Guillaume VINET

Experience

• 

  Bull Amesys Conseil

  Sept 2007 - Mar 2009

  Security Software Engineer

  In my first project, as part of a Common Criteria evaluation for a tachograph, I enhanced the embedded code to defend against fault injection attacks. I analyzed the product’s source code, proposed countermeasures, and verified that the chip’s security guidelines were properly followed. After implementing these solutions, I tested their effectiveness using an emulator. I also updated the functional documentation and created test execution materials to ensure comprehensive verification.In my second project, I was responsible for updating a Security Target document that described a satellite ground segment, with the aim of achieving a certification equivalent to Common Criteria. My role involved detailing the network architecture, access control mechanisms, and logging system, as well as ensuring their compliance with the defined security requirements. Show less

• 

  SERMA TECHNOLOGIES

  Mar 2009 - Dec 2016

  I conducted security evaluations for smart cards (banking cards, e-passports, electronic driving licenses) and payment terminals across various industry security standards, including Common Criteria, CSPN, EMVCo, Mastercard, and VISA schemes:- I performed code reviews (assembly, C, Java Card) to identify software vulnerabilities and potential attack vectors, particularly focusing on fault injection attacks such as LASER and Electromagnetic (EM) techniques. Also, I ensured compliance with security recommendations and standards.- I collaborated with hardware teams to design and execute tests, including spatial-temporal attack mapping, and analyzed results to assess the success or failure of fault-injection attempts.- I developed test scripts and tools for fault characterization on open samples, enabling precise analysis of system weaknesses.- I conducted comprehensive reviews of functional documentation, design and architecture documents, security guidelines, and test procedures to ensure alignment with security requirements.- I authored detailed technical reports in English, summarizing findings, test methodologies, and compliance outcomes.- I led fuzz testing to uncover software vulnerabilities and implemented functional specification tests to validate product security and performance. Show less

  • PCI PTS Technical Manager

    Apr 2016 - Dec 2016

  • Security Software Evaluator

    Mar 2009 - Dec 2016
• 

  Eshard

  Dec 2016 - now

  Expert en cybersécurité

  I am the lead Developer of a code emulation tool designed to simulate Side-Channel Attacks (SCA) and Fault Injection Attack:- I developed core features, including binary execution, Python libraries, tutorials, and use cases.- I delivered product demonstrations at conferences and showcased tool capabilities during client trials.I offered diverse expertise:- on White-Box Cryptography implementations (e.g., AES, ECDSA), nuSIM products, or other IoT devices, such as those related to eHealth.- I conduct hardware attack simulations (SCA and fault injection).- I execute EM fault injection campaigns on System-on-Chip (SoC) platforms.- I conduct fuzzing campaigns at both the application and communication layers.- I analyze source code or perform reverse engineering on binary code.I deliver training sessions, delivered both on-site and remotely.I work on various architectures architectures (ARM, Intel, RISC-V) and targets:- Bootloaders: u-boot, MCUboot.- Operating systems: ARM TFM, Zephyr.- Cryptographic algorithms: DES, AES, Elliptic Curve cryptography.I leveraged advanced tools and environments:- Development: JupyterLab, Python.- Reverse engineering: Ghidra, IDA Pro.- Emulation: QEMU, Unicorn, Qiling.- Fuzzing: AFL++, Boofuzz. Show less