Tag: 2015

16 articles
Date Mon 30 November 2015
Author Fred Raynal
Category Life at Quarkslab

Chaque saison, des nuées de stagiaires quittent les réconfortants bancs de l'école pour rejoindre le monde sans pitié du travail. Afin de faciliter cette transition, nous, à Quarkslab, proposons des stages avec des sujets pointus, un encadrement sans complaisance mais néanmoins chaleureux, un régime alimentaire digne de sportifs de haut niveau (indispensable pour tenir le rythme), et un humour imperméable aux blagues qui ne font pas toujours un tabac. Si toi aussi tu aimes les défis, engage toi avec nous !

Date Thu 12 November 2015
Author André Moulu
Category Android

This article explains a recently disclosed vulnerability, independently discovered by the Google's Project Zero team and by Quarkslab some months ago. To our knowledge, this vulnerability was present, on all Samsung devices using Android 5, and allowed remote code execution as system user simply by browsing a website, by downloading an email attachment or via a malicious third party application with no permission.

Date Tue 03 November 2015
Authors Serge Guelton, Adrien Guinet
Category Programming

LLVM developer Meeting report

Date Tue 27 October 2015
Authors Serge Guelton, Adrien Guinet
Category Programming

Quarkslab's compiler crew is going to LLVM developer Meeting in CA!

Date Wed 23 September 2015
Author Ninon Eyrolles
Category Math

Mixed Boolean-Arithmetic expressions can be used as an obfuscation technique. Why are they hard to de-obfuscate, and what do we need to do so?

Date Mon 21 September 2015
Author Jonathan Salwan
Category Android

Multiple kernel vulnerabilities in the Samsung S4 (GT-I9500)

Date Wed 05 August 2015
Author Guillaume
Category Cryptography

Linux 4.1 has arrived with a new feature for its popular ext4 filesystem: filesystem-level encryption!

Date Wed 08 July 2015
Author Gabriel
Category Exploitation

Nowadays, two-factor authentication is unavoidable. This blogpost details a vulnerability found in the implementation of a YubiKey OTP verification server.

Date Thu 25 June 2015
Authors Sébastien Kaczmarek, Cyril Cattiaux
Category Pentest

In 2014, QuarksLab was missioned by OpenITP [1] to audit the iOS application ChatSecure and to identify any weakness that could lead to information leakage or any other risk that could impact the user.

Date Wed 10 June 2015
Author Jonathan Salwan
Category Program Analysis

Triton is a Pin-based concolic execution framework which provides some advanced classes to perform DBA.