Stages et alternances 2014-2015

Quarkslab propose plusieurs stages, certains sujets pouvant aussi être aussi traités sous forme d'alternance. Ca touche à des tonnes de domaines : recherche de vuln, analyse de code, crypto, compilation, reconnaissance réseau, malware et réponse à incidents. Bref, il y en a pour tous les goûts.

more ...

Python Challenge: The End

Two weeks ago we proposed a Python CTF with a few tickets to HITB KUL to win. Here come the results!

more ...

You like Python, security challenge and traveling? Win a free ticket to HITB KUL!

If you do not like reverse engineering but still like security challenges, we built one for you. And you can use your brain to get a free entry to HITB KUL: https://conference.hitb.org/hitbsecconf2014kul/

more ...

SCAF - Source Code Analysis Framework based on Clang - Pre-alpha preview

We recently began to work on source code analysis and the main objective was to easily collaborate on a same analysis. So, we started to develop a framework based on Clang that will be described in this blog post.

more ...

A glance at compiler internals: Keep my memset

Why does some memset calls get optimized away by the compiler? Let's investigate!

more ...

USB Fuzzing Basics: From fuzzing to bug reporting

We recently begun to search bugs in USB host stacks using one of our tool based on the Facedancer. This article first presents our fuzzing approach followed by a practical example of a bug in Windows 8.1 x64 full-updated. The goal of this article is not to redefine state-of-the-art USB fuzzing, nor to give a full description of our fuzzing architecture, but rather to narrate a scenario which starts from fuzzing and ends up with a bug report.

more ...

Building an obfuscated Python interpreter: we need more opcodes

Where building a custom obfuscated Python interpreter for a Python packer turned into an optimized Python interpreter.

more ...

Convert IPv4 string representation to a 32-bit number with SSE instructions

Back in the days when I was playing with SSE instructions, I was trying to optimize every workload that I could think of. One of these was to convert thousands of IPv4 strings to 32-bit numbers for further processing. This article shows one way to optimize such a thing, and how the SSE instructions set can be used to get the better of your $1000 Intel CPU :)

more ...

Windows 8 ate my cookie

Modern OSes have a feature that mitigates the exploitation of stack based buffer overflows. It basically works by writing a "cookie" value before the return address in the stack in the prologue of a function and checking it before the function returns (for further information, see [1] and [2]). This article talks about how this mitigation has been enforced in Windows 8.

more ...

TCP backdoor 32764 or how we could patch the Internet (or part of it ;))

Eloi Vanderbéken recently found a backdoor on some common routers, which is described on his GitHub here. Basically, a process that listens on the 32764 TCP port runs, sometimes accessible from the WAN interface. We scanned the v4 Internet to look for the routers that have this backdoor wild open, and gathered some statistics about them. We will also present a way to permanently remove this backdoor on Linksys WAG200G routers.

more ...