| 2024-10-25 |
Bluetooth Low Energy GATT Fuzzing |
Fuzzing ‧ Baptiste Boyer |
|
| 2024-10-19 |
Internship Offers for the 2024-2025 Season |
Life at Quarkslab ‧ Quarkslab |
|
| 2024-10-18 |
Linux kernel instrumentation from Qemu and Gdb |
Kernel Debugging ‧ Benoît Forgette |
|
| 2024-10-16 |
Attacking the Samsung Galaxy A* Boot Chain |
Android ‧ Maxime Rossi Bellom |
|
| 2024-10-10 |
Bypass Apache Superset restrictions to perform SQL injections |
Pentest ‧ Mathieu Farrell |
|
| 2024-10-09 |
Exploiting Microsoft Teams on macOS during a Purple Team engagement |
Pentest ‧ Mathieu Farrell |
|
| 2024-10-03 |
Differential fuzzing for cryptography |
Cryptography ‧ Célian Glénaz |
|
| 2024-09-24 |
crypto-condor: a test suite for cryptographic primitives |
Cryptography ‧ Julio Loayza Meneses |
|
| 2024-09-18 |
Exploiting Chamilo during a Red Team engagement |
Pentest ‧ Mathieu Farrell |
|
| 2024-09-04 |
Audit of Operator Fabric |
Software ‧ Pentest Team |
|
| 2024-08-27 |
Audit of Airswift's Supply Chain Financing |
Blockchain ‧ Elouan Wauquier |
|
| 2024-08-20 |
MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors |
Cryptography ‧ Philippe Teuwen |
|
| 2024-07-30 |
Heap exploitation, glibc internals and nifty tricks. |
Exploitation ‧ Tom Mansion |
|
| 2024-07-17 |
Audit of Cloud Native Buildpacks |
Software ‧ Mihail Kirov |
|
| 2024-07-09 |
Let’s Go into the rabbit hole (part 3) — the challenges of dynamically hooking Golang programs |
Containers ‧ Mihail Kirov |
|
| 2024-06-26 |
Looking for vulnerabilities in Strapi (CVE-2024-34065) |
Pentest ‧ Mathieu Farrell |
|
| 2024-06-18 |
Recovering an ECU firmware using disassembler and branches |
Automotive ‧ Philippe Azalbert |
|
| 2024-06-11 |
Let’s Go into the rabbit hole (part 2) — the challenges of dynamically hooking Golang programs |
Containers ‧ Mihail Kirov |
|
| 2024-05-30 |
How malware authors play with the LNK file format |
File Formats ‧ Tanguy Faivre d'Arcier |
|
| 2024-05-22 |
Audit of Kuksa, the open-source shared building blocks for Software Defined Vehicles |
Software ‧ Damien Aumaitre |
|
| 2024-05-07 |
Audit of Allbridge Estrela |
Blockchain ‧ Elouan Wauquier |
|
| 2024-04-30 |
Emulating RH850 architecture with Unicorn Engine |
Automotive ‧ Philippe Azalbert |
|
| 2024-04-25 |
Non-Compliant, So What? |
Cryptography ‧ Angèle Bossuat |
|
| 2024-04-19 |
Hydradancer: Faster USB Emulation for Facedancer |
Hardware ‧ Thiébaud Fuchs |
|
| 2024-04-17 |
Passbolt: a bold use of HaveIBeenPwned |
Cryptography ‧ Philippe Teuwen |
|
| 2024-03-27 |
Reversing Windows Container, episode II: Silo to Server Silo |
Containers ‧ Lucas Di Martino |
|
| 2024-03-27 |
Reversing Windows Container, episode II: Silo to Server Silo |
Containers ‧ Lucas Di Martino |
|
| 2023-08-29 |
Diving into Starlink's User Terminal Firmware |
Reverse-Engineering ‧ Carlo Ramponi |
|
| 2023-08-21 |
Breaking Secure Boot on the Silicon Labs Gecko platform |
Vulnerability ‧ Sami Babigeon |
|
| 2023-08-14 |
Android Data Encryption in depth |
Android ‧ Maxime Rossi Bellom |
|
| 2023-06-24 |
For Science! - Using an Unimpressive Bug in EDK II to Do Some Fun Exploitation |
Exploitation ‧ Gwaby |
|
| 2023-06-15 |
Security audit of Mithril Security BlindAI |
Software ‧ Dahmun Goudarzi |
|
| 2023-05-17 |
PASTIS For The Win! |
Fuzzing ‧ Robin David |
|
| 2023-05-03 |
Introducing TritonDSE: A framework for dynamic symbolic execution in Python |
Program Analysis ‧ Robin David |
|
| 2023-04-27 |
Android greybox fuzzing with AFL++ Frida mode |
Android ‧ Eric Le Guevel |
|
| 2023-03-31 |
A gentle introduction to Microsoft OMI and how to crash it |
Vulnerability ‧ Sébastien Rolland |
|
| 2023-03-24 |
Our Pwn2Own journey against time and randomness (part 1) |
Vulnerability ‧ Eloïse Brocas |
|
| 2023-03-22 |
Audit of Falco, the open-source cloud-native runtime security |
Software ‧ Laurent Laubin |
|
| 2023-03-14 |
Vulnerabilities in the TPM 2.0 reference implementation code |
Vulnerability ‧ Francisco Falcon |
|
| 2023-02-28 |
Dark Phoenix: a new White-box Cryptanalysis Open Source Tool |
Cryptography ‧ Nicolas Surbayrole |
|
| 2023-02-09 |
Two more Whitebox Cryptanalysis Open Source Tools |
Cryptography ‧ Nicolas Surbayrole |
|
| 2023-02-09 |
Generalized Differential Computation Analysis on White-box AES Implementations |
Cryptography ‧ Philippe Teuwen |
|
| 2023-02-08 |
Post-Exploitation: Abusing the KeePass Plugin Cache |
Exploitation ‧ Kevin Minacori |
|
| 2022-11-24 |
Digging into the OCI Image Specification |
Containers ‧ Mihail Kirov |
|
| 2022-10-14 |
Internship Offers for the 2022-2023 Season |
Life at Quarkslab ‧ Quarkslab |
|
| 2022-09-22 |
Quokka: A Fast and Accurate Binary Exporter |
Program Analysis ‧ Alexis Challande |
|
| 2022-09-08 |
Defeating eBPF Uprobe Monitoring |
Exploitation ‧ Célian Glénaz |
|
| 2022-08-12 |
Attacking Titan M with Only One Byte |
Android ‧ Damiano Melotti |
|
| 2022-06-16 |
Secure Messaging Apps and Group Protocols, Part 2 |
Cryptography ‧ Angèle Bossuat |
|
| 2022-06-01 |
Binbloom blooms: introducing v2 |
Reverse-Engineering ‧ Damien Cauquil |
|
| 2022-05-24 |
Secure Messaging Apps and Group Protocols, Part 1 |
Cryptography ‧ Angèle Bossuat |
|
| 2022-05-13 |
Digging Into Runtimes – runc |
Containers ‧ Mihail Kirov |
|
| 2022-04-27 |
Commit Level Vulnerability Dataset |
Android ‧ Alexis Challande |
|
| 2022-03-29 |
A Brief Overview of Auditing XCMv2 |
Blockchain ‧ Robin David |
|
| 2022-03-23 |
Heap Overflow in OpenBSD's slaacd via Router Advertisement |
Vulnerability ‧ Francisco Falcon |
|
| 2022-03-03 |
Kubernetes and HostPath, a Love-Hate Relationship |
Containers ‧ Mahé Tardy |
|
| 2022-02-03 |
Smali the Parseltongue Language |
Android ‧ Benoît Forgette |
|
| 2022-01-13 |
Audit of the MimbleWimble Integration Inside Litecoin |
Cryptography ‧ Robin David |
|
| 2021-12-14 |
Why is Exposing the Docker Socket a Really Bad Idea? |
Containers ‧ Fred Raynal |
|
| 2021-12-07 |
Status of post-quantum cryptography implementation |
Cryptography ‧ Laurent Grémy |
|
| 2021-11-19 |
Digging into Linux namespaces - part 2 |
Linux ‧ Mihail Kirov |
|
| 2021-11-16 |
Digging into Linux namespaces - part 1 |
Linux ‧ Mihail Kirov |
|
| 2021-10-14 |
Mattermost End-to-End Encryption Plugin |
secure messaging ‧ Adrien Guinet |
|
| 2021-10-13 |
Internship Offers for the 2021-2022 Season |
life at qb ‧ Quarkslab |
|
| 2021-10-07 |
kdigger: a Context Discovery Tool for Kubernetes |
Kubernetes ‧ Mahé Tardy |
|
| 2021-08-31 |
Introducing QBDL: how to run the NVIDIA NGX SDK under Linux |
instrumentation ‧ Adrien Guinet |
|
| 2021-07-29 |
A virtual journey: From hardware virtualization to Hyper-V's Virtual Trust Levels |
Virtualization ‧ Salma El Mohib |
|
| 2021-07-21 |
Hello Rewind, meet world |
windows ‧ Damien Aumaitre |
|
| 2021-07-13 |
Guided tour inside WinDefender’s network inspection driver |
Microsoft ‧ Romain Dumont |
|
| 2021-05-18 |
RFID: Monotonic Counter Anti-Tearing Defeated |
hardware ‧ Philippe Teuwen |
|
| 2021-04-29 |
Audit of Session Secure Messaging Application |
secure messaging ‧ Marwan Anastas |
|
| 2021-04-13 |
Remote Denial-of-Service on CycloneTCP : CVE-2021-26788 |
Fuzzing ‧ Robin David |
|
| 2021-04-08 |
Analysis of a Windows IPv6 Fragmentation Vulnerability: CVE-2021-24086 |
Windows ‧ Francisco Falcon |
|
| 2021-03-04 |
Extending Emuroot: support for Android 10 & 11 |
android ‧ Eric Le Guevel |
|
| 2021-02-12 |
QBDI 0.8.0 |
qbdi ‧ instrumentation-team |
|
| 2021-01-28 |
Bad Neighbor on FreeBSD: IPv6 Router Advertisement Vulnerabilities in rtsold (CVE-2020-25577) |
FreeBSD ‧ Francisco Falcon |
|
| 2020-12-24 |
Technical Assessment of the herumi Libraries |
blockchain ‧ Laurent Grémy |
|
| 2020-12-24 |
RFID: New Proxmark3 Tear-Off Features and New Findings |
hardware ‧ Philippe Teuwen |
|
| 2020-12-24 |
How the MSVC Compiler Generates XFG Function Prototype Hashes |
Microsoft ‧ Francisco Falcon |
|
| 2020-12-24 |
Beware the Bad Neighbor: Analysis and PoC of the Windows IPv6 Router Advertisement Vulnerability (CVE-2020-16898) |
Microsoft ‧ Francisco Falcon |
|
| 2020-12-24 |
Internships at Quarkslab 2020-2021: the COVID season |
life at qb ‧ Quarkslab |
|
| 2020-12-24 |
Examining the August Smart Lock |
august ‧ Nahuel Riva |
|
| 2020-12-24 |
Introduction to Whiteboxes and Collision-Based Attacks With QBDI |
whitebox ‧ Paul Hernault |
|
| 2020-12-24 |
Why are Frida and QBDI a Great Blend on Android? |
android ‧ Tom Czayka |
|
| 2020-12-24 |
A Deep Dive Into Samsung's TrustZone (Part 3) |
trustzone ‧ Alexandre Adamski |
|
| 2020-12-24 |
Triton v0.8 and ARMv7: A Guideline for Adding New Architectures |
open-source ‧ Christian Heitman |
|
| 2020-12-24 |
Playing Around With The Fuchsia Operating System |
fuchsia ‧ 706a5669981f47b5fce062bd6bd6e6a3 |
|
| 2020-12-24 |
Ansible Security Assessment |
vulnerability ‧ Damien Aumaitre |
|
| 2020-12-24 |
How a Security Anomaly was Accidentally Found in an EAL6+ JavaCard |
javacard ‧ Philippe Teuwen |
|
| 2020-12-24 |
Reverse Engineering a VxWorks OS Based Router |
tplink ‧ Nahuel Riva |
|
| 2020-12-24 |
Triton v0.8 is Released! |
open-source ‧ Christian Heitman |
|
| 2020-03-24 |
CVE-2020-0069: Autopsy of the Most Stable MediaTek Rootkit |
Android ‧ Maxime Rossi Bellom |
|
| 2020-01-16 |
Reverse Engineering a Philips TriMedia CPU based IP Camera - Part 3 |
philips ‧ Nahuel Riva |
|
| 2019-12-17 |
A Deep Dive Into Samsung's TrustZone (Part 2) |
trustzone ‧ Alexandre Adamski |
|
| 2019-12-10 |
A Deep Dive Into Samsung's TrustZone (Part 1) |
trustzone ‧ Alexandre Adamski |
|
| 2019-11-26 |
A Glimpse Into Tencent's Legu Packer |
android ‧ Romain Thomas |
|
| 2019-11-19 |
Irma Past and Future |
Malware ‧ Alexandre Quint |
|
| 2019-11-14 |
CM Browser: HTTPS URL Leak |
android ‧ Tom Czayka |
|
| 2019-10-29 |
EEPROM: When Tearing-Off Becomes a Security Issue |
hardware ‧ Philippe Teuwen |
|
| 2019-10-24 |
Analysis of Qualcomm Secure Boot Chains |
Secure Boot ‧ Elouan Appere |
|
