Pierre Pronchery
Gubener Straße 40
10243 Berlin
Germany
Mobile: 
Phone: 
Fax: 
e-mail: 
Website: 
+49 (0)17 747 27481
+49 (0)30 420 81859
+49 (0)30 420 81861
pierre.pronchery@duekin.com
http://www.duekin.com/
French citizen, born in 1982
Skills
Security consulting: Source code audits:
  • Best-effort and complete reviews of industrial-grade software projects
  • Discovery of implementation flaws (C/C++, PHP, Java...)
Reverse engineering:
  • Analysis of firmware images for consumer electronics (own developments, some experience with IDA Pro)
  • Hardware-level attacks (serial, JTAG...)
  • Analysis and fuzzing of proprietary protocols
Penetration-tests:
  • Discovery and exploitation of computer networks and services (nmap...)
  • Native and web-based applicative Blackbox tests, multi-architecture projects
System hardening:
  • Implementation and verification of Best Practices on UNIX and Windows platforms
Programming: Systems software:
  • Kernel programming in C, Assembly (*BSD, Linux...)
  • Kernel- and user-land contributions to the NetBSD Operating System
  • Research & Development in automated discovery of flaws in software
Distributed software:
  • Implementation and extension of RPC components (TCP/IP, SSL, PVM...)
  • Security tools (SSL Man-in-the-Middle, packet injection...)
Graphical interfaces:
  • Development of a lightweight Desktop and Smartphone environment (C, Gtk+)
  • Experiments with alternatives to the X11 windowing system (Xynth, OpenGL)
Web applications:
  • Development of websites, in either personal or professional context
  • Implementation of a complete Content Management System (CMS) with PHP
Systems administration:
  • GNU/Linux, BSD and other UNIX environments
  • Deployment of services (DNS, SMTP, LDAP...)
  • Task automation (Perl, shell scripting...)
  • Monitoring solutions (performance, security)
Work Experience
Since Sep 2007: DUEKIN Consulting as Freelance Security Consultant
  • Source code, Blackbox and network audits
  • Embedded systems development
  • Research in applicative flaws and reverse-engineering
Feb 2010 - May 2011: Co-founder, Security Consultant at loopb-ack IT-Security Consulting GbR
  • Security reviews and trainings
  • Exposure assessment
Jul 2008 - Oct 2009: Bearstech SCOP, supporting the R&D team
Feb 2006 - May 2007: n.runs AG as Security Consultant
  • Source code audits (C/C++, embedded...)
  • Blackbox penetration-tests (embedded devices)
  • Network penetration-tests
Jan 2005 - Oct 2005: Fpconcept as Web Developer (PHP/MySQL, scholar internship)
  • Conception and development of a groupware solution
  • Deployment of websites, including an online shop
Nov 2004 - Dec 2004: Netanswer as Web Developer (PHP/MySQL, scholar internship)
  • Development and support
May 2004 - Oct 2004: COVENTYA as Systems Administrator (scholar internship)
  • Monitoring of servers and network equipments (Squid, Cacti, Nagios)
  • Administration of the software infrastructure (Active Directory, Lotus Domino)
  • Maintenance of user workstations, helpdesk
Apr 2002 - Sep 2002: INRIA Rhône-Alpes as Software Developer
  • Graphical interface in C++ and Gtk+ for the "Opale" project
Education
Sep 2003 - Oct 2005: INSIA part-time computer engineering school, Paris (France)
Computer Science Engineer (systems, networks, programming, security)
Sep 2002 - July 2003: Brookes University, Oxford (United Kingdom)
Bachelor of Science in Computing with Honors (system software, networks, object oriented programming, distributed systems, compiler construction)
Sep 2000 - June 2002: IUT2 Pierre Mendès-France University, Grenoble (France)
DUT (2 years Computer Science degree)
Languages: Native French speaker, fluent English, conversational German
Personal involvement
Presenting at conferences: Talks:
  • AsiaBSDCon 2017, « Hardening pkgsrc »
  • Hack4 2016, « What is a Foreign Function Interface? »
  • FOSDEM 2016, « EdgeBSD: Status Report »
  • vBSDcon 2015, « What is EdgeBSD? »
  • pkgsrcCon 2015, « pkgsrc meets pkg-ng »
  • FOSDEM 2015, « EdgeBSD: Status Report »
  • area41 2014, « DeforaOS: A Journey into OSDev »
  • AsiaBSDCon 2014, « Carve your NetBSD »
  • FOSDEM 2014, « The DeforaOS Desktop »
  • FOSDEM 2014, « The EdgeBSD Project »
  • FrOSCon 2013, « The EdgeBSD Project »
  • BSDCan 2013, « Call your NetBSD » (NetBSD on smartphone hardware)
  • pkgsrcCon 2013, « DeforaOS and pkgsrc »
  • EHSM 2012, « Touch your NetBSD » (NetBSD on tablet hardware)
  • NetBSDfr hackathon 2012, « Touche ton NetBSD » (in French)
  • EuroBSDcon 2012, « Touch your NetBSD »
  • FOSDEM 2012, « Touch your NetBSD » (early version)
  • 0sec 2011, « The DeforaOS (de-)assembly framework » (reverse-engineering)
  • Pas Sage en Seine 2011, « Disassembling Android applications »
  • 0sec 2010, « Confidence in SMS » (mobile security)
  • Pas Sage en Seine 2010, « Confidences par SMS »
  • CELF 2009, launch of « hackable-devices.com »
  • GSMA 2009, talk about « hackable devices »
  • 23C3 2006, « Fudging with firmware » (firmware reverse-engineering)
  • 0sec 2006, « Fudging with firmware »
  • 0sec 2005, « Packet tapping » (libpcap shortcomings)
  • RMLL 2005, « Paranoia hour » during Les Nocturnes
Workshops:
  • FOSDEM 2009, embedded development workshop
  • RMLL 2009, embedded development workshop
  • HAR 2009, embedded development workshop
  • 25C3 2008, lightning talk and embedded development workshop
Contributions to the NetBSD Operating System:
  • Official developer since May 2012
  • Set of drivers for the Nokia N900 smartphone
  • Author of the uts(4) driver (USB touchscreens), fixes to the calibration framework
  • Port of the aps driver from OpenBSD
  • Security advisory and patch for a local DoS (CVE-2010-0561)
  • Fixes and backports to every major release since NetBSD 4.0
  • Maintainer of over 20 packages in pkgsrc and pkgsrc-wip
Development of an experimental Operating System, DeforaOS:
  • Remote and secure access to users' data
  • POSIX compatibility layer
  • Desktop environment
  • Support for embedded platforms
Extra curricular activities
Wushu, Acting