EDIT: All positions are filled
Every year, we are looking for young and adventurous students, with promising skills, eager to dig deeper into the field of security through its more technical side. The topics we propose are complex, challenging and will require a lot of efforts and sweat. But in the end, you will get the satisfaction to have learned a lot about security. All this without emphasizing enough the opportunity to work with the sometimes weird but always amazing Qb crew, especially when it comes to humour or training a Padawan.
All trainings are to be done in our main office in Paris, France. We encourage remote working, but that does not apply to trainings where the Padawans need to be among the team. That means the applier will need to have the proper visa to work with us if required.
Last but not least, we usually train Padawans so that they remain with us once the training period is done, even if that does not mean the training is over :)
How to apply for an internship position at Quarkslab?
If you feel like one of the internship offers below is the perfect fit for you, you have to send us:
a CV,
a cover letter: not the too general and too expected one, rather a more personal letter which explains why the topic is of particular interest to you, why you, why us :)
your solution proposal to the exercise attached to the offer of interest to you,
all this can be sent in French or in English.
Send this little package to internship-AT-quarkslab-DOT-com, with the title field containing the internship reference mentioned in the respective offer.
Do not forget that the secret of a good application is to show what you already realized (related to the topic or not). Be subtle.
Each internship offer comes with a little exercise which should not require too much time to be completed. The result will show us not only the type of skills and knowledge you already possess, but also how ingenious you are and how good you can present your reasoning. It will serve as the basis for the interview you will have in the selection process.
For all its internships, Quarkslab is looking for highly motivated, curious and autonomous people being creative and structured team players. You will evolve in a dynamic and easygoing environment where ideas spring from everywhere...
We consider internships as opportunities to spot profiles that suit our functioning. They are intended to guide students to enter the professional world as potential future colleagues if they feel like so and find convincing arguments [1]
Do not be shy and apply, otherwise you will never know if you could have been selected...
Contact : internship-AT-quarkslab-DOT-com
| [1] | also called croissants... |
Dynamic Binary Instrumentation
This position is filled
Description
With software becoming more and more complex (high-level programming languages, massive concurrency, least-privilege isolation, sandboxing, ...), and great improvements achieved in the last decade in hardening and obfuscation, reverse engineering is still a real challenge. Reverse engineering through static analysis (as well as auto-magical decompilation) has its own limits. Dynamic binary analysis is now widely used, but depends on instrumentation tools, which need to be fast, reliable and powerful.
This internship is about working on our custom dynamic binary instrumentation (DBI) framework (which is modular, multi-platform and multi-architecture). The candidate will have to improve the code base, add new features, and write custom tools (such as a cross-platform Command Line Interface).
Exercise
Required skills
Programming (C is required, C++ is a plus plus)
Some knowledge in reverse engineering
Basic understanding of x86_64 architecture (ARM is a plus)
Reference
Duration
Security of TrustZone components
This position is filled
Description
The use of TrustZone becomes increasingly popular to handle sensitive data on a phone, such as protected media (DRM), payments, fingerprint authentication, etc.
The objective of this internship is to analyze and assess the security of TrustZone-related components on various Android mobile phones. The attack surface of the TEE (Trusted Execution Environments) will be evaluated. Tools such as fuzzers or debuggers will be developed in order to find and exploit vulnerabilities.
Here is an interesting example of a vulnerability in a TrustZone component: CVE-2016-2431. This is typically the kind of research that would fit into this internship.
This is a challenging topic on which you will work with two Quarkslab's senior vulnerability researchers who will closely advise you on your work.
Exercise
Required skills
Good knowledge of the ARM architecture
Understanding of the Linux kernel
Programming (C required)
Knowledge in reverse engineering and vulnerability research
Reference
Duration
Assess American Fuzzy Lop on Windows
This position is filled
Description
Fuzz testing (Fuzzing) is a software testing technique that consists of injecting randomized and/or mutated inputs into a program. This process is usually completely automated and provides a way to find defects in software.
American Fuzzy Lop (AFL) is a well-known security oriented Fuzz tester that brings and employs numerous novel techniques on various aspects of automated fault injection: complex algorithms to maximize target code coverage, test case reduction and triaging, corpus reduction, test case syntax analysis, etc.
The goals of this internship are to assess how AFL works (specially all the gory details) and look precisely how AFL works on Windows through its “winafl” Windows porting. We would also like to see if it is possible to reuse some parts of AFL outside its code base (i.e. test case minimizing; test case sorting; code coverage; combine it with internal tools, etc.).
During his/her internship at Quarkslab, the intern will work with a team of dedicated reverse engineers and security researchers and will learn how to assess, study and debug software, that is, bug hunting techniques.
Exercise
Setup AFL (on Linux) on a small codebase of your convenience.
Run AFL for a few hours.
Write a light report describing 1) relevant information on how AFL was setup and 2) how you interpret the results found by AFL.
Required skills
Proficiency with C language
Knowledge of software development (VCS, good practices, etc.)
Knowledge of the Windows operating system and its compilation toolchain
Knowledge of the Linux operating system and its compilation toolchain
Knowledge of fuzz testing (automatic fault injection) and bug hunting
Reference
Duration
Digging into SGX
This position is filled
Description
The new Intel® Software Guard Extensions (Intel® SGX) are an instruction set aiming at providing data and code isolation. The goal is to prevent any unauthorized access to some memory regions, in order to ensure confidentiality or integrity for instance. SGX instructions allow to create an enclave which is a user level private region of memory, providing isolation from both other userland processes but also from higher privilege levels, like the kernel.
The objective of the internship is to play with these new instructions, by designing an enclave first for the data only, then for both data and code. Then, you will try to break into that enclave, either with development flaw, logical flaw or side channel attacks. The goal would then be to either access or modify what is stored in the enclave.
Exercise
Build a userland memory tracer PoC (Windows, OSX or Linux).
Given a virtual address and a size, the PoC has to catch the access to concerned pages and associated instruction (e.g. for the PoC: catch access to Thread Environment Block / TEB).
The output of the PoC will be something like (e.g. on Windows):
(procname.exe) READ ACCESS = 0xAAAABBBBCCCCDDDD mov rbx, [rax+8] (read val = 0x12345678)
(procname.exe) WRITE ACCESS = 0xAAAABBBBCCCCDF00 mov word ptr[rax], bx (write val = 0xCAFE)
Hints:
Use MS Debug API to gain access to remote process and instrument it.
Use memory page protection attributes to capture memory accesses (set NO_ACCESS, catch memory access, restore old protection).
For the disassembly engine, any public library can be used.
Required skills
Good knowledge of the x86 architecture
Programming (C or C++ required)
Knowledge in reverse engineering and vulnerability research