Archives for Quarkslab's blog
- Thu 21 September 2023
- Reversing Windows Container, episode I: Silo
- Thu 07 September 2023
- Debugging Windows Isolated User Mode (IUM) Processes
- Tue 29 August 2023
- Diving into Starlink's User Terminal Firmware
- Mon 21 August 2023
- Breaking Secure Boot on the Silicon Labs Gecko platform
- Mon 14 August 2023
- Android Data Encryption in depth
- Fri 23 June 2023
- For Science! - Using an Unimpressive Bug in EDK II to Do Some Fun Exploitation
- Tue 13 June 2023
- Security audit of Mithril Security BlindAI
- Wed 17 May 2023
- PASTIS For The Win!
- Tue 02 May 2023
- Introducing TritonDSE: A framework for dynamic symbolic execution in Python
- Thu 27 April 2023
- Android greybox fuzzing with AFL++ Frida mode
- Fri 31 March 2023
- A gentle introduction to Microsoft OMI and how to crash it
- Fri 24 March 2023
- Our Pwn2Own journey against time and randomness (part 1)
- Wed 22 March 2023
- Audit of Falco, the open-source cloud-native runtime security
- Tue 14 March 2023
- Vulnerabilities in the TPM 2.0 reference implementation code
- Tue 28 February 2023
- Dark Phoenix: a new White-box Cryptanalysis Open Source Tool
- Tue 07 February 2023
- Post-Exploitation: Abusing the KeePass Plugin Cache
- Thu 24 November 2022
- Digging into the OCI Image Specification
- Mon 17 October 2022
- Internship Offers for the 2022-2023 Season
- Thu 22 September 2022
- Quokka: A Fast and Accurate Binary Exporter
- Tue 30 August 2022
- Defeating eBPF Uprobe Monitoring
- Thu 11 August 2022
- Attacking Titan M with Only One Byte
- Thu 16 June 2022
- Secure Messaging Apps and Group Protocols, Part 2
- Tue 31 May 2022
- Binbloom blooms: introducing v2
- Tue 24 May 2022
- Secure Messaging Apps and Group Protocols, Part 1
- Tue 10 May 2022
- Digging Into Runtimes – runc
- Tue 26 April 2022
- Commit Level Vulnerability Dataset
- Tue 29 March 2022
- A Brief Overview of Auditing XCMv2
- Tue 22 March 2022
- Heap Overflow in OpenBSD's slaacd via Router Advertisement
- Thu 03 March 2022
- Kubernetes and HostPath, a Love-Hate Relationship
- Thu 03 February 2022
- Smali the Parseltongue Language
- Thu 13 January 2022
- Audit of the MimbleWimble Integration Inside Litecoin
- Tue 14 December 2021
- Why is Exposing the Docker Socket a Really Bad Idea?
- Tue 07 December 2021
- Status of post-quantum cryptography implementation
- Thu 18 November 2021
- Digging into Linux namespaces - part 2
- Tue 16 November 2021
- Digging into Linux namespaces - part 1
- Thu 14 October 2021
- Mattermost End-to-End Encryption Plugin
- Tue 12 October 2021
- Internship Offers for the 2021-2022 Season
- Thu 07 October 2021
- kdigger: a Context Discovery Tool for Kubernetes
- Tue 31 August 2021
- Introducing QBDL: how to run the NVIDIA NGX SDK under Linux
- Thu 29 July 2021
- A virtual journey: From hardware virtualization to Hyper-V's Virtual Trust Levels
- Tue 20 July 2021
- Hello Rewind, meet world
- Tue 13 July 2021
- Guided tour inside WinDefender’s network inspection driver
- Tue 18 May 2021
- RFID: Monotonic Counter Anti-Tearing Defeated
- Thu 29 April 2021
- Audit of Session Secure Messaging Application
- Tue 13 April 2021
- Remote Denial-of-Service on CycloneTCP : CVE-2021-26788
- Wed 07 April 2021
- Analysis of a Windows IPv6 Fragmentation Vulnerability: CVE-2021-24086
- Thu 04 March 2021
- Extending Emuroot: support for Android 10 & 11
- Thu 11 February 2021
- QBDI 0.8.0
- Thu 28 January 2021
- Bad Neighbor on FreeBSD: IPv6 Router Advertisement Vulnerabilities in rtsold (CVE-2020-25577)
- Thu 17 December 2020
- Technical Assessment of the herumi Libraries
- Thu 19 November 2020
- RFID: New Proxmark3 Tear-Off Features and New Findings
- Thu 12 November 2020
- How the MSVC Compiler Generates XFG Function Prototype Hashes
- Fri 16 October 2020
- Beware the Bad Neighbor: Analysis and PoC of the Windows IPv6 Router Advertisement Vulnerability (CVE-2020-16898)
- Thu 15 October 2020
- Internships at Quarkslab 2020-2021: the COVID season
- Thu 10 September 2020
- Examining the August Smart Lock
- Tue 18 August 2020
- Introduction to Whiteboxes and Collision-Based Attacks With QBDI
- Tue 04 August 2020
- Why are Frida and QBDI a Great Blend on Android?
- Thu 02 July 2020
- A Deep Dive Into Samsung's TrustZone (Part 3)
- Thu 25 June 2020
- Triton v0.8 and ARMv7: A Guideline for Adding New Architectures
- Tue 09 June 2020
- Playing Around With The Fuchsia Operating System
- Thu 28 May 2020
- Ansible Security Assessment
- Tue 12 May 2020
- How a Security Anomaly was Accidentally Found in an EAL6+ JavaCard
- Thu 07 May 2020
- Reverse Engineering a VxWorks OS Based Router
- Thu 23 April 2020
- Triton v0.8 is Released!
- Tue 24 March 2020
- CVE-2020-0069: Autopsy of the Most Stable MediaTek Rootkit
- Thu 13 February 2020
- PhD Defense of Jonathan Salwan: Use of Symbolic Execution for Binary Deobfuscation
- Thu 16 January 2020
- Reverse Engineering a Philips TriMedia CPU based IP Camera - Part 3
- Tue 17 December 2019
- A Deep Dive Into Samsung's TrustZone (Part 2)
- Tue 10 December 2019
- A Deep Dive Into Samsung's TrustZone (Part 1)
- Tue 26 November 2019
- A Glimpse Into Tencent's Legu Packer
- Tue 19 November 2019
- Irma Past and Future
- Thu 14 November 2019
- CM Browser: HTTPS URL Leak
- Tue 29 October 2019
- EEPROM: When Tearing-Off Becomes a Security Issue
- Thu 24 October 2019
- Analysis of Qualcomm Secure Boot Chains
- Thu 10 October 2019
- Quarkslab Internship Offers for 2019-2020
- Thu 03 October 2019
- Exploring Execution Trace Analysis
- Tue 24 September 2019
- An Experimental Study of Different Binary Exporters
- Wed 11 September 2019
- Epona and the Obfuscation Paradox: Transparent for Users, a Pain for Reversers
- Tue 10 September 2019
- QBDI 0.7.0
- Mon 09 September 2019
- Weisfeiler-Lehman Graph Kernel for Binary Function Analysis
- Mon 02 September 2019
- Obfuscating Java bytecode with LLVM and Epona
- Mon 26 August 2019
- Security Audit of dalek libraries
- Fri 02 August 2019
- Security Audit of Monero RandomX
- Mon 15 July 2019
- CVE-2018-6924: FreeBSD ELF Header Parsing Kernel Memory Disclosure
- Fri 05 July 2019
- Security Audit of Particl Bulletproof and MLSAG
- Tue 18 June 2019
- LLDBagility: practical macOS kernel debugging
- Mon 03 June 2019
- Android Native Library Analysis with QBDI
- Thu 16 May 2019
- Android Application Diffing: Analysis of Modded Version
- Tue 07 May 2019
- An overview of macOS kernel debugging
- Thu 02 May 2019
- Android Application Diffing: CVE-2019-10875 Inspection
- Mon 29 April 2019
- Development of a training ECU
- Wed 24 April 2019
- Android Application Diffing: Engine Overview
- Tue 16 April 2019
- Reverse-engineering Broadcom wireless chipsets
- Wed 27 March 2019
- Android Runtime Restrictions Bypass
- Thu 21 March 2019
- Defeating NotPetya from your iLO
- Mon 11 February 2019
- Reverse Engineering a Philips TriMedia CPU based IP camera - Part 2
- Tue 22 January 2019
- Reverse Engineering a Philips TriMedia CPU based IP camera - Part 1
- Mon 19 November 2018
- Android Challenge
- Wed 07 November 2018
- Internship offers at Quarkslab for the 2018-2019 season
- Thu 25 October 2018
- Playing with the Windows Notification Facility (WNF)
- Mon 22 October 2018
- Security Audit of Monero Bulletproofs
- Tue 16 October 2018
- Unaligned accesses in C/C++: what, why and solutions to do it properly
- Thu 11 October 2018
- Back from CppCon 2018
- Fri 14 September 2018
- Modern Jailbreaks' Post-Exploitation
- Thu 02 August 2018
- Overview of Intel SGX - Part 2, SGX Externals
- Tue 31 July 2018
- Attacking the ARM's TrustZone
- Wed 25 July 2018
- A Story About Three Bluetooth Vulnerabilities in Android
- Thu 12 July 2018
- Symbolic Deobfuscation: From Virtualized Code Back to the Original (DIMVA 2018)
- Tue 10 July 2018
- Easy::jit: Just-In-Time compilation for C++
- Thu 05 July 2018
- Overview of Intel SGX - Part 1, SGX Internals
- Thu 21 June 2018
- Quarks In The Shell - Episode IV
- Tue 19 June 2018
- Introduction to Trusted Execution Environment: ARM's TrustZone
- Mon 11 June 2018
- LIEF 0.9
- Thu 03 May 2018
- When SideChannelMarvels meet LIEF
- Thu 22 March 2018
- Android Bluetooth Vulnerabilities in the March 2018 Security Bulletin
- Wed 07 March 2018
- Flash Dumping - Part II
- Tue 20 February 2018
- Frozen - zero cost initialization for immutable containers and various algorithms
- Fri 02 February 2018
- Reverse Engineering the Win32k Type Isolation Mitigation
- Thu 25 January 2018
- Slaying Dragons with QBDI
- Wed 17 January 2018
- Spectre is not a Bug, it is a Feature
- Thu 02 November 2017
- Have fun with LIEF and Executable Formats
- Mon 30 October 2017
- Internship offers at Quarkslab for the 2017-2018 season
- Wed 11 October 2017
- Reverse engineering of the Nitro OBD2
- Thu 07 September 2017
- Mistreating Triton
- Tue 05 September 2017
- Flash Dumping - Part I
- Tue 18 July 2017
- Vulnerabilities in High Assurance Boot of NXP i.MX microprocessors
- Wed 28 June 2017
- Reverse Engineering Samsung S6 SBOOT - Part II
- Fri 09 June 2017
- PhD defense of Ninon Eyrolles: Obfuscation with Mixed Boolean-Arithmetic Expressions: Reconstruction, Analysis and Simplification Tools
- Mon 22 May 2017
- Frozen - An header-only, constexpr alternative to gperf for C++14 users
- Thu 11 May 2017
- Security Assessment of OpenVPN
- Tue 02 May 2017
- Exploiting MS16-145: MS Edge TypedArray.sort Use-After-Free (CVE-2016-7288)
- Tue 04 April 2017
- LIEF - Library to Instrument Executable Formats
- Wed 08 March 2017
- Make Confide great again? No, we cannot
- Tue 07 March 2017
- Reverse Engineering Samsung S6 SBOOT - Part I
- Thu 23 February 2017
- Analysis of MS16-104: .URL files Security Feature Bypass (CVE-2016-3353)
- Wed 01 February 2017
- Global Dead Code Elimination for LLVM, revisited
- Mon 19 December 2016
- Differential Fault Analysis on White-box AES Implementations
- Wed 14 December 2016
- CVE-2016-7259: An empty file into the blue
- Mon 24 October 2016
- Internship offers at Quarkslab for the 2016-2017 season
- Thu 20 October 2016
- No Tears, No Fears
- Mon 17 October 2016
- Security Assessment of VeraCrypt: fixes and evolutions from TrueCrypt
- Wed 05 October 2016
- Back from CppCon 2016
- Wed 21 September 2016
- On the fly virtualization with Cappsule
- Mon 12 September 2016
- Arybo: cleaning obfuscation by playing with mixed boolean and arithmetic operations
- Thu 04 August 2016
- Xen exploitation part 3: XSA-182, Qubes escape
- Wed 27 July 2016
- Xen exploitation part 2: XSA-148, from guest to host
- Wed 29 June 2016
- A brief survey of Fully Homomorphic Encryption, computing on encrypted data
- Wed 25 May 2016
- Xen exploitation part 1: XSA-105, from nobody to root
- Wed 20 April 2016
- Reversing a Finite Field Multiplication Optimization
- Mon 28 March 2016
- Implementing a Custom Directive Handler in Clang
- Wed 09 March 2016
- Binmap: a system scanner
- Fri 04 March 2016
- Windows Filtering Platform: Persistent state under the hood
- Fri 05 February 2016
- IRMA v1.3.0
- Thu 07 January 2016
- Clang Hardening Cheat Sheet
- Mon 30 November 2015
- Offres de stages Quarkslab pour la saison 2015-2016
- Thu 12 November 2015
- Remote Code Execution as System User on Android 5 Samsung Devices abusing WifiCredService (Hotspot 2.0)
- Tue 03 November 2015
- llvm_dev_meeting:
- Tue 27 October 2015
- goto llvm_dev_meeting;
- Wed 23 September 2015
- What theoretical tools are needed to simplify MBA expressions?
- Mon 21 September 2015
- Kernel Vulnerabilities in the Samsung S4
- Wed 05 August 2015
- A glimpse of ext4 filesystem-level encryption
- Wed 08 July 2015
- Why 2FA would not have saved HT?
- Thu 25 June 2015
- Security assessment of instant messaging app ChatSecure: when privacy matters
- Wed 10 June 2015
- Triton under the hood
- Mon 01 June 2015
- Turning Regular Code Into Atrocities With LLVM: The Return
- Fri 15 May 2015
- HiTB Challenge: IRMA - Results
- Fri 17 April 2015
- HiTB Challenge: IRMA
- Mon 23 March 2015
- MongoDB vs. Elasticsearch: The Quest of the Holy Performances
- Mon 23 February 2015
- Writing your own Analyzer for the Open-Source Multi-Scanner IRMA
- Mon 02 February 2015
- Turning Regular Code Into Atrocities With LLVM
- Thu 04 December 2014
- Deobfuscation: recovering an OLLVM-protected program
- Tue 11 November 2014
- Abusing Samsung KNOX to remotely install a malicious application: story of a half patched vulnerability
- Wed 22 October 2014
- Stages et alternances 2014-2015
- Tue 23 September 2014
- Python Challenge: The End
- Thu 04 September 2014
- You like Python, security challenge and traveling? Win a free ticket to HITB KUL!
- Mon 25 August 2014
- SCAF - Source Code Analysis Framework based on Clang - Pre-alpha preview
- Fri 27 June 2014
- A glance at compiler internals: Keep my memset
- Wed 11 June 2014
- USB Fuzzing Basics: From fuzzing to bug reporting
- Fri 16 May 2014
- Building an obfuscated Python interpreter: we need more opcodes
- Mon 12 May 2014
- Convert IPv4 string representation to a 32-bit number with SSE instructions
- Tue 01 April 2014
- Windows 8 ate my cookie
- Wed 22 January 2014
- TCP backdoor 32764 or how we could patch the Internet (or part of it ;))
- Tue 21 January 2014
- An Angular introduction, and things to keep in mind
- Thu 19 December 2013
- Have you ever played with Domino?
- Wed 20 November 2013
- IDA processor module
- Thu 17 October 2013
- iMessage Privacy
- Mon 09 September 2013
- Unique random number set computation
- Fri 02 August 2013
- Evasi0n Jailbreak: Precisions on Stage 3
- Sat 13 July 2013
- Visual C++ RTTI Inspection
- Wed 13 March 2013
- qb-sync v2
- Wed 15 August 2012
- Bradley, hash-and-decrypt, Gauss ... a brief history of armored malware and malicious crypto
- Mon 09 July 2012
- qb-sync
- Mon 14 May 2012
- Quarks PwDump
- Wed 25 April 2012
- Runtime DLL name resolution: ApiSetSchema - Part II
- Fri 06 April 2012
- Runtime DLL name resolution: ApiSetSchema - Part I