Date Tue 11 June 2024
Authors Mihail Kirov, Damien Aumaître
Category Containers

Golang is the most used programming language for developing cloud technologies. Tools such as Kubernetes, Docker, Containerd and gVisor are written in Go. Despite the fact that the code of these programs is open source, there is no way to analyze and extend their behaviour dynamically (for example through binary instrumentation) without recompiling their code. Is this due to the complex internals of the language? In this second blog post, we’ll showcase how to create runtime hooks for Golang programs using FFI (foreign function interfaces).

Date Thu 30 May 2024
Author Tanguy Faivre d'Arcier
Category File Formats

We did a quick study on the most common ways to deliver malware through LNK files.

Date Tue 21 May 2024
Authors Damien Aumaitre, Laurent Laubin, Madigan Lebreton, Victor Houal
Category Software

Eclipse KUKSA's committers, with support from Eclipse Foundation, engaged with Quarkslab to perform an audit of Kuksa, an open-source framework that provides shared building blocks for Software Defined Vehicles. The goal of the audit was to assist the Eclipse Kuksa committers to increase their security posture using static and dynamic analysis (fuzzing in particular) and was organized by Open Source Technology Improvement Fund, Inc and made possible by the founding Eclipse Foundation received from the Alpha-Omega project.

Date Tue 07 May 2024
Authors Elouan Wauquier, Madigan Lebreton
Category Blockchain

Allbridge, with support from the Stellar Development Foundation, mandated Quarkslab to perform an audit of Estrela, an automated market maker for Stellar built on Soroban.

Date Tue 30 April 2024
Authors Philippe Azalbert, Damien Cauquil
Category Automotive

Analyzing an automotive ECU firmware is sometimes quite challenging, especially when you cannot emulate some of its most interesting functions to find vulnerabilities, like ECUs based on Renesas RH850 system-on-chips. This article details how we managed to add support for this specific architecture into Unicorn Engine, the various challenges we faced and how we successfully used this work to emulate and analyze a specific function during an assignment.

Date Thu 25 April 2024
Author Angèle Bossuat
Category Cryptography

In cryptography audits, we often find vulnerabilities labeled as low or informational, usually for "non-compliance"... So, what should we do with them?

Date Thu 18 April 2024
Author Thiébaud Fuchs
Category Hardware

In this blogpost, we present Hydradancer, a new board for Facedancer based on HydraUSB3 allowing faster USB peripherals emulation.

Date Wed 17 April 2024
Author Philippe Teuwen
Category Cryptography

Passbolt, an Open Source Password Manager, is using the Pwned Passwords service from HaveIBeenPwned to alert users if their password is present in a previous data breach. Pwned Passwords API is based on a mathematical property known as k-Anonymity guaranteeing that it never gains enough information about a non-breached password hash to be able to breach it later. Sounds good, right?

Date Tue 26 March 2024
Author Lucas Di Martino
Category Containers

This second article describes how to convert a Silo into a Server Silo in order to create a Windows Container. In addition, it dives into certain Kernel side Silo mechanisms.

Date Fri 22 March 2024
Author Dahmun Goudarzi
Category Cryptography

In March 2024, SandboxAQ proposed a CTF around Post-Quantum Cryptography (and more specifically Kyber's key exchange) for the RWPQC workshop. Here is our write-up of the solutions to the challenges.