A gentle introduction to Microsoft OMI and how to crash it

This article provides a brief overview of how Microsoft Open Management Infrastructure (OMI) works, as well as two vulnerabilities that the Quarkslab Cloud team identified through fuzzing techniques.

more ...

Our Pwn2Own journey against time and randomness (part 1)

A journey into the Pwn2Own contest. Part 1: Netgear RAX30 router WAN vulnerabilities

more ...

Audit of Falco, the open-source cloud-native runtime security

Falco's maintainers, with support from Cloud Native Computing Foundation, engaged with Quarkslab to perform an audit of Falco, an open-source cloud-native runtime security tool. The goal of the audit was to assist the Falco maintainers to increase their security posture using static and dynamic analysis (fuzzing in particular) and was organized by Open Source Technology Improvement Fund, Inc.

more ...

Vulnerabilities in the TPM 2.0 reference implementation code

In this blog post we discuss the details of two vulnerabilities we discovered in the Trusted Platform Module (TPM) 2.0 reference implementation code. These two vulnerabilities, an out-of-bounds write (CVE-2023-1017) and an out-of-bounds read (CVE-2023-1018), affected several TPM 2.0 software implementations (such as the ones used by virtualization software) as well as a number of hardware TPMs.

more ...

Dark Phoenix: a new White-box Cryptanalysis Open Source Tool

We are releasing a new cryptanalysis tool based on a known paper but without known open source public implementation so far.

more ...

Post-Exploitation: Abusing the KeePass Plugin Cache

This blog post presents a post-exploitation approach to inject code into KeePass without process injection. It is performed by abusing the cache resulting from the compilation of PLGX plugin.

more ...

Digging into the OCI Image Specification

The OCI Image Specification is the core concept behind container images. However, not much is known about it even though container technologies are becoming more and more popular. In this blogpost we will demystify it and look into its internals.

more ...

Internship Offers for the 2022-2023 Season

The internship season is back at Quarkslab! Our internship topics cover a wide range of our expertise and aim at tackling new challenges, namely:

more ...

Quokka: A Fast and Accurate Binary Exporter

Quarkslab is open-sourcing Quokka, a binary exporter to manipulate a program's disassembly without a disassembler. This blog post introduces the project, details some parts of its inner workings, and showcases some potential usages. Quokka enables users to write complex analyses on a disassembled binary without dealing with the disassembler API.

more ...

Defeating eBPF Uprobe Monitoring

This article introduces a kind of eBPF program that may be used to monitor userspace programs. It first introduces you to eBPF and uprobes and then explores the flaws that we found in uprobes.

more ...