Inverse Path

NEWS AND EVENTS

2020

19-25 October The Internet - GoLab
We are presenting our TamaGo framework, which allows bare metal Go execution on ARM SoCs for secure firmware development, at GoLab.

2019

27-30 December Leipzig, Germany - 36C3
We are delighted to present our TamaGo framework, which allows bare metal Go execution on ARM SoCs for secure firmware development, at the 36th Chaos Communication Congress.
19-20 November Stuttgart, Germany - escar europe
We will present our experience in building, and breaking, secure boot schemes on automotive grade ECUs at the 17th escar europe conference.
6-7 November Tokyo, Japan - PacSec
We will present our experience in building, and breaking, secure boot schemes on automotive grade ECUs at the 17th PacSec conference.
24-25 October Helsinki, Finland - t2'19
We will present the second generation USB armory, as well as a new Open Source framework for firmware development, at the legendary t2 conference.
1-2 October Tokyo, Japan - escar asia
We will present our experience in building, and breaking, secure boot schemes on automotive grade ECUs at the 6th escar asia conference.
18 September Varaždin, Croatia - BSidesVarazdin
We will present the second generation USB armory at the first edition of BSidesVarazdin.
14 September Bergamo, Italy - No Hat
We will present the second generation USB armory at the first edition of the No Hat conference.
9 May Security Engineering achieves IEC-62443-4-1, IEC-62443-4-2 certifications
We are proud to announce that our security engineering services have achieved IEC 62443 certifications on the development of secure data logging solutions, read the full press release.

2018

1-2 Nov Beijing, China - JD-HITBSecConf2018
We will present our new USB armory developments at the 1st Hack In The Box Security Conference in China.
31 October Helsinki, Finland - Air Power Conference
Andrea Barisani is giving a talk at the Air Power Conference held at the Finnish National Defence University, speaking on "Cyber warfare and air operations" to highlight current and future information security threats against avionics systems.
16-22 July Varaždin, Croatia - FSec IoT Hacking Summer School
Andrea Barisani is giving two lectures at the IoT Hacking Summer School run by the Faculty of Organization and Informatics of the University of Zagreb. The first lecture covers real-life experiences in avionics security assessment, the second one Trusted Execution Environments with modern SoCs.
27-28 June Marseille, France - Aero'Nov Connection
Andrea Barisani has been invited to present the Inverse Path team work in securing aircraft at the aerospace industry Aero'Nov Connection event.

2017

20-21 September Torino, Italy - SPIME2017
Andrea Barisani has been invited to talk about IoT security at SPIME2017.
16 February Inverse Path is now part of F-Secure
We are proud to announce that Inverse Path has been acquired by F-Secure, read the full press release.

2016

17-20 October Marseille, France - Airbus's Aircraft Security User Panel
Andrea Barisani has been invited to give the keynote at the 2016 edition of the Aircraft Security User Panel (ASUP) organized by Airbus.
14-15 September Varaždin, Croatia - FSEC 2016
Our "Forging the USB armory" presentation has been invited to the FSec information security symposium.
7 September Milano, Italy - The Internet of Broken Things
Andrea Barisani has been invited to present on real-life experiences in avionics security assessment at the "Internet of Broken Things" event organized by Politecnico di Milano.
4-6 July Paris, France - RMLL2016
Our "Forging the USB armory" presentation has been invited to the RMLL2016 conference.
10-11 June Zurich, Switzerland - Area41
Our "Forging the USB armory" presentation has been invited to the Area41 conference.
14-15 April Ljubljana, Slovenia - HEK.SI 2016
Our "Forging the USB armory" presentation has been invited to the HEK.SI conference.
6-10 April Perugia, Italy - IJF 2016
Andrea Barisani has been invited to the International Journalism Festival to present on "Evil maid and physical access attacks".
15-18 March Vancouver, Canada - CanSecWest
We will hold the "Mastering ARM TrustZone with the USB armory" training class at the Security Masters Dojo of the 16th annual CanSecWest conference.

2015

29-30 October Helsinki, Finland - t2'15
20-22 October Luxembourg City, Luxembourg - Hack.lu
Our "Forging the USB armory" presentation has been selected for Hack.lu and t2.
17 October Bologna, Italy - HackInBo 2015
Andrea Barisani has been invited to the winter edition of HackInBo to present on Inverse Path work in securing safety critical systems, covering real life penetration testing and code auditing experiences on automotive and avionics environments.
14-15 September London, United Kingdom - 44CON
1-6 August Las Vegas, USA - Black Hat USA 2015
Our "Forging the USB armory" presentation has been selected for 44CON and Black Hat USA briefings. Additionally at 44CON we will also hold our full day "Mastering ARM TrustZone with the USB armory" training.
26-29 May Amsterdam, Netherlands - HITBSecConf2015
We will present our USB armory project at the 6th annual Hack In The Box Security Conference in the Netherlands.

In parallel to the event, Inverse Path is an exhibitor at the HITB HAXPO showcasing its services and the USB armory itself.
22 May Milano, Italy - MST Workshop
We have been invited to present "Forging the USB armory" at the first Workshop on Mobile System Technologies organized by Micron and Politecnico di Milano.
26-27 March Singapore - Black Hat Asia 2015
We have been invited to present "Forging the USB armory" at the Black Hat Asia briefings.
18-20 March Vancouver, Canada - CanSecWest
We will hold the "Mastering ARM TrustZone with the USB armory" training class at the Security Masters Dojo of the 15th annual CanSecWest conference.
12 March Ljubljana, Slovenia - #BSidesLjubljana
We are very happy to present the USB armory project in the neighbouring, and beautiful, Ljubljana at the Security BSides event.

2014

27-30 December Hamburg, Germany - 31C3
We are delighted to present for the first time at the 31st Chaos Communication Congress, giving two different talks. The one, titled "Forging the USB armory", covers our latest open hardware product. The second talk, titled "Practical EMV PIN interception and fraud detection", updates our Chip & PIN research by illustrating fraud detection markers.
19-21 November Paris, France - NoSuchCon
After last year's keynote, we return to the second edition of NoSuchCon presenting how we forged our USB armory project.
12-13 November Tokyo, Japan - PacSec
Back in 2005 the PacSec conference was the very first security events where Inverse Path had the pleasure of being invited to present its research.

After almost a decade we are delighted to return to the speaker roster for the 12th annual PacSec conference, presenting our USB armory project.
13-16 October Kuala Lumpur, Malaysia - HITBSecConf2014
We have been invited to present the first talk concerning our USB armory project at the 12th and final edition of Hack In The Box. Slides are available.
3 October Inverse Path announces the USB armory
We are proud to announce the USB armory project, an open source hardware design, implementing a flash drive sized computer for security applications.
30 May Berlin, Germany - PXE 3
Following the success in previewing unfinished research at the first PXE, we continue the tradition by participating at the third Phenoelit eXchange Event, where we will discuss our ongoing and upcoming research projects.

2013

24-25 October Helsinki, Finland - t2'13
22-24 October Luxembourg City, Luxembourg - Hack.lu
The last round of invites for our research "Fully arbitrary 802.3 packet injection: maximizing the Ethernet attack surface" includes Hack.lu and t2.

The whitepaper and slides are available.
27 July - 1 August Las Vegas, USA - Black Hat USA 2013
Our new research will be presented at Black Hat USA Briefings.

The talk is titled "Fully arbitrary 802.3 packet injection: maximizing the Ethernet attack surface" and features novel techniques and attacks that expand the effectiveness of security testing for embedded networked equipment.

The whitepaper and slides are available.
19-20 July Taipei, Taiwan - HITCON
Andrea Barisani is an invited speaker at Hacks in Taiwan (HITCON) 2013.
15-17 May Paris, France - NoSuchCon
Andrea Barisani has been invited to give the opening keynote at the first edition of NoSuchCon.
16-18 April Boston, USA - SOURCE
Our "Practical Exploitation of Embedded Systems" presentation has been invited to the sixth SOURCE Boston conference.
26 March Toronto, Canada - CFI-CIRT PDD
We have been invited at the 10th annual Canadian Financial Institution Computer Incident Response Team (CFI-CIRT) Professional Development Day event to present "An In-depth analysis of Electronic Payment Systems Security".
30-31 January Berlin, Germany - IT-Defense
Our "Practical Exploitation of Embedded Systems" presentation has been invited to the eleventh IT-Defense conference.

2012

8-11 October Kuala Lumpur, Malaysia - HITBSecConf2012
We have been invited to the tenth anniversary edition of Hack In The Box where we will feature a talk covering unusual challenges in the "Practical Exploitation of Embedded Systems". The slides are available.
19-22 June Montauban, France - Airbus's Aircraft Security User Panel
Andrea Barisani has been invited to give a presentation at the 5th edition of the Aircraft Security User Panel (ASUP) organized by Airbus covering emerging cyber security threats and their impact on the aviation industry.
25 May Berlin, Germany - PH-Neutral X Edition
We are honoured to be present at the great PH-Neutral X Edition event presenting about the exploitation of Fast Ethernet Start-Of-Frame delimiter anomalies.
8-10 February Munich, Germany - IT-Defense
Our updated Chip & PIN research, covering physical and protocol security of EMV Point of Sales, has been invited to the tenth IT-Defense conference.

2011

12 November Tokyo, Japan - AVTOKYO
27-28 October Helsinki, Finland - t2'11
10-13 October Kuala Lumpur, Malaysia - HITBSecConf2011
19-21 September Luxembourg City, Luxembourg - Hack.lu
1-2 September Beijing, China - XCon2011
The last round of invites for our Chip & PIN research includes XCon, Hack.lu, Hack In The Box, t2 and AVTOKYO.
3-7 August Las Vegas, USA - Black Hat USA 2011 / DEFCON 19
27-29 May Berlin, Germany - PH-Neutral 0x7db
17-20 May Amsterdam, Netherlands - HITBSecConf2011
Our Chip & PIN research (slides are are available) has been invited to the Hack In The Box Europe, PH-Neutral, Black Hat and DEFCON.
9-11 March Vancouver, Canada - CanSecWest
Our new research will be presented at the twelfth annual CanSecWest conference.

The talk is titled "Chip & PIN is definitely broken" and features our latest research concerning EMV based electronic payment systems. The project is a joint effort with the friends at Aperture Labs composed of Adam Laurie and Zac Franken.

The abstract and slides are available.

2010

10-11 November Tokyo, Japan - PacSec
Andrea Barisani, our Chief Security Engineer, has been invited to the Panel Discussion "Shifting Threat Vectors" at the eight annual PacSec security conference.
11 June Stuttgart, Germany - IT-SECA
Inverse Path has been invited at the IT Security Awareness Event of the CERT-BW where Andrea Barisani and Daniele Bianco will speak about unconventional attack vectors. The event is held at the IZLBW.
16-18 February Oslo, Norway - HackCon#5
3-5 February Cologne, Germany - IT-Defense
The last two invited sessions for our TEMPEST talk will be featured at IT-Defense and HackCon.

2009

29-30 October Helsinki, Finland - t2'09
5-8 October Kuala Lumpur, Malaysia - HITBSecConf2009
Our "Sniff Keystrokes With Lasers/Voltmeters - Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage" will be featured at Hack In The Box Lab in a two hours extended session. Additionally the t2 conference graciously invited our hardware hacking talks to this year edition.
21-22 September Barcelona, Spain - SOURCE
Andrea Barisani, our Chief Security Engineer, is an Advisor of SOURCE Barcelona 2009 and will be present at the event.
25 July - 2 August Las Vegas, USA - Black Hat USA 2009 / DEFCON 17
8-12 June Honolulu, USA - Shakacon
29-31 May Berlin, Germany - PH-Neutral 0x7d9
Our "Sniff Keystrokes With Lasers/Voltmeters - Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage" presentation (slides are available) has been invited to PH-Neutral, Shakacon, Black Hat and DEFCON.
28-29 May Berlin, Germany - hardhack
Our resident hardware hacker Daniele Bianco is back at the 2009 edition of hardhack for hands-on hardware hacking sessions.
16-20 March Vancouver, Canada - CanSecWest
Again we join the speaker roster at the tenth annual CanSecWest conference. We will present our new research in hardware hacking, the talk is titled "Sniff Keystrokes With Lasers/Voltmeters - Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage".

Additionally we will hold two training classes at the Security Masters Dojo: "Advanced Linux Hardening" and "TCP/IP Network Security In Depth". This year Jay Beale of Bastille Linux fame will join us as co-trainer on the hardening talk.

2008

10-13 November Tokyo, Japan - PacSec
Our updated Dojo training class "Advanced Linux Hardening & Incident Reponse will be featured at the sixth annual PacSec conference in Tokyo.
23-24 September Bergen, Norway - SecVest#3
We are back in Norway to present the oCERT effort and discuss about Open Source vs Closed Source software security at the SecVest conference.
18-21 April Berlin, Germany - hardhack
Our resident hardware hacker Daniele Bianco will present a microcontroller and EEPROM workshop at hardhack on Saturday 19th April.
24-28 March Vancouver, Canada - CanSecWest
We will hold our updated "Advanced Linux Hardening (and keep your sanity)" training class at the Security Masters Dojo of the ninth annual CanSecWest conference.
6-7 February Oslo, Norway - HackCon#3
21-25 January Hamburg, Germany - IT-Defense
Following the success of our RDS-TMC presentation, we have been invited to IT-Defense and HackCon to present a revised talk titled "Hacking Vehicle Telematics" concerning Satellite Navigation and in-car Telematic System security.

2007

29-30 November Tokyo, Japan - PacSec
Our Dojo training continues at SecWest conferences with the "Advanced Linux Hardening (and keep your sanity)" course at the fifth annual PacSec conference in Tokyo.
12-13 November Sharjah, Arab Emirates - MEITSEC
18-20 October Luxembourg City, Luxembourg - Hack.lu
The last round of invites for our "Injecting RDS-TMC Traffic Information Signals" presentation includes Hack.lu and MEITSEC.
3-6 September Kuala Lumpur, Malaysia - HITBSecConf2007
1-5 August Las Vegas, USA - Black Hat USA 2007 / DEFCON 15
25-27 May Berlin, Germany - PH-Neutral 0x7d7
Our "Injecting RDS-TMC Traffic Information Signals" presentation has been invited to PH-Neutral, Black Hat, DEFCON and Hack In The Box.
21-25 May Gold Coast, Australia - AusCERT2007
AusCERT2007 is the fourth annual IT security conference organized by AusCERT, Australia's national Computer Emergency Response Team. Our LDAP tutorial will be featured at the conference, along with an updated version of the talk "Lessons in Open Source Security: The Tale of a 0-Day Incident".
16-20 April Vancouver, Canada - CanSecWest
The eigth annual CanSecWest conference features, among many top quality security talks, Security Masters Dojo training sessions. We will hold a course titled "Advanced Linux Hardening (and keep your sanity)", featuring hardening frameworks and techniques for securing Linux-based (and secondarily UN*X) systems.

Additionally we join the speaker roster with a talk about "Unusual Car Navigation Tricks: Injecting RDS-TMC Traffic Information Signals", our latest research work in hardware hacking and satellite navigation systems. The abstract and slides are available.
7-9 March Prague, Czech Republic - IT Underground
We continue our presence at IT Underground with a hands-on LDAP workshop.

2006

26-27 October Warsaw, Poland - IT Underground
Andrea Barisani will have a talk titled "Is my (Linux) box clean?" focusing on practical compromise and rootkit detection at this year IT Underground. There will also be a hands-on session with exercises for the audience. The agenda of the event is available here.
13-15 October Bern, Switzerland - 0sec
We have been invited to present two talks at 0sec 2006, "Reducing root code paths" and "Messing with OpenSSH Public Key system".
26 February Brussels, Belgium - FOSDEM
We will be present at FOSDEM, speaking about Gentoo Infrastructure migration to LDAP.
20-21 February London, United Kingdom - EuSecWest
Andrea Barisani, our Chief Security Engineer, will be a speaker at the first annual EuSecWest conference in London, 20 and 21 February 2006.

The talk is titled "Lessons in Open Source Security: The Tale of a 0-Day Incident". The presentation will feature modern pro-active security practices that are unfortunately rarely seen in production environments, but that are really effective in saving the day when security incidents happen. The journey will be supported by a real example of a 0-day incident and its handling, coverage of the security of Open Source projects and the intrinsic threats and exposure of this kind of environment.

The event will be held at the Victoria Park Plaza Hotel.

2005

15-16 November Tokyo, Japan - PacSec
Andrea Barisani, our Chief Security Engineer, will be one of the speakers at the third annual PacSec conference in Tokyo, 15 and 16 November 2005.

Andrea's talk will be about "Building a modern LDAP based security framework". It will focus on a secure implementation, illustrating how infrastructure security can be improved while avoiding common mistakes that could instead open up security holes, and the related caveats and tuning issues.

The event will be held at Aoyama Diamond Hall (on Omotesando in Tokyo's Shibuya ward).