Examining the August Smart Lock

A blog post about the security implemented in the August Smart Lock, with special focus on the Bluetooth Low Energy capabilities.

more ...

Introduction to Whiteboxes and Collision-Based Attacks With QBDI

This post is a noob-friendly introduction to whiteboxes along with the presentation and explanation of a (not-new) collision-based attack. The attack is demonstrated against a public whitebox, using QBDI to instrument and analyze the target in order to produce traces of execution.

more ...

Why are Frida and QBDI a Great Blend on Android?

This blog post dives into how to get a better understanding of an Android native function by taking full advantage of both Frida and QBDI.

more ...

A Deep Dive Into Samsung's TrustZone (Part 3)

This third article from the Samsung's TrustZone series details some vulnerabilities that were found and how they were exploited to obtain code execution in EL3.

more ...

Triton v0.8 and ARMv7: A Guideline for Adding New Architectures

This blog post is a follow-up on the announcement of Triton v0.8, where we explain how we added support for ARMv7 and provide a guideline for adding new architectures.

more ...

Playing Around With The Fuchsia Operating System

A look at the new Fuchsia Operating System.

more ...

Ansible Security Assessment

Ansible is an open-source software automating configuration management and software deployment. Ansible is used in Quarkslab to manage our infrastructure and in our product Irma. In order to have an idea of the security of Ansible, we conducted a security assessment. This blogpost presents our findings.

more ...

How a Security Anomaly was Accidentally Found in an EAL6+ JavaCard

In the context of the Inter-CESTI 2019 challenge, we "accidentally" found a timing difference disclosing the length of a PIN handled via the standard OwnerPIN.check JavaCard API. Here is the story.

more ...

Reverse Engineering a VxWorks OS Based Router

A blog post about how to reverse engineer a VxWorks based device.

more ...

Triton v0.8 is Released!