Tag: 2026

Xiaomi's MJA1 is a proprietary secure chip used in their recent cameras to protect sensitive data and device communications. With no public documentation available, we conducted a black-box security analysis covering hardware identification, I2C sniffing, flash dumping, and firmware reverse engineering. This post walks through how we mapped the chip's command protocol, brute-forced undocumented commands, and assessed its security properties.

The Open Source Technology Improvement Fund (OSTIF) commissioned Quarkslab to extend the BOLT-based static binary analyser in LLVM to support additional compiler flags for security hardening. This work resulted in the first iteration of a scanner for validating the implementation of -ftrivial-auto-var-init.

During a Red Team exercise we were able to chain multiple LLM and web-based vulnerabilities to achieve admin account takeover from a low-privileged account. Trusting the LLM turned out to be the first falling domino of a long chain of events that lead to complete compromise. In this article we describe how it went down.

This article describes the main software protection techniques used in Android applications, organized around a taxonomy covering environment checks, obfuscation, and program loading abuse. It presents the results of a large-scale analysis of nearly 2.5 million Android apps, studying how widely these protections are adopted across different markets, app categories, and malware samples.

The Scala team has partnered with the Open Source Technology Improvement Fund (OSTIF) to conduct its first security audit. This initiative aims to identify potential vulnerabilities through static and dynamic analysis and provide greater confidence in Scala. The security audit conducted by Quarkslab is particularly focused on Scala 3.

An Optical Line Terminal (OLT) is the central device in a Fiber-To-The-Home (FTTH) network that connects and manages all customer connections, making it a critical control point in an ISP's infrastructure for delivering high speed Internet. This article uncovers how unauthenticated access to OLTs can lead to a full network takeover starting by exploiting exposed vulnerable devices, showing how to pivot into the cloud-based fleet manager using other vulnerabilities, and then compromising an ISP's entire infrastructure.

This article presents the structure of the Independent Guest Virtual Machine (IGVM) file format, a binary file designed to define and securely launch the initial state of a virtual machine. It bundles all necessary components such as the BIOS/OVMF, kernel, and initial ramdisk, into a single file. We'll focus on a concrete example to understand the main structure of the file format.

The OSTIF collaborated with Quarkslab to conduct a security audit of Paramiko, a pure-Python implementation of SSHv2 that provides both client- and server-side functionality. Given the sensitivity and importance of the target, the review focused not only on Paramiko itself but also on its dependencies. The assessment covered its interaction with rust-openssl bindings, the use of secure entropy sources, adherence to constant-time requirements, as well as code quality, testing practices, and the CI/CD pipeline, with the goal of identifying opportunities for further hardening.

This blog post explores Entra ID applications, the complexities of auditing application permissions in Microsoft Entra ID, highlighting hidden risks and pitfalls. It introduces Quarkslab's QAZPT tool, designed to compute and visualize effective permissions in an Entra ID tenant, providing insights into the full picture of permissions and inheritance paths.

How one Commit Broke Obfuscation: A blog post exploring the role of compilers and optimizations in the field of obfuscation and de-obfuscation.