I’m Cristofaro Mune and I’m currently a Principal Security Analyst at Riscure focusing, mainly, on security evaluation, testing and analysis of secure solutions and devices. TEEs are my current main focus, along with secure SoCs, high security solutions and embedded devices security and exploitation.
The content on this website solely reflects my opinions and not of my employer.
In 2015, I’ve been presenting at BlackHat on attacking white-box cryptography by using techniques (SCA, FI) more typically used for testing/attacking secure Hardware. Among other (public) works, I’ve also contributed to a paper on testing of IPv6 implementations.
In the past I have been an independent security researcher focusing on the exploitation of embedded devices. The results of my public research constitute the core of this blog and they have been presented at security conferences like CONFidence, SyScan, HackInTheBox.
In earlier times I’ve been the Security Research Lead for Mobile Security Lab, which I contributed founding. I’ve been working on vulnerabilities in mobile devices, applications and services, and a presentation has been provided at BlackHat in 2009 on “Hijacking Mobile Data Connections”.
Previous experience encompasses security assessments of IT networks, devices and services for major companies.
While my current main interests are TEEs, IOT security (HW & SW), embedded device exploitation, reverse engineering and Fault Injection, they are not limited to these topics. Everything that is “food for (security) thought” may falls within the domain of my curiosity.
You can follow me on Twitter, if you are interested in my work.
My PGP key is here. Encrypted communications are preferred.