This blog post presents a vulnerability which affects the widely installed Android web browser.

We will demonstrate how we can recover the password and memory content of RFID tags by carefully cutting the power source during EEPROM writes.

Qualcomm is the market-dominant hardware vendor for non-Apple smartphones. Considering the [SoCs] they produce are predominant, it has become increasingly interesting to reverse-engineer and take over their boot chain in order to get a hold onto the highest-privileged components while they are executing. Ultimately, the objective is to be able to experiment with closed-source and/or undocumented components such as hardware registers or Trusted Execution Environment Software.

It's time to open Quarkslab internships season! This year, we offer 5 new internships, most of which are linked to binary analysis related research topics but have a look, there is more! Quarkslab team is always pleased to welcome new talents who want to work on complex security research subjects. If you love binaries, want to face new challenges and work in a dynamic environment where curiosity and teamwork are at the heart of our way to do R&D, please apply!

All internships will take place in our main office in Paris, France (and one in Rennes also). If you are coming from abroad, you will need a proper visa to be with us. At Quarkslab, we encourage remote work, but that does not apply to internships.

Last but not least, we usually train Padawans so that they stay with us once their training period is done, even if that does not mean the training is over :)

Off-line dynamic trace analysis offers a number of advantages, which are illustrated in this blog post through several examples using internal tools we specially developed to automate trace collection and analysis.

This blog post presents a comparison between various disassembled binary exporters.

This blog post demonstrates through an example how the Epona obfuscating compiler, from the Epona Application Protection Suite, achieves the challenge of facilitating the everyday experience of its users while enabling better obfuscation schemes trade-offs.

This blog post introduces the release of QBDI v0.7.0 as well as an Android use case.

In this blogpost, we present a general method to efficiently compare functions from a new binary against a large database (made of numerous known functions). This method has strong theoretical properties and is perfectly suited to address many conventional problems, such as classification, clustering or near duplicate detection.

In this article I describe my two-months summer internship project at Quarkslab: obfuscating Java bytecode using the [Epona] Code Obfuscator. This article explains our approach, its advantages and limitations.