Skip to main content

Hello, I'm

Andrew Bellini.

IoT Security Researcher · Educator · P.Eng

I find bugs in IoT and embedded devices, and I teach other people how to do it.

About

Andrew Bellini is an IoT and hardware security researcher, educator, and Professional Engineer (P.Eng). He works on firmware reverse engineering and vulnerability discovery in IoT and embedded devices.

Andrew has presented at DEF CON IoT Village and has discovered and published multiple CVEs, including three vulnerabilities in the Tenda AC8 V5.0 router (authentication bypass, command injection, and stack buffer overflow). He also created PIPA (the Practical IoT Pentest Associate certification), a hands-on practical exam focused on real-world IoT penetration testing.

Andrew has authored courses on IoT and hardware hacking, assembly, and AI security. Outside of security, Andrew is a dad, enjoys the outdoors and riding his bicycle.

Research & Work

Tenda AC8 Vulnerability Disclosures

Discovered and disclosed three CVEs in the Tenda AC8 V5.0 router: authentication bypass, command injection, and stack buffer overflow.

  • CVE
  • Firmware
  • Embedded

PIPA Certification

Creator of the Practical IoT Pentest Associate certification. Hands-on practical exam with cloud-hosted labs.

  • Training
  • Certification
  • IoT

wairz

Browser-based firmware reverse engineering platform with Ghidra, QEMU, and AI-assisted analysis. Built in React and FastAPI.

  • Reverse Engineering
  • AI
  • Platform

DEF CON 32 IoT Village Talk

'Anyone Can Hack IoT: A Beginner's Guide to Hacking Your First IoT Device.' Intro to IoT pentesting, given at DEF CON 32.

  • Talk
  • DEF CON
  • IoT

Courses & Training

Speaking

  1. 2024
  2. 2024

    DEF CON Toronto

    IoT Hacking Workshop

Blog

Writeups and research notes live on the blog.

Read all posts →