| Jonathan Brossard | |
| Nationality: | French |
| Field: | Computer science |
| Workplaces: | Conservatoire National des Arts et Metiers |
Jonathan Brossard also known under the username 'endrazine', is a French security hacker, engineer and a Professor of computer science at the Conservatoire National des Arts et Metiers.[1] He is best known as a pioneer in firmware cybersecurity, having presented the first public example of a hardware backdoor. The MIT Technology Review called it "undetectable and uncurable". He has presented several times at conferences such as Defcon and Blackhat, as the Director of Security at Salesforce.
In 2008, Jonathan presented the first public vulnerability affecting full disk encryption software Microsoft Bitlocker. at Defcon. His generic exploit also affected other full disk encryption software such as Truecrypt, and BIOS firmware from Intel.
In 2012, Jonathan presented a Proof of Concept BIOS and PCI firmware malware. named Rakshasa, the first known example of a permanent Hardware backdoor at Defcon and Blackhat. The attack consisted in the inclusion of a Bootkit in firmware either from the BIOS or Network cards.
In 2015, along with the security team at Salesforce, he presented at Blackhat the first public attacks against Microsoft Edge. and the Windows 10 operating system, allowing credential theft over the internet. Researchers discovered that Google Chrome was vulnerable to the very same Server Message Block vulnerability.
Jonathan is the main author of the Witchcraft Compiler Collection, a reverse engineering framework presented at major conferences including Defcon, Blackhat and USENIX. This framework allowing to transform an ELF binary into a shared library is available on Linux distributions such as Debian, Ubuntu or the Kali Linux distribution.
Jonathan served as a security expert for major media outlets, for instance in the XKeyscore program disclosed by Edward Snowden, mass surveillance programs, when the NSA allegedly hacked French President Nicolas Sarkozy's emails, or warning the industry about car hacking as early as 2012.
In 2014 Jonathan was the main cybersecurity consultant to the Watch Dogs by Ubisoft, presenting the game to an international press audience in Chicago, with global coverage including Australia, Deutschland, France or Spain. In 2016, Jonathan was also the main consultant for the second opus of the franchise Watch Dogs 2 and presented it to the international press.
In 2012, Jonathan, along with other top security researchers including Chris Valasek, Matt Suiche and Jon Oberheide submitted a bogus, computer-generated article on Nmap to the Hakin9 security magazine, as a way to protest against the constant spamming of top researchers by the magazine. While the stunt was praised by hackers, the response of Hakin9, legally threatening fellow Nmap author Gordon Lyon was so terrible that it earned the Pwnie Awards for most epic fail in 2013.
Jonathan is the co-founder of international cybersecurity conferences Hackito Ergo Sum and NoSuchCon. He also sits on the review boards of the Shakacon (Honolulu, USA) and Nullcon (Goa, India) conferences.