PASTIS For The Win!

In this blog post we present PASTIS, a Python framework for ensemble fuzzing, developed at Quarkslab.

more ...

Introducing TritonDSE: A framework for dynamic symbolic execution in Python

We present TritonDSE, a new tool by Quarkslab. TritonDSE is a Python library, built on top of Triton, that provides easy and customizable Dynamic Symbolic Execution capabilities for binary programs.

more ...

Our Pwn2Own journey against time and randomness (part 1)

A journey into the Pwn2Own contest. Part 1: Netgear RAX30 router WAN vulnerabilities

more ...

A Brief Overview of Auditing XCMv2

Parity Tech mandated Quarkslab to audit XCM version 2 (XCMv2), a cross consensus communication mechanism. This messaging protocol is a cornerstone of the Polkadot ecosystem as it enables communications between chains on a network. This blog post summarizes few security aspects related to this technology and its implementation. The full audit report is available in PDF format at the end of this article.

more ...

Audit of the MimbleWimble Integration Inside Litecoin

The Litecoin Foundation mandated Quarkslab to audit the implementation of the MimbleWimble protocol in the Litecoin blockchain. This protocol acts as a sidechain in which privacy of the transactions is improved compared to the privacy on the classical chain.

more ...

Remote Denial-of-Service on CycloneTCP : CVE-2021-26788

This post is a quick vulnerability report summary for a vulnerability we found while fuzzing the TCP/IP stack CycloneTCP.

more ...

An Experimental Study of Different Binary Exporters

This blog post presents a comparison between various disassembled binary exporters.

more ...