Part 2 of a series about participation in the Pwn2Own Toronto 2023 contest.

In this blog post, we present a new vulnerability on the Gecko Bootloader from Silicon Labs more precisely inside the OTA parser.

In this blog post we'll see a technique to gain code execution in SMM from a very limited write primitive.

This article provides a brief overview of how Microsoft Open Management Infrastructure (OMI) works, as well as two vulnerabilities that the Quarkslab Cloud team identified through fuzzing techniques.

A journey into the Pwn2Own contest. Part 1: Netgear RAX30 router WAN vulnerabilities

In this blog post we discuss the details of two vulnerabilities we discovered in the Trusted Platform Module (TPM) 2.0 reference implementation code. These two vulnerabilities, an out-of-bounds write (CVE-2023-1017) and an out-of-bounds read (CVE-2023-1018), affected several TPM 2.0 software implementations (such as the ones used by virtualization software) as well as a number of hardware TPMs.

This blog post presents a post-exploitation approach to inject code into KeePass without process injection. It is performed by abusing the cache resulting from the compilation of PLGX plugin.

Following our presentation at Black Hat USA, in this blog post we provide some details on CVE-2022-20233, the latest vulnerability we found on Titan M, and how we exploited it to obtain code execution on the chip.

In this blog post, we present a new vulnerability dataset composed of thousands of vulnerabilities aimed at helping security practitioners to develop, test and enhance their tools. Unlike others, this dataset contains both the vulnerable and fixed states with source data.

This post is a quick vulnerability report summary for a vulnerability we found while fuzzing the TCP/IP stack CycloneTCP.