Ansible Security Assessment

Ansible is an open-source software automating configuration management and software deployment. Ansible is used in Quarkslab to manage our infrastructure and in our product Irma. In order to have an idea of the security of Ansible, we conducted a security assessment. This blogpost presents our findings.

more ...

How a Security Anomaly was Accidentally Found in an EAL6+ JavaCard

In the context of the Inter-CESTI 2019 challenge, we "accidentally" found a timing difference disclosing the length of a PIN handled via the standard OwnerPIN.check JavaCard API. Here is the story.

more ...

Reverse Engineering a VxWorks OS Based Router

A blog post about how to reverse engineer a VxWorks based device.

more ...

Triton v0.8 is Released!


CVE-2020-0069: Autopsy of the Most Stable MediaTek Rootkit

In March 2020, Google patched a critical vulnerability affecting many MediaTek based devices. This vulnerability had been known by MediaTek since April 2019, and later exploited in the wild! In this post, we give some details about this vulnerability and see how we can use it to achieve kernel memory reads and writes.

more ...

PhD Defense of Jonathan Salwan: Use of Symbolic Execution for Binary Deobfuscation


Reverse Engineering a Philips TriMedia CPU based IP Camera - Part 3

Third part of a blog post series about our approach to reverse engineer a Philips TriMedia based IP camera.

more ...

A Deep Dive Into Samsung's TrustZone (Part 2)

In this second blog post of our series on Samsung's TrustZone, we present the various tools that we have developed during our research to help us reverse engineer and exploit Trusted Applications as well as Secure Drivers.

more ...

A Deep Dive Into Samsung's TrustZone (Part 1)

In this first article of a series of three, we will give a tour of the different components of Samsung's TrustZone, explain how they work and how they interact with each other.

more ...

A Glimpse Into Tencent's Legu Packer

Analysis of Tencent Legu: a packer for Android applications.

more ...