Embedded Files
Matt Knight
Matt Knight
Co-Founder
Matt Knight is software engineer and security researcher based in San Francisco, CA.
Matt specializes in the development of secure embedded systems, and has expertise in both software and hardware. With specific interests in RF networks and physical layers, he notably reverse engineered the LoRa PHY based on blind signal analysis. Matt holds a BE concentrated in Electrical Engineering from Dartmouth College.
Marc Newlin
Marc Newlin
Co-Founder
Marc Newlin is a self-taught hacker and security engineer based in Los Angeles, CA.
The SC2 is his third DARPA challenge, having previously competed solo the DARPA Spectrum Challenge and DARPA Shredder Challenge, placing top-three in both. Marc is an accomplished security researcher, having disclosed wireless vulnerabilities to more than 20 vendors.
Selected Publications
Selected Publications
MouseJack
MouseJack
MouseJack and KeySniffer are classes of attacks against wireless mice and keyboards that implement the nRF24 2.4 GHz wireless protocol. In total, 16 vendors utilizing 4 families of transceivers were affected. This research was conducted while Marc was a member of the Bastille Threat Research team.
Reverse Engineering LoRa
Reverse Engineering LoRa
Matt reverse engineered the LoRa chirp spread spectrum RF protocol in early 2016. He presented the details at CCC 33c3 in Hamburg, Germany, published a paper outlining the process in PoC||GTFO 0x13, and open-sourced a GNU Radio out-of-tree module that implements his findings. This research was conducted while Matt was a member of the Bastille Threat Research team.
So You Want to Hack Radios
So You Want to Hack Radios
Recognizing a content gap between expensive training courses and security talks that effectively amounted to "SDR show-and-tell", Matt and Marc teamed up to develop a concise curriculum that provides a practical introduction to Software Defined Radio-based RF reverse engineering while providing just enough fundamental knowledge to be dangerous. The crux of the talk is their 5 (technically +1) step methodology that can be followed throughout the reverse engineering process, while leaning on open-source intelligence and prior art where possible.
Matt and Marc are available to conduct RF reversing and GNU Radio trainings for your organization. Contact them at team@ for more information.
Radio Exploitation 101
Radio Exploitation 101
Marc and Matt collaborated to deliver a demo-heavy primer on the current landscape of RF attacks, tailored for technical audiences who may not have direct experience with RF, Software Defined Radio, or wireless exploitation.
Fuzzing RF PHYs with TumbleRF
Fuzzing RF PHYs with TumbleRF
Matt is a co-author of TumbleRF, a software framework that facilitates fuzzing RF protocols to find exploitable characteristics in PHY layer standards implementations. It abstracts the test case generation logic upstream and the radio driver downstream into generic and extensible APIs that enable code re-use across protocols and rapid device integration.
Report abuse