction to Procedural Debugging through Binary Libification. USENIX Association. p. 17. ISBN 978-1-939133-43-4.
21. "The Witchcraft Compiler Collection Manual Page". Debian.
22. "XKEYSCORE". The Intercept. July 2015.
23. "NSA's hacking tool is apparently as easy to use as a Google search". Engadget. 2 July 2015.
24. Naughton, John (12 October 2013). "US fears back-door routes into the net because it's building them too". The Guardian.
25. "NSA: les Américains étaient-ils à l'origine de l'espionnage de l'Elysée en 2012?" (in French). L'Express. 20 November 2012.
26. "Whitehat Jonathan Brossard Warns Cars Can be Hacked on the Road". Sydney Morning Herald. 31 May 2014.
27. James, Guy; Greenfield, Mat (9 March 2015). "Can driverless cars be made safe from hackers?". The Guardian.
28. "Hier wird gehackt statt geballert" (in German). Focus Deutschland.
29. "" J'étais pas bon en foot, je me suis dit : "Tiens, je vais faire du hacking" "" (in French). Le Nouvel Observateur. 25 December 2014.
30. "«Watch Dogs» pour se mettre dans la peau d'un pirate informatique" (in French). 20 Minutes. 25 May 2014.
31. Pantaleoni, Ana (19 May 2014). "'Watch Dogs' toma Chicago". El Pais (in Spanish).
32. "Jonathan Brossard on IMDB". Internet Movie Database.
33. "Watch Dogs 2, il videogioco sui Big Data per i Millennials" (in Italian). Corriere de la Sierra. 14 November 2016.
34. "Un jeu qui pourrait devenir réalité" (in French). Le Parisien. 27 May 2014.
35. "Nmap: The Internet Considered Harmful - DARPA Inference Cheking Kludge Scanning" (PDF). Hakin9.
36. "Experts troll 'biggest security mag in the world' with DICKish submission". The Register.
37. "Hackito Ergo Sum Team". Hackito Ergo Sum Conference. 2012.
38. Leyden, John (1 February 2011). "Alternative security conferences plot European editions". The Register.
39. "Sécurité Informatique : NoSuchCon". Le Monde Informatique (in French).
40. Karayan, Raphaële (22 November 2014). "Hacking: 'Tout ce que vous mettez sur Internet pourra être réutilisé à votre insu'". L'Express (in French).
41. "Shakacon IT Security Conference To Be Held In Hawaii In June". Dark Reading. 8 May 2013.
42. "Nullcon Review Board : Profile of Jonathan Brossard". Nullcon Conference.

External links

• Official website

Category:People associated with computer security Category:Living people Category:French computer scientists