Tag: 2016

18 articles
Date Mon 19 December 2016
Authors Philippe Teuwen, Charles Hubain
Category Cryptography

With the Differential Computation Analysis (DCA) presented at CHES 2016, we have shown that side-channel techniques developed to break hardware cryptographic implementations can be adapted successfully to break white-box implementations. In this post, we will explore another class of hardware attacks: fault injections and how to apply them on white-box implementations.

Date Wed 14 December 2016
Author Sébastien Renaud
Category Reverse-Engineering

A binary analysis of CVE-2016-7259: A win32k kernel bug.

Date Mon 24 October 2016
Author Fred Raynal
Category Life at Quarkslab

EDIT: All positions are filled

Every year, we are looking for young and adventurous students, with promising skills, eager to dig deeper into the field of security through its more technical side. The topics we propose are complex, challenging and will require a lot of efforts and sweat. But in the end, you will get the satisfaction to have learned a lot about security. All this without emphasizing enough the opportunity to work with the sometimes weird but always amazing Qb crew, especially when it comes to humour or training a Padawan.

All trainings are to be done in our main office in Paris, France. We encourage remote working, but that does not apply to trainings where the Padawans need to be among the team. That means the applier will need to have the proper visa to work with us if required.

Last but not least, we usually train Padawans so that they remain with us once the training period is done, even if that does not mean the training is over :)

Date Thu 20 October 2016
Author Gabriel Campana
Category Software

Cappsule was released a few weeks ago and we're happy of the positive attention received. However, relying on a custom hypervisor make its usage quite difficult across various distros. This blogpost explains how the same goals can be achieved on Linux with usual software. Impatient readers can directly checkout NoFear's GitHub.

Date Mon 17 October 2016
Authors Jean-Baptiste Bédrune, Marion Videau
Category Cryptography

Quarkslab made a security assessment of VeraCrypt 1.18. The audit was funded by OSTIF and was performed by two Quarkslab engineers between Aug. 16 and Sep. 14, 2016 for a total of 32 man-days of study. A critical vulnerability, related to cryptography, has been identified. It has been introduced in version 1.18, and will be fixed in version 1.19.

Date Wed 05 October 2016
Author Serge Guelton
Category Programming

Quarkslab was present at CppCon 2016, presenting general thoughts on the C++ optimization process and how much the so-called zero-cost abstraction relied on the compiler implementation, and not on the standard. Now comes a humble report from this great event!

Date Wed 21 September 2016
Author Gabriel Campana
Category Software

At Quarkslab, we don't only break software and exploit vulnerabilities, we also try to create innovative and efficient solutions to counter them. Cappsule is one of those solutions.

Date Mon 12 September 2016
Author Adrien Guinet
Category Software

Obfuscation is made of many different tricks. One we meet very often is mixed instructions who make computations mixing usual arithmetic (ADD, SUB, MUL, DIV) and boolean one (XOR, AND, NOT, OR). All tools get lost when it comes to cleaning this kind of very messy blocks of instructions, and that is why we designed Arybo. With Arybo, analyzing such expressions become way more easy.

Date Thu 04 August 2016
Authors Jérémie Boutoille, Gabriel Campana
Category Exploitation

This is the last part of our blogpost series about Xen security [1] [2]. This time we write about a vulnerability we found (XSA-182) [0] (CVE-2016-6258) and his exploitation on Qubes OS [3] project.

Date Wed 27 July 2016
Author Jérémie Boutoille
Category Exploitation

This blog post describes the exploitation of Xen Security Advisory 148 (XSA-148) [1] (CVE-2015-7835). It has been discovered by Shangcong Luan of Alibaba and publicly disclosed in October 2015. At the time, we were working on writing an exploit and no public proof of concept nor exploit were available. Today, the security researcher responsible of the vulnerability disclosure has given a public talk [6] and will give conferences explaining his approach [7]. We decided to publish this blogpost anyway because our exploitation strategy is a little bit different.