Jonathan Brossard

In 2008, Jonathan presented the first public vulnerability affecting full disk encryption software Microsoft Bitlocker. at Defcon. His generic exploit also affected other full disk encryption software such as Truecrypt, and BIOS firmware from Intel.

In 2012, Jonathan presented a Proof of Concept BIOS and PCI firmware malware. named Rakshasa, the first known example of a permanent Hardware backdoor at Defcon and Blackhat. The attack consisted in the inclusion of a Bootkit in firmware either from the BIOS or Network cards.

In 2015, along with the security team at Salesforce, he presented at Blackhat the first public attacks against Microsoft Edge. and the Windows 10 operating system, allowing credential theft over the internet. Researchers discovered that Google Chrome was vulnerable to the very same Server Message Block vulnerability.

Jonathan is the main author of the Witchcraft Compiler Collection, a reverse engineering framework presented at major conferences including Defcon, Blackhat and USENIX. This framework allowing to transform an ELF binary into a shared library is available on Linux distributions such as Debian, Ubuntu or the Kali Linux distribution.

Jonathan served as a security expert for major media outlets, for instance in the XKeyscore program disclosed by Edward Snowden, mass surveillance programs, when the NSA allegedly hacked French President Nicolas Sarkozy's emails, or warning the industry about car hacking as early as 2012.

In 2014 Jonathan was the main cybersecurity consultant to the Watch Dogs by Ubisoft, presenting the game to an international press audience in Chicago, with global coverage including Australia, Deutschland, France or Spain. In 2016, Jonathan was also the main consultant for the second opus of the franchise Watch Dogs 2 and presented it to the international press.

In 2012, Jonathan, along with other top security researchers including Chris Valasek, Matt Suiche and Jon Oberheide submitted a bogus, computer-generated article on Nmap to the Hakin9 security magazine, as a way to protest against the constant spamming of top researchers by the magazine. While the stunt was praised by hackers, the response of Hakin9, legally threatening fellow Nmap author Gordon Lyon was so terrible that it earned the Pwnie Awards for most epic fail in 2013.

Jonathan is the co-founder of international cybersecurity conferences Hackito Ergo Sum and NoSuchCon. He also sits on the review boards of the Shakacon (Honolulu, USA) and Nullcon (Goa, India) conferences.

• Hardware_backdoor
• Bitlocker

{{Reflist|refs=

{{cite web|title=Defcon 2016|url=https://defcon.org/html/defcon-24/dc-24-speakers.html#Brossard|publisher=Defcon Conference}}

{{cite web|title=Black Hat USA 2015|url=https://www.blackhat.com/us-15/speakers/Jonathan-Brossard.html|publisher=Blackhat Conference}}

{{cite web|title=First Vulnerability Found in Microsoft Edge, Affects Other Software as Well|url=https://news.softpedia.com/news/first-vulnerability-found-in-microsoft-edge-affects-other-software-as-well-488913.shtml?utm_content=bufferf7cd8|publisher=Softopedia}}

{{cite web|title=New SMB Relay Attack Steals User Credentials Over Internet|url=https://www.darkreading.com/vulnerabilities-threats/new-smb-relay-attack-steals-user-credentials-over-internet|publisher=Dark Reading}}

{{Cite web | url=https://www.forbes.com/sites/andygreenberg/2012/07/26/meet-rakshasa-the-malware-infection-designed-to-be-undetectable-and-incurable/| title=Meet 'Rakshasa,' The Malware Infection Designed To Be Undetectable And Incurable|work=Forbes}}

{{Cite web | url=https://www.technologyreview.com/2012/08/01/184683/a-computer-infection-that-can-never-be-cured/| title=A Computer Infection that Can Never Be Cured|publisher=MIT Technology Review}}

{{Cite web

| url=http://blogs.msdn.com/b/si_team/archive/2008/09/04/bitlocker-pre-boot-authentication.aspx

| title=BitLocker, Brossard's Pre-boot Authentication Research, and the BSI

| publisher=Microsoft Security

| access-date=2024-08-14

| archive-date=2015-07-01

| archive-url=https://web.archive.org/web/20150701060406/http://blogs.msdn.com/b/si_team/archive/2008/09/04/bitlocker-pre-boot-authentication.aspx

| url-status=bot: unknown

}}

{{Cite web | url=https://media.defcon.org/DEF%20CON%2016/DEF%20CON%2016%20presentations/DEF%20CON%2016%20-%20brossard-wp.pdf

| title=Bypassing pre-boot authentiation passwords by instrumenting the BIOS keyboard buffer |publisher=Defcon Conference}}

{{Cite web | url=https://www.darkreading.com/vulnerabilities-threats/black-hat-researcher-demonstrates-hardware-backdoor

| title=Black Hat: Researcher Demonstrates Hardware Backdoor |publisher=Dark Reading}}

{{Cite journal |last=Maryanti |first=Sayed Achmady |date=2019-09-15 |title=Celah Keamanan Kredensial Windows Pada Google Chrome |url=http://journal.unigha.ac.id/index.php/JSR/article/view/204 |journal=Jurnal Sains Riset |volume=9 |issue=3 |pages=18–21 |doi=10.47647/jsr.v9i3.204 |issn=2088-0952}}

{{Cite web | url=https://www.smh.com.au/national/white-hat-jonathan-brossard-warns-cars-can-be-hacked-on-the-road-20140531-39b0i.html

| title=Whitehat Jonathan Brossard Warns Cars Can be Hacked on the Road| date=31 May 2014|publisher=Sydney Morning Herald}}

{{Cite news | url=https://elpais.com/tecnologia/2014/05/09/actualidad/1399624967_389667.html| title='Watch Dogs' toma Chicago|newspaper=El Pais| date=19 May 2014|lang=es| last1=Pantaleoni| first1=Ana}}

{{Cite web | url=https://www.focus.de/digital/games/watch-dogs-kurz-vor-release-hacken-statt-ballern-smartphone-statt-shotgun_id_3861603.html| title=Hier wird gehackt statt geballert|publisher=Focus Deutschland|lang=de}}

{{Cite web | url=https://www.20minutes.fr/high-tech/1384761-20140525-watch-dogs-mettre-peau-pirate-informatique| title=«Watch Dogs» pour se mettre dans la peau d'un pirate informatique| date=25 May 2014|publisher=20 Minutes|lang=fr}}

{{Cite web | url=https://www.corriere.it/tecnologia/videogiochi/16_novembre_14/watch-dogs-2-videogioco-big-data-millennials-c51db100-aa51-11e6-8cc5-a864e3f67374.shtml

| title=Watch Dogs 2, il videogioco sui Big Data per i Millennials| date=14 November 2016|publisher=Corriere de la Sierra|lang=it}}

{{Cite web | url=https://www.leparisien.fr/culture-loisirs/un-jeu-qui-pourrait-devenir-realite-27-05-2014-3874881.php

| title=Un jeu qui pourrait devenir réalité| date=27 May 2014|publisher=Le Parisien|lang=fr}}

{{Cite news | url=https://www.lemonde.fr/planete/article/2012/04/26/menace-sur-la-securite-des-pc_1691876_3244.html| title=Menace sur la sécurité des PC| date=26 April 2012|publisher=Le Monde|lang=fr}}

{{Cite web | url=https://www.nouvelobs.com/rue89/rue89-connexions-dangereuses/20141225.RUE7186/j-etais-pas-bon-en-foot-je-me-suis-dit-tiens-je-vais-faire-du-hacking.html

| title=" J'étais pas bon en foot, je me suis dit : "Tiens, je vais faire du hacking" "| date=25 December 2014|publisher=Le Nouvel Observateur|lang=fr}}

{{Cite web | url=https://www.theregister.com/2012/10/05/hakin9_silliness/| title=Experts troll 'biggest security mag in the world' with DICKish submission|publisher=The Register}}

{{Cite web | url=https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00016.html| title=Intel Keyboard Buffer Information Disclosure Vulnerability|publisher=Intel Security}}

{{cite book |last=Brossard |first=Jonathan |date=2024 |title=Introduction to Procedural Debugging through Binary Libification |url=https://www.usenix.org/conference/woot24/presentation/brossard |location= |publisher=USENIX Association |page=17 |isbn=978-1-939133-43-4}}

{{Cite web | url=https://manpages.debian.org/bookworm/wcc/wcc.1.en.html

| title=The Witchcraft Compiler Collection Manual Page|publisher=Debian}}

{{Cite web | url=https://theintercept.com/2015/07/01/nsas-google-worlds-private-communications/| title=XKEYSCORE| date=July 2015|publisher=The Intercept}}

{{Cite web | url=https://www.lexpress.fr/economie/high-tech/nsa-les-americains-etaient-ils-a-l-origine-de-l-espionnage-de-l-elysee-en-2012_1340421.html

|title=NSA: les Américains étaient-ils à l'origine de l'espionnage de l'Elysée en 2012?|date=20 November 2012 |publisher=L'Express|lang=fr}}

{{Cite web | url=https://nmap.org/misc/hakin9-nmap-ebook-ch1.pdf

|title=Nmap: The Internet Considered Harmful - DARPA Inference Cheking Kludge Scanning|publisher=Hakin9}}

{{cite book |last=Matrosov |first=Alex |date=May 2019 |title= Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats |publisher=No Starch Press |page=259 |isbn=978-1593277161}}

{{cite journal |last=Thirupathi |first=Devi |date=2013 |title=A Novel Method To Access BIOS Through Client Server Technology |journal=International Journal of Computer Applications |volume=82 |issue=2 |pages=15–19 |url=https://www.ijcaonline.org/archives/volume82/number2/14087-1352/ |publisher=Foundation of Computer Science (FCS), NY, USA|doi=10.5120/14087-1352 |bibcode=2013IJCA...82b..15P }}

{{Cite web | url=https://www.theverge.com/2012/8/1/3212820/persistent-undetectable-malware-black-hat-2012|title=Persistent, undetectable malware presented at Black Hat 2012|date=August 2012 |publisher=The Verge}}

{{Cite web | url=https://www.pcworld.com/article/460257/researcher_creates_proofofconcept_malware_that_infects_bios_network_cards.html

|title=Researcher Creates Proof-of-concept Malware That Infects BIOS, Network Cards|publisher=PC World}}

{{Cite news | url=https://www.theguardian.com/technology/2015/mar/09/driverless-cars-safe-hackers-google|title=Can driverless cars be made safe from hackers?|work=The Guardian|date=9 March 2015 |last1=James |first1=Guy |last2=Greenfield |first2=Mat }}

{{Cite web | url=https://www.engadget.com/2015-07-01-nsas-hacking-tool-is-apparently-as-easy-to-use-as-a-google-sear.html

|title=NSA's hacking tool is apparently as easy to use as a Google search|date=2 July 2015 |publisher=Engadget}}

{{Cite web | url=https://www.zdnet.com/article/difficult-for-pc-viruses-to-stay-invisible-indefinitely/|title=Difficult for PC viruses to stay invisible indefinitely|publisher=Zdnet}}

{{Cite web | url=https://www.express.co.uk/life-style/science-technology/805729/Google-Chrome-Download-Warning-Windows-Login

|title=Google Chrome WARNING - This terrifying new HACK leaves Windows PCs open to ATTACK too|date=18 May 2017 |publisher=Daily Express}}

{{Cite news | url=https://www.theguardian.com/technology/2013/oct/13/us-scared-back-door-routes-computers-snowden-nsa

|title=US fears back-door routes into the net because it's building them too|work=The Guardian|date=12 October 2013 |last1=Naughton |first1=John }}

{{Cite news | url=https://www.darkreading.com/cybersecurity-analytics/shakacon-it-security-conference-to-be-held-in-hawaii-in-june

|title=Shakacon IT Security Conference To Be Held In Hawaii In June|work=Dark Reading|date=8 May 2013}}

{{Cite news | url=http://2012.hackitoergosum.org/blog/contact/team

|title=Hackito Ergo Sum Team|work=Hackito Ergo Sum Conference|date=2012}}

{{Cite news | url=https://www.theregister.com/2011/02/01/alt_sec_conferences/

|title=Alternative security conferences plot European editions|work=The Register|date=1 February 2011|last1=Leyden |first1=John}}

{{Cite news | url=https://nullcon.net/review-panel/jonathan-brossard

|title=Nullcon Review Board : Profile of Jonathan Brossard|work=Nullcon Conference}}

{{Cite news | url=https://www.lemondeinformatique.fr/agenda/lire-securite-informatique-nosuchcon-6434.html

|title=Sécurité Informatique : NoSuchCon|work=Le Monde Informatique|lang=fr}}

{{Cite news | url=https://www.lexpress.fr/economie/high-tech/hacking-tout-ce-que-vous-mettez-sur-internet-pourra-etre-reutilise-a-votre-insu_1624862.html

|title=Hacking: 'Tout ce que vous mettez sur Internet pourra être réutilisé à votre insu'|work=L'Express|lang=fr|date=22 November 2014 |last1=Karayan |first1=Raphaële}}

}}

• {{official website|http://endrazine.com}}

{{authority control}}

{{DEFAULTSORT:Brossard, Jonathan}}

Category:Computer security specialists

Category:Hackers

Category:Living people

Category:French computer scientists

Category:Year of birth missing (living people)