Articles by Sébastien Rolland

This blog post explores Entra ID applications, the complexities of auditing application permissions in Microsoft Entra ID, highlighting hidden risks and pitfalls. It introduces Quarkslab's QAZPT tool, designed to compute and visualize effective permissions in an Entra ID tenant, providing insights into the full picture of permissions and inheritance paths.

Quarkslab performed the first public security audit of EVerest, an open-source project for EV charging stations hosted by LF Energy. The audit was mandated by the Open Source Technology Improvement Fund, Inc..

The Open Source Technology Improvement Fund, Inc., thanks to funding provided by Sovereign Tech Fund (STF), engaged with Quarkslab to perform a security audit of KubeVirt.

The Open Source Technology Improvement Fund, Inc, thanks to funding provided by Sovereign Tech Fund, engaged with Quarkslab to perform a security audit of PHP-SRC, the interpreter of the PHP language.

The OSTIF engaged with Quarkslab to perform a security audit of the Notary project, focused on new features.

We performed a security assessment of Cloud Native Buildpacks to help improve it, in collaboration with Open Source Technology Improvement Fund, Inc .

This article provides a brief overview of how Microsoft Open Management Infrastructure (OMI) works, as well as two vulnerabilities that the Quarkslab Cloud team identified through fuzzing techniques.