Tag: 2026

This blog post dives into the most common classes of macOS Local Privilege Escalation vulnerabilities, from time-of-check to time-of-use (TOCTOU) Race Conditions and insecure XPC communications to a range of implementation and configuration oversights. We will explore how attackers can exploit these weaknesses to escalate privileges, and highlight real-world examples to illustrate recurring patterns.

In this article I describe Java bytecode obfuscation, using one of the challenges I did in 2023 as part of the interviews with Quarkslab for the position of Java compiler engineer in QShield.

Agentic AI gives LLMs the power to act: query databases, call APIs or access files. But when your tools blindly trust the LLM, you've created a confused deputy. Here's a practical and comprehensive approach to understanding and identifying this critical authorization flaw.

Quarkslab performed the first public security audit of EVerest, an open-source project for EV charging stations hosted by LF Energy. The audit was mandated by the Open Source Technology Improvement Fund, Inc..

Ten years ago, we published a Clang Hardening Cheat Sheet. Since then, both the threat landscape and the Clang toolchain have evolved significantly. This blog post presents the new mitigations available in Clang to improve the security of your applications.