Internship Offers for the 2025-2026 Season

Posted Mon 20 October 2025
Author Quarkslab
Category Life at Quarkslab
Tags job, internship, ECU, LLM, reverse engineering, BLE, Bluetooth, Android, satellite, fuzzing, cryptography, cryptanalysis, Golang, Linux kernel, vulnresearch, 2025

The internship season is back at Quarkslab! Our internship positions cover a wide range of topics and expertise, and aim at tackling new challenges in various fields.

We also welcome people with wide but realistic creativity, so if you have an idea and want to join the team, don't hesitate to reach out to discuss it with our experts!

Our goal is to publish most of the results of our internships. Here are some examples of publications from previous internships:

Quarkslab's team is always pleased to welcome new talents who want to work on complex security research subjects. If you want to face new challenges and work in a dynamic environment where curiosity and teamwork are at the heart of our way to do R&D, please apply!

In particular, we would be very happy to welcome more applications from female candidates, and under-represented minorities. Quarkslab is dedicated to making the cybersecurity world more welcoming and inclusive for all, and that starts with our internships.

With that in mind, and because we know impostor syndrome is a big obstacle for women in particular -- we've been there -- don't hesitate to reach out to us at icandoit-AT-quarkslab-DOT-com to discuss your skills, and we will help you navigate our offers.

How to Apply?

To apply for an internship position, you must be a student, able to efficiently communicate on technical matters in written and spoken English, and willing to present the results of your internship to a large group of curious Quarkslab colleagues. Beforehand, you need to prepare the following elements:

  • A resume;
  • A cover letter: avoid the generic letter saying that you are so motivated and that we are so interesting. We welcome a more personal letter which explains why the topic is of particular interest to you, why you, and why us;
  • Your proposed solution to the assignment attached to the offer you are interested in.

Package these elements and send them via email to internship-AT-quarkslab-DOT-com, with the subject field containing the internship name mentioned in the respective offer.

Do not forget that the key aspect of a good application is being curious and motivated, not meeting all requirements listed in the offers below should not prevent you from sending us your application, and we can discuss your skills. Keep in mind that internships are meant for learning. Let's go!

Selection Process

Each internship offer comes with a little assignment that should not require too much time to be completed. The result will show us not only the type of skills and knowledge you already possess, but also how ingenious you are and how well you can present your reasoning. It will serve as the basis for the interview you will have in the selection process. The assignment works both ways and is also intended to make sure that you like the topic as well as the technical aspects of the internship. If unsure about a specific aspect of a challenge, do not hesitate to drop us an email. We are open to discussion!

The first applications usually reach us a few days after publication, and we start reviewing them right away. Some internships are filled before the end of the year, while others remain open until March.

Did you notice the colored circles next to the title of the offers at the top of this blogpost? They reflect the state of internships:

  • 🟢 Waiting for applications;
  • 🟠 Reviewing applications, we are still accepting internship assignments but hurry up;
  • 🔴 Internship is filled.

Being an Intern at Quarkslab

Training and helping people grow in the security industry is part of the company's DNA. That is why we provide in-depth blogposts, tools, trainings, weekly internal conferences (called Fridaycon, guess when they are), we teach in universities and schools and write articles in tech magazines. Sharing is caring, but sharing is also learning. We provide the environment for that and the rest relies on you.

Intern package in France:

  • Salary: €1800 gross per month (approximately €1550 net);
  • "Tickets restaurant" (restaurant coupons);
  • In-depth and challenging topics.

Internships Topics

🟢 My car is my passport, verify me

A survey of privacy-related data and Personally Identifiable Information stored in automotive Electronic Control Units and how to protect them.

Description

Modern automotive embedded a large amount of Electronic Control Unit (ECU) to assist the driver and enhance his driving experience. Some of those ECU collect data that could be considered as Personally Identifiable Information (PII) or that could affect privacy.

The aim of this internship is to study a set of ECUs to evaluate what kind of PII or privacy related data are stored, how they are protected against the extraction from a malicious actor.

Required Skills

  • Embedded device and firmware security (basic to intermediate).
  • Reverse Engineering (basic to intermediate).
  • Cryptography engineering: Symmetric cryptography, signing, hashing, CSPRNG (basic).
  • File systems (FAT32, UBIFS, YAFFS) (preferred).

What you will do

During this internship, you'll assess how Personally Identifiable Information (PII) and privacy related data are stored and protected in an Electronic Control Unit (ECU) and if an attacker could be able to extract data using exposed interfaces (CAN, USB, Automotive Ethernet...).

To do so, you'll perform several tasks:

  • Build a test-bench to evaluate the ECU.
  • Identify and dump external memory chips and micro-controller's firmware using debug interfaces and chip-off techniques.
  • Analyse dumps from memory chips to identify data of interest.
  • Reverse-engineer firmware or binaries of interest.
  • Explore automotive-specific interfaces to interact with the main chips.

You'll be assisted by cybersecurity experts.

Assignment

Find and read carefully a write-up with an analysis of an ECU storing data of interest (PII, cryptographic material, etc). Describe the various techniques used to gain access to the memory and recover those data. Discuss any relevant design or implementation flaws that led to this access and ways to secure it.

Explain the potential impact of extracting the date data to the user or the manufacturer. On the car model of the studied ECU, list other ECUs that could store sensitive information from a privacy point of view and the associated risks if those data are accessible to an attacker. Be as specific as possible.

Duration

6 months.

Location

Paris, France.

🟢 LLM-Assisted Reverse Engineering

Description

Explore how a Large Language Model (LLM) can assist human reverse engineers in understanding compiled binaries (x86/ARM). The goal is to link assembly to semantics, automatically infer behavior, identify key routines, and recognize cryptographic primitives.

Required Skills

  • Programing: Python (intermediate)
  • Reverse engineering (intermediate)
  • Assembly and binary structures(intermediate)
  • Prompt engineering & use of LLM APIs (basic)

What you will do

During the internship you will work a project with some specific goals and milestones.

  1. Reproduce existing research such as “Machine-Language Model for Software Security” (see #bibliography below).
  2. Build a full analysis pipeline (binary → disassembly (Ghidra/IDA/Bninja) → pseudo-code → embeddings → LLM-based interpretation.
  3. Extend previous work by:
    • Adding an interactive assistant (chat-based RE helper).
    • Evaluating the tool on real binaries (malware, compiled open-source tools).
    • Measuring performance and accuracy of semantic inference.

Expected Results

  • A prototype tool that describes binary behavior using an LLM.
  • Quantitative evaluation (accuracy of function descriptions).
  • Qualitative evaluation of usefulness for human analysts.

Bibliography

Assignment

  • Get the apksigner app.
  • Build a simple pipeline to decompile → analyze → LLM → synthesize.
  • In a short document, provide the resulting synthesis and 2 pages explaining how you built the pipeline.

Duration

6 months.

Location

Paris, France.

🟢 Analysis of a proprietary mesh network protocol

Reverse engineer a propietary wireless protocol implementation FTW!

Description

A vendor producing a lot of wireless-enabled System-on-Chips (SOCs) used in various IoT devices, developed its own wireless mesh network which they advertise as a proprietary "Bluetooth Mesh" protocol. The vendor provides a Bluetooth Low Energy gateway, that has already been reverse-engineered and documented, to access the custom mesh network but their own custom protocol, used to make devices communicate over the air, still remains a black box.

We want to open that box and look inside.

Required Skills

What you will do

In this internship you will:

  • Reverse-engineer and document the vendor's mesh network protocol, using both an off-the-shelf Bluetooth Mesh smart bulb kit and the vendor's Bluetooth Mesh Starter Kit
  • Search for vulnerabilities in the mesh protocol implementation and develop one or more proof-of-concepts
  • Add support for the propietary mesh network protocol to WHAD, and develop dedicated tools for recon and exploitation
  • Present your research project internally to peers, communicate it publicly in a blog post, paper or conference talk.

Assignment

Contact us to receive an internship challenge to apply.

Duration

6 months.

Location

Paris, France.

🟢 Vulnerability assessment and exploitation of satellite communication systems

Description

This internship project focuses on assessing and exploiting vulnerabilities in satellite communication systems, to improve their resilience against cyber threats. The intern will simulate various cyber-attacks on a selected satellite system, analyzing its communication interfaces, and attempting to identify and exploit weaknesses. The project will also involve designing and testing mitigation strategies that can defend satellite systems against these attacks. Over the six months, the intern will develop practical cybersecurity skills while working with satellite communication technology and conducting in-depth research.

Required Skills

  • Programming Skills: Proficiency in Python, C++, or related languages for scripting attack simulations and data analysis.
  • Research Skills: Ability to conduct comprehensive literature reviews, interpret technical documents, and apply findings to real-world systems.
  • Data Analysis: Knowledge of data analysis tools to retrieve and analyze intercepted satellite signals.
  • Cybersecurity Knowledge: Understanding of security assessment techniques, vulnerability research, and penetration testing.

What you will do

  • Satellite System Selection: Identify and analyze a suitable satellite system (e.g., aging weather satellite, decommissioned research satellite) for vulnerability testing.
  • Communication Interface Analysis: Perform a detailed analysis of the satellite’s communication systems, including uplink (command) and downlink (data) channels, identifying potential security vulnerabilities in these pathways.
  • Attack Simulations: Conduct simulated cyber-attacks on the selected satellite.
  • Data Retrieval and Analysis: Attempt to retrieve valuable data from the satellite's transmissions, such as telemetry and operational commands. Analyze the data for potential security risks and sensitive information leaks.
  • Mitigation Strategy Development: Propose and validate cybersecurity measures to protect the satellite from future threats, based on the results of attack simulations.

Assignment

  1. Choose a Relevant CVE:
    Select a CVE from 2022 or later that impacts satellite communication systems, satellite ground stations, or related components. For example: CVE-2024-44910, CVE-2024-44911, CVE-2024-44912. There exists a detailed blogpost explaining the latter mentioned CVEs, if you choose either of them try to dig deeper.

  2. Detailed Analysis:

    • Root Cause Analysis: Describe the root cause of the vulnerability, including the affected components and how the flaw originated. Discuss any relevant design or implementation flaws that led to the vulnerability.
    • Impact Assessment:
      Explain the potential impact of the vulnerability on satellite operations and security. Consider scenarios such as data interception, service disruption, or unauthorized control.

  3. Exploitation Path:

    • Outline a clear exploitation path for the vulnerability. Describe the steps an attacker would need to take to exploit the identified vulnerability effectively.
    • Include any prerequisites or conditions required for successful exploitation.

  4. Proof of Concept (PoC):

    • Develop a non-functional proof of concept to demonstrate the feasibility of your exploitation path. This could be a code snippet, a detailed walkthrough, or a flowchart illustrating the attack steps.
    • Provide clear instructions on how the PoC can be replicated or tested.

Duration

  • 6 months

Location

Paris, France.

🟢 AI-Based detection of cryptographic vulnerabilities in source code

Description

Develop an AI system capable of automatically detecting misuse of cryptography in source code. Typical errors include hardcoded keys, use ECB mode, weak random numbers, fixed initialization vectors, use of weak parameters.

Required Skills

  • Programing: Python, Pandas, scikit-learn (intermediate).
  • Cryptography engineering: Symmetric cryptography, signing, hashing, CSPRNG (intermidiate).
  • Static code analysis & pattern recognition (basic)
  • Model prompting or fine-tuning (basic)
  • Secure coding practices for C, C++, Python, Rust (intermidiate)

What you will do

Over the course of your 6 month internship you will work on building an AI-based source code analysis system capable of identifying the use of cryptography and detect common misuses.

You will:

  1. Build a labeled dataset of vulnerable and safe code snippets (from CWE/CVE sources).
  2. Fine-tune or adapt a language model to detect misuse patterns.
  3. Integrate the model into a static analysis or linting tool (CLI or IDE plugin).
Expected Results
  • A working AI-based static analyzer for crypto misuse.
  • A report explaining the vulnerabilities found.
  • Comparison / integration with existing tools (Bandit, Semgrep, CryLogger).
  • A presentation of your research project internally to peers, as well as a public communication (blog post, paper or conference talk) about it.

Assignment

Download the AEStoy challenge and follow the instructions in the README file.

Duration

6 months.

Location

Paris, France.

🟢 Hack a Tooth: Proprietary Bluetooth stack analysis

Description

A vendor released a SoCs family that support IEEE 802.15.4 and Bluetooth 5.4 PHYs, as well as a set of proprietary stacks that can be installed on these chips to support Bluetooth Low Energy or ZigBee protocols. This SoC is used in the first version of FlipperZero, but its wireless capabilities are not fully leveraged due to limits imposed by the vendors on the RF capabilities.

The SoC provides a secure environment to run proprietary protocol stacks, combined with a pre-provisioned encryption key and a public key to authenticate any stack application pushed into its secure area. The internal RF hardware peripherals are unknown but these stacks could be extracted through a vulnerability found on the SoC family.

This internship is a journey of exploration of a proprietary stack on a wireless SOC.

Required Skills

  • ARM reverse-engineering (intermediate)
  • Embedded exploit development in C/C++ (basic to intermediate)
  • Knowledge about how RF hardware peripherals are usually implemented (basic)

What you will do

The goals of this internship are:

  • Jailbreak a SoC devkit by exploiting a documented vulnerability to allow deployment of a modified stack.
  • Reverse-engineer the SoC's RF hardware peripherals and corresponding registers through analysis of one or more stacks.
  • Document the RF-related registers and, if identified, any other registers related to different peripherals.
  • Implement basic 2.4GHz RX/TX primitives based on the reversed RF hardware peripheral using a devkit
  • Setup a FlipperZero application to automate jailbreaking and/or to provide a basic 2.4GHz GFSK scanner/sniffer

At the end of the internship you are expected to present your research project internally to peers, and to communicate it publicly in a blog post, paper or conference talk.

Assignment

Contact us to receive an internship challenge to apply.

Duration

6 months.

Location

Paris, France.

🟢 Binary fuzzing on a mobile platform

Binary Fuzzing on a mobile platform

Description

Experiment with fuzzers and develop what's necessary to target binary programs and libraries on Android or iOS.

Description

Required Skills

  • Programing: Python (intermediate)
  • ARM32/Aarch64 assembly and binary structures(basic)
  • Fuzzers and fuzzing infrastructure (basic)

What you will do

Over the course of your 6 month internship you will work on experimenting and building binary fuzzers capable of targeting native libraries on Android or binary components on iOS. Especially, a focus will be given on using QBDI, Quarkslab's instrumentation framework.

The goal will be to develop fuzzers, or fine-tune existing ones, to enable targetting of native libraries in fuzzing campaigns, then to test your fuzzer against real targets and find vulnerabilities.

At the end of the internship you will deliver:

  • Functional tooling that can be used during security assessment.
  • A report explaining design choices and benchmarking efficiency against existing solutions.
  • A presentation of your research project internally to peers, as well as a public communication (blog post, paper or conference talk) about it.

Assignment

Download the challenge app and follow the instructions in the README file.

Duration

6 months.

Location

Paris, France.

🟢 gTrace: Dynamic instrumentation of Go programs

Description

Go (Golang) powers the modern cloud. From Kubernetes and Docker to Containerd and gVisor, most of today’s cloud-native technologies are built in Go.

Yet, despite being open-source, Go programs are notoriously hard to analyze or extend dynamically. You usually have to recompile them to modify behavior or collect runtime insights.

But what if you could observe and extend Go binaries while they're running, without touching their source code?

This internship focuses on gTrace, an internal research project that brings dynamic binary instrumentation to Go. Think of it as a way to inject observability, debugging, and new behaviors into Go programs at runtime, similar to what eBPF does for the kernel, and Frida at the user-space level.

Currently, gTrace exists as a working prototype developed over several years of internal R&D. Your mission is to help transform it into a robust, open-source-ready tool for the wider community.

You'll contribute to a project at the intersection of systems programming, Go runtime internals, and binary instrumentation.

Required Skills

  • Strong knowledge of Go (Golang).
  • Experience using a debugger (e.g. gdb, delve).
  • Basic understanding of compilers, linkers, and build systems.
  • Basic understanding of x86 assembly and Linux.

What you will do

During this 6-month internship, you will:

  • Work directly on gTrace, an internal dynamic instrumentation framework for Go.
  • Design and implement key missing features to bring it to production quality.
  • Improve runtime stability, API usability, and integration with modern Go versions.
  • Collaborate with experienced engineers and researchers on systems-level tooling.

By the end of the internship, you'll have deep hands-on experience with Go internals, dynamic analysis techniques, and open-source tooling. You'll also have the opportunity to write a blog post (or why not series of blog posts?) which will be published on our blog and shared with our peers. Upon successful completion, you'll have the chance to present the tool at a conference.

Assignment

Solve this challenge: Extracting Asynchronous Preemption Safe Points from Compiled Go Binaries

Overview

Asynchronous preemption, introduced in Go 1.14, enhances the responsiveness and fairness of Go's scheduler. Prior to this feature, the Go runtime could only preempt (interrupt) a running goroutine at a limited set of safe points, typically during function calls, channel operations, or blocking system calls. As a result, CPU-bound or long-running loops without such calls could monopolize a thread, delaying garbage collection and starving other goroutines.

With asynchronous preemption, the Go runtime can now interrupt goroutines at more places during their execution, not just at function call boundaries. This mechanism relies on close cooperation between the compiler and the runtime:

  • The compiler emits metadata marking which instruction regions are safe or unsafe for preemption.
  • The runtime emits signals to running threads, inspects the generated by the compiler metadata associated to the PC (Program Counter), and, if the PC's address value corresponds to a safe preemption point, the runtime suspends the goroutine safely.

Further Reading

Objective

The goal of this task is to develop a Go program that identifies and retrieves all asynchronous preemption safe points for all user-defined ("userland") functions from a compiled but not stripped Go binary.

The Go compiler embeds detailed runtime metadata in every compiled binary, including:

  • Function metadata (names, entry points, stack sizes, argument and return value counts).
  • Line tables (mapping program counters to source file lines).
  • Stack maps and garbage collection data for function arguments and local variables.
  • PCDATA and FUNCDATA tables that describe, among other things, safe points for garbage collection and asynchronous preemption

Task Description

1. Locate and parse the pcln table

Extract the pclntab structure from the binary and identify relevant function metadata:

  • _func entries (per-function metadata)
  • pclntab headers and offsets
  • Per-PC (program counter) data streams

Reference Material

2. Extract asynchronous preemption safe points

Use PCDATA channel information to determine preemption-safe locations within each function:

  • The PCDATA table is multi-channel; channel 0 encodes preemption safety status per program counter.
  • A value of $-1 (_PCDATA_UnsafePointSafe) indicates a safe preemption point.
  • A value of $-2 (_PCDATA_UnsafePointUnsafe) indicates an unsafe region.

Reference Material

3. Filter out non-application functions

Exclude Go runtime and standard library symbols to focus only on user-defined functions. This filtering can be performed before or after parsing safe points.

4. Generate structured output

Produce a well-defined output format (e.g., JSON) that includes:

  • Function name
  • Code address ranges
  • Corresponding source file and line number (if available)
  • Program counters of safe preemption points

Expected Deliverables

  • A Go-based tool that:

  • Parses a compiled Go binary.

  • Extracts and reports asynchronous preemption safe points for each userland function.

  • Documentation describing:

  • The process of parsing the pclntab structure.

  • The logic used to interpret PCDATA entries and identify safe points.
  • Known limitations and suggestions for future extensions (e.g., cross-platform parsing or visualization).

Duration

6 months.

Location

Paris, France.

🟢 Level up on Android kernel exploitation

Description

Over the past years exploitation of kernel vulnerabilities has become increasingly difficult and convoluted, demanding in-depth knowledge of kernel data structures, subsystems and mitigation mechanisms.

Kernel exploitation is an art as well as a craft, and keeping up to date on the latest developments provides a great learning opportunity.

This internship is about writing exploits for Linux kernel vulnerabilities.

Required Skills

  • Strong knowledge of C and Python (intermediate)
  • ARM architecture and Aarch64 assembly (basic)
  • Familiarity with classic exploitation techniques (intermediate)
  • Knowledge of modern exploit mitigations (basic)
  • Linux user and kernel knowledge (intermediate)
  • Use of kernel debuggers (intermediate)

What you will do

This internship has two primary objectives:

  • Develop working exploits for one or more publicly known Linux kernel vulnerabilities.

  • Development of a knowledge base on exploitation techniques and the Linux/Android kernel, documenting:

    • Kernel security mechanisms and relevant data structures
    • Kernel exploit mitigations on Android
    • Generic exploitation techniques (not necessarily kernel-specific)
    • Exploitation techniques for the Linux/Android kernel

At the end of the internship you will present your project internally to your peers, and do a public communication (blog post, paper or conference talk) about it.

Assignment

Contact us to receive an internship challenge to apply.

Duration

6 months.

Location

Paris, France.

If you would like to learn more about our security audits and explore how we can help you, get in touch with us!