This article explains a recently disclosed vulnerability, independently discovered by the Google's Project Zero team and by Quarkslab some months ago. To our knowledge, this vulnerability was present, on all Samsung devices using Android 5, and allowed remote code execution as system user simply by browsing a website, by downloading an email attachment or via a malicious third party application with no permission.

LLVM developer Meeting report

Quarkslab's compiler crew is going to LLVM developer Meeting in CA!

Mixed Boolean-Arithmetic expressions can be used as an obfuscation technique. Why are they hard to de-obfuscate, and what do we need to do so?

Multiple kernel vulnerabilities in the Samsung S4 (GT-I9500)

Linux 4.1 has arrived with a new feature for its popular ext4 filesystem: filesystem-level encryption!

Nowadays, two-factor authentication is unavoidable. This blogpost details a vulnerability found in the implementation of a YubiKey OTP verification server.

In 2014, QuarksLab was missioned by OpenITP to audit the iOS application ChatSecure and to identify any weakness that could lead to information leakage or any other risk that could impact the user.

Triton is a Pin-based concolic execution framework which provides some advanced classes to perform DBA.

Where a simple xor gets transformed beyond what it ever thought