QBinDiff: A modular diffing toolkit

This blog post presents an overview of QBinDiff, the Quarkslab binary diffing tool officially released today. It describes its core principles and shows how it works on binaries as well as on general graph matching problems unrelated to IT security.

more ...

Reversing Windows Container, episode I: Silo

This article presents the internals of Windows Container.

more ...

Debugging Windows Isolated User Mode (IUM) Processes

In this blog post we discuss how to debug Windows' Isolated User Mode (IUM) processes, also known as Trustlets, using the virtual TPM of Microsoft Hyper-V as our target.

more ...

Diving into Starlink's User Terminal Firmware

This blog post presents an overview of Starlink's User Terminal runtime internals, focusing on the communications that happen within the device and with user applications and some tools that can help further research on the same topic.

more ...

Breaking Secure Boot on the Silicon Labs Gecko platform

In this blog post, we present a new vulnerability on the Gecko Bootloader from Silicon Labs more precisely inside the OTA parser.

more ...

Android Data Encryption in depth

Join us in our journey into modern Android's Data Encryption at rest, in which we study how it works and assess how resistant it is against attackers having access to a range of high end software vulnerabilities.

more ...

Introducing TritonDSE: A framework for dynamic symbolic execution in Python

We present TritonDSE, a new tool by Quarkslab. TritonDSE is a Python library, built on top of Triton, that provides easy and customizable Dynamic Symbolic Execution capabilities for binary programs.

more ...

Quokka: A Fast and Accurate Binary Exporter

Quarkslab is open-sourcing Quokka, a binary exporter to manipulate a program's disassembly without a disassembler. This blog post introduces the project, details some parts of its inner workings, and showcases some potential usages. Quokka enables users to write complex analyses on a disassembled binary without dealing with the disassembler API.

more ...

Attacking Titan M with Only One Byte

Following our presentation at Black Hat USA, in this blog post we provide some details on CVE-2022-20233, the latest vulnerability we found on Titan M, and how we exploited it to obtain code execution on the chip.

more ...

Binbloom blooms: introducing v2

In this blogpost we present our brand new version of binbloom, a tool to find the base address of any 32 and 64-bit architecture firmware, and dig into the new method we designed to recover this grail on both of these architectures.

more ...