Quarkslab's blog
  • Archives

Exploiting GLPI during a Red Team engagement

Date Thu 21 March 2024 By Mathieu Farrell Category Pentest Tags pentest GLPI PHP vulnerability 2024

The following article explains how during a Red Team engagement we were able to develop a 1day for GLPI CVE-2023-43813 which later led to the identification of an arbitrary object instantiation leading to an SSRF referenced as CVE-2024-27098 as well as an SQL injection referenced as CVE-2024-27096.

more ...

Audit of Allbridge Core

Date Tue 19 March 2024 By Madigan Lebreton Elouan Wauquier Category Blockchain Tags blockchain Stellar Soroban stablecoin bridge audit 2024

Allbridge's maintainers, with support from Stellar Development Foundation, engaged with Quarkslab to perform an audit of Allbridge Core implementation in the Stellar ecosystem. This new implementation uses Stellar's smart contracts platform: Soroban.

more ...

Leveraging Sourcetrail to a mapping tool, meet Numbat and Pyrrha

Date Thu 07 March 2024 By Eloïse Brocas Sami Babigeon Category Reverse-Engineering Tags reverse-engineering tool release 2024

Ever wanted to find a nice tool to easily represent cartography results and other graphs? The Sourcetrail tool could be a nice solution! In this blog post, we will introduce two of our tools: Numbat, a new Python API for Sourcetrail, and Pyrrha, a mapper collection for firmware cartography.

more ...

BGE Attack on AES White-Boxes: Extending Blue Galaxy Energy for Decryption and Shuffled States

Date Thu 29 February 2024 By Nicolas Surbayrole Philippe Teuwen Category Cryptography Tags cryptography white-box tool release BGE 2024

We announce the release of a new version of Blue Galaxy Energy, our white-box cryptanalysis tool implementing the BGE attack against AES. This version addresses the main limitations of the previous version.

more ...

How I Built a Car In a Box

Date Thu 22 February 2024 By Julien Rakotomalala Category Hardware Tags hardware automotive embedded-device 2024

In this article, we'll see how to put an entire car into a transportable box from scratch or at least the main electronic components.

more ...

PHP deserialization attacks and a new gadget chain in Laravel

Date Tue 13 February 2024 By Mathieu Farrell Category Pentest Tags pentest framework PHP 2024

Discovery of a new gadget chain in Laravel.

more ...

DJI - The ART of obfuscation

Date Tue 06 February 2024 By Eric Le Guevel Category Android Tags Android packer reverse-engineering 2024

Study of an Android runtime (ART) hijacking mechanism for bytecode injection through a step-by-step analysis of the packer used to protect the DJI Pilot Android application.

more ...

PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack.

Date Tue 16 January 2024 By Francisco Falcon Iván Arce Category Vulnerability Tags TianoCore EDK2 UEFI IPv6 PXE vulnerability 2024

This blog post provides details about nine vulnerabilities affecting the IPv6 network protocol stack of EDK II, TianoCore's open source reference implementation of UEFI.

more ...

Blue Galaxy Energy: a new White-box Cryptanalysis Open Source Tool

Date Thu 21 December 2023 By Nicolas Surbayrole Philippe Teuwen Category Cryptography Tags cryptography white-box tool release BGE 2023

We introduce a new white-box cryptanalysis tool based on the pioneering BGE paper but without known open source public implementation so far.

more ...

Our Pwn2Own journey against time and randomness (part 2)

Date Tue 07 November 2023 By Eloïse Brocas Damien Cauquil Robin David Benoît Forgette Category Vulnerability Tags vulnerability 2023

Part 2 of a series about participation in the Pwn2Own Toronto 2023 contest.

more ...

  • «
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • »
  • Quarkslab's Website

  • SOCIAL

    • twitter
    • mastodon
    • github
  • CATEGORIES

    • •Android
    • •Automotive
    • •Blockchain
    • •Challenge
    • •Containers
    • •Cryptography
    • •Exploitation
    • •File Formats
    • •Fuzzing
    • •Hardware
    • •Kernel Debugging
    • •Life at Quarkslab
    • •Math
    • •Pentest
    • •Program Analysis
    • •Programming
    • •Reverse-Engineering
    • •Software
    • •Vulnerability

© 2025 Quarkslab · Powered by pelican-bootstrap3, Pelican, Bootstrap

Back to top