Articles by Mahé Tardy

5 articles
Date Fri 31 March 2023
Authors Sébastien Rolland, Mahé Tardy
Category Vulnerability

This article provides a brief overview of how Microsoft Open Management Infrastructure (OMI) works, as well as two vulnerabilities that the Quarkslab Cloud team identified through fuzzing techniques.

Date Wed 22 March 2023
Authors Laurent Laubin, Mahé Tardy
Category Software

Falco's maintainers, with support from Cloud Native Computing Foundation, engaged with Quarkslab to perform an audit of Falco, an open-source cloud-native runtime security tool. The goal of the audit was to assist the Falco maintainers to increase their security posture using static and dynamic analysis (fuzzing in particular) and was organized by Open Source Technology Improvement Fund, Inc.

Date Tue 29 March 2022
Authors Robin David, Mahé Tardy
Category Blockchain

Parity Tech mandated Quarkslab to audit XCM version 2 (XCMv2), a cross consensus communication mechanism. This messaging protocol is a cornerstone of the Polkadot ecosystem as it enables communications between chains on a network. This blog post summarizes few security aspects related to this technology and its implementation. The full audit report is available in PDF format at the end of this article.

Date Thu 03 March 2022
Author Mahé Tardy
Category Containers

This article traces the history of three Kubernetes-related vulnerabilities. Explaining what they are, how they were patched, and how they are related. The exploitation of these vulnerabilities allowed access to the underlying host filesystem for users that were not properly authorized.

Date Thu 07 October 2021
Author Mahé Tardy
Category Pentest

This article is an introduction to Kubernetes security through the presentation of a new context discovery tool. It was built in reaction to the capture the flag challenge of the Europe 2021 KubeCon Cloud-Native Security Day CTF. We open-sourced the tool, named kdigger, on Github.