Quokka: A Fast and Accurate Binary Exporter

Quarkslab is open-sourcing Quokka, a binary exporter to manipulate a program's disassembly without a disassembler. This blog post introduces the project, details some parts of its inner workings, and showcases some potential usages. Quokka enables users to write complex analyses on a disassembled binary without dealing with the disassembler API.

more ...

Defeating eBPF Uprobe Monitoring

This article introduces a kind of eBPF program that may be used to monitor userspace programs. It first introduces you to eBPF and uprobes and then explores the flaws that we found in uprobes.

more ...

Attacking Titan M with Only One Byte

Following our presentation at Black Hat USA, in this blog post we provide some details on CVE-2022-20233, the latest vulnerability we found on Titan M, and how we exploited it to obtain code execution on the chip.

more ...

Secure Messaging Apps and Group Protocols, Part 2

In the first part of the blogpost, we tackled the issue of 1v1 conversations, and it is now time to see how this applies to 1vMANY: group chats! We will give an overview of current solutions, and then have a look at the Messaging Layer Security working group.

more ...

Binbloom blooms: introducing v2

In this blogpost we present our brand new version of binbloom, a tool to find the base address of any 32 and 64-bit architecture firmware, and dig into the new method we designed to recover this grail on both of these architectures.

more ...

Secure Messaging Apps and Group Protocols, Part 1

Today's communications are, as frequently requested by users, more and more secure. In this first part of the blogpost, we will detail some key features of instant messaging applications, in the setting where (only) two parties want to communicate.

more ...

Digging Into Runtimes – runc

Everyone knows about Docker but not a lot of people are aware of the underlying technologies used by it. In this blogpost we will analyze one of the most fundamental and powerful technologies hidden behind Docker - runc.

more ...

Commit Level Vulnerability Dataset

In this blog post, we present a new vulnerability dataset composed of thousands of vulnerabilities aimed at helping security practitioners to develop, test and enhance their tools. Unlike others, this dataset contains both the vulnerable and fixed states with source data.

more ...

A Brief Overview of Auditing XCMv2

Parity Tech mandated Quarkslab to audit XCM version 2 (XCMv2), a cross consensus communication mechanism. This messaging protocol is a cornerstone of the Polkadot ecosystem as it enables communications between chains on a network. This blog post summarizes few security aspects related to this technology and its implementation. The full audit report is available in PDF format at the end of this article.

more ...

Heap Overflow in OpenBSD's slaacd via Router Advertisement

In this blog post we analyze a heap overflow vulnerability we discovered in the IPv6 stack of OpenBSD, more specifically in its slaacd daemon. This issue, whose root cause can be found in the mishandling of Router Advertisement messages containing a DNSSL option with a malformed domain label, was patched by OpenBSD on March 21, 2022. A proof-of-concept to reproduce the vulnerability is provided.

more ...