Embedded systems & IoT security

From architecture
to pentest,
your security partner
throughout.

Security consulting, product audits and training for teams developing embedded systems and connected products.

scroll
Thales
French Ministry of Defense
MediaTek
EPITA
Université de Bordeaux
Thales
French Ministry of Defense
MediaTek
EPITA
Université de Bordeaux
01 — Services

Audit, consulting,
training.

Full attack surface coverage: hardware, firmware, communication protocols, web interfaces, cryptography.

01 — Pentest & Audit

Pentest &
Product Audit

Real-world attack simulation: identification and exploitation of vulnerabilities across the full attack surface — embedded, firmware, protocols, web, mobile.

Two engagement modes: black-box (no source access, realistic attacker perspective) or white-box (with source access, exhaustive analysis).

Custom fuzzing platform development. AI applied to vulnerability detection. Detailed report with CVSS scores and remediation recommendations.

IoT / Embedded Reverse engineering Fuzzing Web / Mobile Hardware AI & Security
02 — Consulting

Secure Architecture Consulting

Defining a secure architecture before development begins: attack surface mapping, cryptographic primitive selection, design review. Ongoing involvement throughout development is also possible for incremental remediation.

Architecture Cryptography Code review
03 — Training

Training & Awareness

Software security, vulnerability exploitation and cyber awareness training. Adapted to the audience's level, from development teams to non-technical staff. Already delivered at EPITA (Master's level) and MediaTek.

Developers Technical teams Awareness
02 — Approach

From first commit
to final audit.

Security can be integrated at every stage of a product's development, from initial design to production release.

Phase 01

Design & architecture

Attack surface definition, cryptographic primitive selection, architecture review. Early involvement reduces the cost of remediation significantly.

Phase 02

Development support

Code review, vulnerability identification and remediation recommendations sprint by sprint, without impact on the delivery schedule.

Phase 03

Pentest & final audit

Audit or pentest of the product in production-equivalent conditions. Report with CVSS scores, vulnerability classification and remediation recommendations. Team debrief.

Option

Team training

Training on common vulnerability patterns: memory corruption, injections, incorrect use of cryptography. Reduces the attack surface structurally over the long term.

03 — Profile

Yoann
Dandine

Security expert specialising in embedded systems and IoT vulnerability research: manual and AI-assisted code review, fuzzing, across targets ranging from secure boot to TrustZone, firmwares and virtual machines. Following engagements at the French Ministry of Defense and Thales Security Lab, I have been working independently as b0rg since 2024.

MSc in Computer Security & Cryptology, Université de Bordeaux.

Experience
Senior Security Researcher
MediaTek
2022 — present
Founding member of the UK Product Security Team. Vulnerability research across all product lines (secure boot, TrustZone, firmwares, VMs), fuzzing platform development, bug bounty programme, AI applied to vulnerability detection.
Instructor
EPITA
2025 — present
Software and hardware security: memory corruption exploitation, fault injection, side-channel analysis and modern mitigations. Master's level (BAC+4/5).
Security Engineer
Thales Security Lab
2021 — 2022
Bank payment systems, hardware security (fault injection), chipsets, defense equipment and connected devices — bare-metal, TEE and APK targets.
Security Researcher
French Ministry of Defense
2017 — 2021
Vulnerability research, reverse engineering and tooling for the security of communication systems against independent and state-level threats.
Education
Université de Bordeaux
MSc in Computer Security & Cryptology.

Contact

b0rg is a sole trader based in Toulouse, France.
For any inquiry, use the address below.

loading...

b0rg is spelled with a zero, not an 'o'