Archives for Quarkslab's blog

Wed 17 May 2023
PASTIS For The Win!
Tue 02 May 2023
Introducing TritonDSE: A framework for dynamic symbolic execution in Python
Thu 27 April 2023
Android greybox fuzzing with AFL++ Frida mode
Fri 31 March 2023
A gentle introduction to Microsoft OMI and how to crash it
Fri 24 March 2023
Our Pwn2Own journey against time and randomness (part 1)
Wed 22 March 2023
Audit of Falco, the open-source cloud-native runtime security
Tue 14 March 2023
Vulnerabilities in the TPM 2.0 reference implementation code
Tue 28 February 2023
Dark Phoenix: a new White-box Cryptanalysis Open Source Tool
Tue 07 February 2023
Post-Exploitation: Abusing the KeePass Plugin Cache
Thu 24 November 2022
Digging into the OCI Image Specification
Mon 17 October 2022
Internship Offers for the 2022-2023 Season
Thu 22 September 2022
Quokka: A Fast and Accurate Binary Exporter
Tue 30 August 2022
Defeating eBPF Uprobe Monitoring
Thu 11 August 2022
Attacking Titan M with Only One Byte
Thu 16 June 2022
Secure Messaging Apps and Group Protocols, Part 2
Tue 31 May 2022
Binbloom blooms: introducing v2
Tue 24 May 2022
Secure Messaging Apps and Group Protocols, Part 1
Tue 10 May 2022
Digging Into Runtimes – runc
Tue 26 April 2022
Commit Level Vulnerability Dataset
Tue 29 March 2022
A Brief Overview of Auditing XCMv2
Tue 22 March 2022
Heap Overflow in OpenBSD's slaacd via Router Advertisement
Thu 03 March 2022
Kubernetes and HostPath, a Love-Hate Relationship
Thu 03 February 2022
Smali the Parseltongue Language
Thu 13 January 2022
Audit of the MimbleWimble Integration Inside Litecoin
Tue 14 December 2021
Why is Exposing the Docker Socket a Really Bad Idea?
Tue 07 December 2021
Status of post-quantum cryptography implementation
Thu 18 November 2021
Digging into Linux namespaces - part 2
Tue 16 November 2021
Digging into Linux namespaces - part 1
Thu 14 October 2021
Mattermost End-to-End Encryption Plugin
Tue 12 October 2021
Internship Offers for the 2021-2022 Season
Thu 07 October 2021
kdigger: a Context Discovery Tool for Kubernetes
Tue 31 August 2021
Introducing QBDL: how to run the NVIDIA NGX SDK under Linux
Thu 29 July 2021
A virtual journey: From hardware virtualization to Hyper-V's Virtual Trust Levels
Tue 20 July 2021
Hello Rewind, meet world
Tue 13 July 2021
Guided tour inside WinDefender’s network inspection driver
Tue 18 May 2021
RFID: Monotonic Counter Anti-Tearing Defeated
Thu 29 April 2021
Audit of Session Secure Messaging Application
Tue 13 April 2021
Remote Denial-of-Service on CycloneTCP : CVE-2021-26788
Wed 07 April 2021
Analysis of a Windows IPv6 Fragmentation Vulnerability: CVE-2021-24086
Thu 04 March 2021
Extending Emuroot: support for Android 10 & 11
Thu 11 February 2021
QBDI 0.8.0
Thu 28 January 2021
Bad Neighbor on FreeBSD: IPv6 Router Advertisement Vulnerabilities in rtsold (CVE-2020-25577)
Thu 17 December 2020
Technical Assessment of the herumi Libraries
Thu 19 November 2020
RFID: New Proxmark3 Tear-Off Features and New Findings
Thu 12 November 2020
How the MSVC Compiler Generates XFG Function Prototype Hashes
Fri 16 October 2020
Beware the Bad Neighbor: Analysis and PoC of the Windows IPv6 Router Advertisement Vulnerability (CVE-2020-16898)
Thu 15 October 2020
Internships at Quarkslab 2020-2021: the COVID season
Thu 10 September 2020
Examining the August Smart Lock
Tue 18 August 2020
Introduction to Whiteboxes and Collision-Based Attacks With QBDI
Tue 04 August 2020
Why are Frida and QBDI a Great Blend on Android?
Thu 02 July 2020
A Deep Dive Into Samsung's TrustZone (Part 3)
Thu 25 June 2020
Triton v0.8 and ARMv7: A Guideline for Adding New Architectures
Tue 09 June 2020
Playing Around With The Fuchsia Operating System
Thu 28 May 2020
Ansible Security Assessment
Tue 12 May 2020
How a Security Anomaly was Accidentally Found in an EAL6+ JavaCard
Thu 07 May 2020
Reverse Engineering a VxWorks OS Based Router
Thu 23 April 2020
Triton v0.8 is Released!
Tue 24 March 2020
CVE-2020-0069: Autopsy of the Most Stable MediaTek Rootkit
Thu 13 February 2020
PhD Defense of Jonathan Salwan: Use of Symbolic Execution for Binary Deobfuscation
Thu 16 January 2020
Reverse Engineering a Philips TriMedia CPU based IP Camera - Part 3
Tue 17 December 2019
A Deep Dive Into Samsung's TrustZone (Part 2)
Tue 10 December 2019
A Deep Dive Into Samsung's TrustZone (Part 1)
Tue 26 November 2019
A Glimpse Into Tencent's Legu Packer
Tue 19 November 2019
Irma Past and Future
Thu 14 November 2019
CM Browser: HTTPS URL Leak
Tue 29 October 2019
EEPROM: When Tearing-Off Becomes a Security Issue
Thu 24 October 2019
Analysis of Qualcomm Secure Boot Chains
Thu 10 October 2019
Quarkslab Internship Offers for 2019-2020
Thu 03 October 2019
Exploring Execution Trace Analysis
Tue 24 September 2019
An Experimental Study of Different Binary Exporters
Wed 11 September 2019
Epona and the Obfuscation Paradox: Transparent for Users, a Pain for Reversers
Tue 10 September 2019
QBDI 0.7.0
Mon 09 September 2019
Weisfeiler-Lehman Graph Kernel for Binary Function Analysis
Mon 02 September 2019
Obfuscating Java bytecode with LLVM and Epona
Mon 26 August 2019
Security Audit of dalek libraries
Fri 02 August 2019
Security Audit of Monero RandomX
Mon 15 July 2019
CVE-2018-6924: FreeBSD ELF Header Parsing Kernel Memory Disclosure
Fri 05 July 2019
Security Audit of Particl Bulletproof and MLSAG
Tue 18 June 2019
LLDBagility: practical macOS kernel debugging
Mon 03 June 2019
Android Native Library Analysis with QBDI
Thu 16 May 2019
Android Application Diffing: Analysis of Modded Version
Tue 07 May 2019
An overview of macOS kernel debugging
Thu 02 May 2019
Android Application Diffing: CVE-2019-10875 Inspection
Mon 29 April 2019
Development of a training ECU
Wed 24 April 2019
Android Application Diffing: Engine Overview
Tue 16 April 2019
Reverse-engineering Broadcom wireless chipsets
Wed 27 March 2019
Android Runtime Restrictions Bypass
Thu 21 March 2019
Defeating NotPetya from your iLO
Mon 11 February 2019
Reverse Engineering a Philips TriMedia CPU based IP camera - Part 2
Tue 22 January 2019
Reverse Engineering a Philips TriMedia CPU based IP camera - Part 1
Mon 19 November 2018
Android Challenge
Wed 07 November 2018
Internship offers at Quarkslab for the 2018-2019 season
Thu 25 October 2018
Playing with the Windows Notification Facility (WNF)
Mon 22 October 2018
Security Audit of Monero Bulletproofs
Tue 16 October 2018
Unaligned accesses in C/C++: what, why and solutions to do it properly
Thu 11 October 2018
Back from CppCon 2018
Fri 14 September 2018
Modern Jailbreaks' Post-Exploitation
Thu 02 August 2018
Overview of Intel SGX - Part 2, SGX Externals
Tue 31 July 2018
Attacking the ARM's TrustZone
Wed 25 July 2018
A Story About Three Bluetooth Vulnerabilities in Android
Thu 12 July 2018
Symbolic Deobfuscation: From Virtualized Code Back to the Original (DIMVA 2018)
Tue 10 July 2018
Easy::jit: Just-In-Time compilation for C++
Thu 05 July 2018
Overview of Intel SGX - Part 1, SGX Internals
Thu 21 June 2018
Quarks In The Shell - Episode IV
Tue 19 June 2018
Introduction to Trusted Execution Environment: ARM's TrustZone
Mon 11 June 2018
LIEF 0.9
Thu 03 May 2018
When SideChannelMarvels meet LIEF
Thu 22 March 2018
Android Bluetooth Vulnerabilities in the March 2018 Security Bulletin
Wed 07 March 2018
Flash Dumping - Part II
Tue 20 February 2018
Frozen - zero cost initialization for immutable containers and various algorithms
Fri 02 February 2018
Reverse Engineering the Win32k Type Isolation Mitigation
Thu 25 January 2018
Slaying Dragons with QBDI
Wed 17 January 2018
Spectre is not a Bug, it is a Feature
Thu 02 November 2017
Have fun with LIEF and Executable Formats
Mon 30 October 2017
Internship offers at Quarkslab for the 2017-2018 season
Wed 11 October 2017
Reverse engineering of the Nitro OBD2
Thu 07 September 2017
Mistreating Triton
Tue 05 September 2017
Flash Dumping - Part I
Tue 18 July 2017
Vulnerabilities in High Assurance Boot of NXP i.MX microprocessors
Wed 28 June 2017
Reverse Engineering Samsung S6 SBOOT - Part II
Fri 09 June 2017
PhD defense of Ninon Eyrolles: Obfuscation with Mixed Boolean-Arithmetic Expressions: Reconstruction, Analysis and Simplification Tools
Mon 22 May 2017
Frozen - An header-only, constexpr alternative to gperf for C++14 users
Thu 11 May 2017
Security Assessment of OpenVPN
Tue 02 May 2017
Exploiting MS16-145: MS Edge TypedArray.sort Use-After-Free (CVE-2016-7288)
Tue 04 April 2017
LIEF - Library to Instrument Executable Formats
Wed 08 March 2017
Make Confide great again? No, we cannot
Tue 07 March 2017
Reverse Engineering Samsung S6 SBOOT - Part I
Thu 23 February 2017
Analysis of MS16-104: .URL files Security Feature Bypass (CVE-2016-3353)
Wed 01 February 2017
Global Dead Code Elimination for LLVM, revisited
Mon 19 December 2016
Differential Fault Analysis on White-box AES Implementations
Wed 14 December 2016
CVE-2016-7259: An empty file into the blue
Mon 24 October 2016
Internship offers at Quarkslab for the 2016-2017 season
Thu 20 October 2016
No Tears, No Fears
Mon 17 October 2016
Security Assessment of VeraCrypt: fixes and evolutions from TrueCrypt
Wed 05 October 2016
Back from CppCon 2016
Wed 21 September 2016
On the fly virtualization with Cappsule
Mon 12 September 2016
Arybo: cleaning obfuscation by playing with mixed boolean and arithmetic operations
Thu 04 August 2016
Xen exploitation part 3: XSA-182, Qubes escape
Wed 27 July 2016
Xen exploitation part 2: XSA-148, from guest to host
Wed 29 June 2016
A brief survey of Fully Homomorphic Encryption, computing on encrypted data
Wed 25 May 2016
Xen exploitation part 1: XSA-105, from nobody to root
Wed 20 April 2016
Reversing a Finite Field Multiplication Optimization
Mon 28 March 2016
Implementing a Custom Directive Handler in Clang
Wed 09 March 2016
Binmap: a system scanner
Fri 04 March 2016
Windows Filtering Platform: Persistent state under the hood
Fri 05 February 2016
IRMA v1.3.0
Thu 07 January 2016
Clang Hardening Cheat Sheet
Mon 30 November 2015
Offres de stages Quarkslab pour la saison 2015-2016
Thu 12 November 2015
Remote Code Execution as System User on Android 5 Samsung Devices abusing WifiCredService (Hotspot 2.0)
Tue 03 November 2015
llvm_dev_meeting:
Tue 27 October 2015
goto llvm_dev_meeting;
Wed 23 September 2015
What theoretical tools are needed to simplify MBA expressions?
Mon 21 September 2015
Kernel Vulnerabilities in the Samsung S4
Wed 05 August 2015
A glimpse of ext4 filesystem-level encryption
Wed 08 July 2015
Why 2FA would not have saved HT?
Thu 25 June 2015
Security assessment of instant messaging app ChatSecure: when privacy matters
Wed 10 June 2015
Triton under the hood
Mon 01 June 2015
Turning Regular Code Into Atrocities With LLVM: The Return
Fri 15 May 2015
HiTB Challenge: IRMA - Results
Fri 17 April 2015
HiTB Challenge: IRMA
Mon 23 March 2015
MongoDB vs. Elasticsearch: The Quest of the Holy Performances
Mon 23 February 2015
Writing your own Analyzer for the Open-Source Multi-Scanner IRMA
Mon 02 February 2015
Turning Regular Code Into Atrocities With LLVM
Thu 04 December 2014
Deobfuscation: recovering an OLLVM-protected program
Tue 11 November 2014
Abusing Samsung KNOX to remotely install a malicious application: story of a half patched vulnerability
Wed 22 October 2014
Stages et alternances 2014-2015
Tue 23 September 2014
Python Challenge: The End
Thu 04 September 2014
You like Python, security challenge and traveling? Win a free ticket to HITB KUL!
Mon 25 August 2014
SCAF - Source Code Analysis Framework based on Clang - Pre-alpha preview
Fri 27 June 2014
A glance at compiler internals: Keep my memset
Wed 11 June 2014
USB Fuzzing Basics: From fuzzing to bug reporting
Fri 16 May 2014
Building an obfuscated Python interpreter: we need more opcodes
Mon 12 May 2014
Convert IPv4 string representation to a 32-bit number with SSE instructions
Tue 01 April 2014
Windows 8 ate my cookie
Wed 22 January 2014
TCP backdoor 32764 or how we could patch the Internet (or part of it ;))
Tue 21 January 2014
An Angular introduction, and things to keep in mind
Thu 19 December 2013
Have you ever played with Domino?
Wed 20 November 2013
IDA processor module
Thu 17 October 2013
iMessage Privacy
Mon 09 September 2013
Unique random number set computation
Fri 02 August 2013
Evasi0n Jailbreak: Precisions on Stage 3
Sat 13 July 2013
Visual C++ RTTI Inspection
Wed 13 March 2013
qb-sync v2
Wed 15 August 2012
Bradley, hash-and-decrypt, Gauss ... a brief history of armored malware and malicious crypto
Mon 09 July 2012
qb-sync
Mon 14 May 2012
Quarks PwDump
Wed 25 April 2012
Runtime DLL name resolution: ApiSetSchema - Part II
Fri 06 April 2012
Runtime DLL name resolution: ApiSetSchema - Part I