RFID: New Proxmark3 Tear-Off Features and New Findings

Latest news from the Proxmark3 world, crunchy bits included...

more ...

How the MSVC Compiler Generates XFG Function Prototype Hashes

Microsoft is currently working on Xtended Flow Guard (XFG), an evolved version of Control Flow Guard (CFG), their own control flow integrity implementation. XFG works by restricting indirect control flow transfers based on type-based hashes of function prototypes. This blog post is a deep dive into how the MSVC compiler generates those XFG function prototype hashes.

more ...

Beware the Bad Neighbor: Analysis and PoC of the Windows IPv6 Router Advertisement Vulnerability (CVE-2020-16898)

This blog post analyzes the vulnerability known as "Bad Neighbor" or CVE-2020-16898, a stack-based buffer overflow in the IPv6 stack of Windows, which can be remotely triggered by means of a malformed Router Advertisement packet.

more ...

Internships at Quarkslab 2020-2021: the COVID season

We LOVE interns! Really. We love them because they bring fresh air to the company and because we see them grow, not only during the internship but also after, when they are hired and can get to work on so many other topics. There are 2 goals for us in every internship we offer:

  • Explore a topic we don't necessarily know very well, hence train the new expert on the topic,

  • Hire you after the internship to keep and share your new expertise with colleagues.

more ...

Examining the August Smart Lock

A blog post about the security implemented in the August Smart Lock, with special focus on the Bluetooth Low Energy capabilities.

more ...

Introduction to Whiteboxes and Collision-Based Attacks With QBDI

This post is a noob-friendly introduction to whiteboxes along with the presentation and explanation of a (not-new) collision-based attack. The attack is demonstrated against a public whitebox, using QBDI to instrument and analyze the target in order to produce traces of execution.

more ...

Why are Frida and QBDI a Great Blend on Android?

This blog post dives into how to get a better understanding of an Android native function by taking full advantage of both Frida and QBDI.

more ...

A Deep Dive Into Samsung's TrustZone (Part 3)

This third article from the Samsung's TrustZone series details some vulnerabilities that were found and how they were exploited to obtain code execution in EL3.

more ...

Triton v0.8 and ARMv7: A Guideline for Adding New Architectures

This blog post is a follow-up on the announcement of Triton v0.8, where we explain how we added support for ARMv7 and provide a guideline for adding new architectures.

more ...

Playing Around With The Fuchsia Operating System

A look at the new Fuchsia Operating System.

more ...