If you glitch one, can you glitch many? Extracting automotive firmware is a challenge. @phil-barr3tt.bsky.social explains how he bypassed the IDCODE protection in several variants of the RH850 MCU family using both voltage glitching and side-channel analysis ⚡️🚗 blog.quarkslab.com/bypassing-de...

Reverse engineers often spend a lot of time deciphering third-party firmware libraries. At RE//verse 2026 (Fri, 5 PM), Benoit & Sami will introduce SightHouse, an open-source tool to automatically identify third-party functions and speed up analysis. Join us!

Another antivirus 🛡️, another unfulfilled promise 😣. @kaluche_ turns Avira's protection into a privilege escalation playground. This time: 3 LPE vectors 🆙 via symlink abuse (CVE-2026-27748, CVE-2026-27750) and unsafe deserialization (CVE-2026-27749). Find out more: blog.quarkslab.com/avira-deseri...

Why macOS AVs shouldn’t trust PIDs 😄🍏 - new post by @Coiffeur0x90 Intego X9: XPC validation falls back to PID → PID reuse + posix_spawn() shenanigans 😏 ⇒ confused deputy / privileged methods abused 🤡🧨 Lesson: PID ≠ identity. Check it out 🔗 blog.quarkslab.com/intego_lpe_m...

You've never been more right to doubt your MacOS antivirus software 😥 Our latest research by Mathieu Farrell shows how Intego can be abused for Local Privilege Escalation Yes, the antivirus. Yes, as root. blog.quarkslab.com/intego_lpe_m...

"Dr. Bytecode or: How I Learned to Stop Worrying and Obfuscate Java" A tale about how @farena.in started his journey in Java software obfuscation. blog.quarkslab.com/how-to-write...

"Use a better system prompt" is the new "sanitize your inputs", but when your #AI agent's tools don't check permissions, you've got a problem and no amount of prompting will fix it. Check Kaluche's blog post about #AgenticAI & the Confused Deputy issue ⬇️ blog.quarkslab.com/agentic-ai-t...

@lfenergy.bsky.social EVerest underwent a security engagement facilitated by us with auditing by @quarkslab.bsky.social. This holistic security work impacts millions of EV charging stations worldwide. Read more at our blog: ostif.org/everest-secu...

We conducted the first public third-party security assessment of EVerest, an open-source firmware stack for electric vehicle charging stations, deployed in hundreds of thousands of charging points worldwide. The audit was mandated by @ostifofficial.bsky.social 🙏 blog.quarkslab.com/everest-secu...

A decade is an eternity in security. 🛡️ Ten years ago, we released the Clang Hardening Cheat Sheet. Today, the landscape has changed. @0xTRIKKSS & @bcreusillet break down the latest mitigations to keep your code secure. 🔗Read the update: blog.quarkslab.com/clang-harden...

A modern tale of Blinkenlights, cheap Christmas shopping and curiosity, narrated by Damien Cauquil Firmware extraction and reverse engineering of a smartwatch FTW! blog.quarkslab.com/modern-tale-...

K7 Antivirus: Named pipe abuse, registry manipulation and privilege escalation. A story of endpoint post-exploitation by Lucas Laise blog.quarkslab.com/k7-antivirus...

We've been a bit excited about this one. We are excited and honored to have partnered with Bitcoin, brink, Chaincode Labs, and @quarkslab.bsky.social to collaborate on a security audit of Bitcoin Core. This was Bitcoin Core's first external audit. Read more at our blog: ostif.org/bitcoin-core...

Quarkslab engineers Robin David, Mihail Kirov and Kaname just completed the first public security audit of Bitcoin Core, led by @ostifofficial.bsky.social and funded by Brink.dev Details on the blog post: blog.quarkslab.com/bitcoin-core... Congrats to developers for such software masterpiece !

We are pleased to announce that the KubeVirt Security Audit report has been published, in collaboration with @quarkslab.bsky.social and @ostifofficial.bsky.social Check out our blog post for all the details: kubevirt.io/2025/Announc...

KubeVirt is open source virtualization technology for Kubernetes. Recently we worked with the @kubevirt team on a security audit sponsored by @OSTIFofficial 🙏 Read a summary of our findings and find the full report here: blog.quarkslab.com/kubevirt-sec...

Our 2025-2026 internship season has started. Check out the list of openings and apply for fun and knowledge! blog.quarkslab.com/internship-offers-for-the-2025-2026-season.html

From kernel oops to kernel exploit: How two little bugs (CVE-2025-23330, CVE-2025-23280) in #NVIDIA open GPU #Linux driver can lead to full system compromise. Full technical breakdown inside, #vmalloc exploitation technique included! blog.quarkslab.com/nvidia_gpu_k...

Finding a buggy driver is one thing, abusing it is another🧠 In his latest blog post, Luis Casvella shows you how BYOVD can be used as a Reflective Rootkit Loader ! 🚀 ➡️ blog.quarkslab.com/exploiting-l...

Quantum computers are not quite here yet, but now's the time to get ready. After updating their protocol in 2023, @signal.org is now proposing a post-quantum version of their Double Ratchet for message encryption. Let's see what Signal looks like now! blog.quarkslab.com/triple-threa...

Brand new paper with Roxane Cohen, Robin David (both from @quarkslab.bsky.social ) and Florian Yger on obfuscation detection in binary code doi.org/10.1007/s411... We show that carefully selected features can be leveraged by graph neural networks to outperform classical solutions.

BYOVD is a well-known technique commonly used by threat actors to kill EDR 🔪 However, with the right primitives, you can do much more. Find out how Luis Casvella found and exploited 4 vulns (CVE-2025-8061) in a signed Lenovo driver. 👇 blog.quarkslab.com/exploiting-l...

RTFM they say but if you read the manual and copy code examples from it you may inadvertently introduce vulns in your code 🙀 In April we audited the PHP code. Now we followed up with a review of the code snippets in PHP documentation and found 81 issues 👇 blog.quarkslab.com/security-rev...

The two bytes that make size matter: Reverse engineering Apple's iOS 0-click CVE-2025-43300 improved bounds checking fix, by Madimodi Diawara blog.quarkslab.com/patch-analys...

Hacking & Barbecue in the south of France. What could possibly be better? Barbhack starts this Saturday in Toulon and we're giving away a ticket to a student nearby looking to live the experience Send us a Chat msg with your name and school We will notify the winner tonight www.barbhack.fr/2025/fr/

🚀Ever heard of ControlPlane, software to help you automate tasks on macOS? Turns out, it might also help you become root. Oops! 😱 @coiffeur0x90 found a Local Privilege Escalation vulnerability. Read before someone automates your admin rights 👉 blog.quarkslab.com/controlplane...

You finally pwned the Holy Confluence server. What now? Create a user? Reset a password? 🚨Best way to trigger an alert What if you craft your own Personal Access Token 🔑 for the Admin account ? Find out how in this blog post by Quarkslab's Red Teamer YV blog.quarkslab.com/a-story-abou...

The leHack conference (@le-hack.bsky.social) starts tomorrow at the Cité des Sciences et de l’Industrie in Paris. We will be there to meet with peers and friends. 3 technical talks, a cool challenge & our famous Car in a Box to play with. Come and say hi at booth 20. Full program here: lehack.org

Are you a network protocol reverse engineer? Tired of writing Wireshark plugins in memory unsafe or esoteric languages named after celestial objects? Now you can do it in a few lines of Go, Python or Rust with Wirego. Benoit Girard explains how here: blog.quarkslab.com/getting-star...

Attention ✨WomenAtSSTIC✨ We meet at 18:00 today at L'Equinoxe: 3 Place des Lices, 35000 Rennes See you there! #sstic2025

Are you a cyber professional, or a future one, coming to #sstic2025 next week? Come to ✨WomenATsstic✨, an informal and unofficial friendly meetup on Wednesday, June 4th at 6 pm. We will reserve a bar/café near the Halle Martenot. Register here: framadate.org/hH2t9FcRtgEG...

Good morning Singapore! The amazing Off by One Conference 2025 starts today. If you are attending don't miss Fred Raynal's (our fearless CEO) keynote at 9:35am: "Spyware for rent & the world of offensive cyber" The full agenda is available here: offbyone.sg/agenda

Quarkslab was glad to sponsor the Real World Cryptography Paris Meetup 4 hosted by @Ledger last night. Julio Loayza Meneses talked about crypto-condor, our open source tool to test cryptography implementations. You can learn more about it here: quarkslab.github.io/crypto-condo...

Look at those cute little blobs in your internal network. They look harmless, but how about the one carrying SOCKS? It's ProxyBlob, a reverse proxy over Azure. Check out Alexandre Nesic's article on how it came to exist after an assumed breach mission ⤵️ 👉 blog.quarkslab.com/proxyblobing...

While casually reading Moodle's code Mathieu Farrell found a SSRF bug exploitable by any authenticated user. Fun twist? This vuln matches exactly the example Orange Tsai presented at Black Hat 2017. Real life imitates conference slides 😅 Details here: blog.quarkslab.com/auditing-moo...

We are so excited to announce the publication of our audit of PHP core! This work was made possible through a collaboration between OSTIF, @thephpf.bsky.social, and @quarkslab.bsky.social with funding provided by @sovereign.tech. For the report and further links, check out ostif.org/php-audit-co...

We are pleased to announce the completion of security audit of PHP core! Executed by @quarkslab.bsky.social in partnership with @ostifofficial.bsky.social and commissioned by the @sovereign.tech. Learn more: thephp.foundation/blog/2025/04...

Quarkslab audited PHP-SRC, the open source interpreter of PHP. The security audit, sponsored by @ostifofficial.bsky.social with funding from @sovereign.tech, aimed at strengthening the project's security ahead of the upcoming PHP 8.4 release. Here's what we found: blog.quarkslab.com/security-aud...

There is a small bug in the signature verification of OTA packages in the Android Open Source Framework. Official builds doing normal double verification of packages are not vulnerable but OEMs and third party apps may be. Jérémy Jourdois explains it here: blog.quarkslab.com/aosp_ota_sig...

New GUI or root access? Choose wisely! Exploiting a Local Privilege Escalation vulnerability in CCleaner version 1 for MacOS, by @Coiffeur0x90 blog.quarkslab.com/ccleaner_lpe...

Next week at the Hack The Box 0x4d meetup in Lille, France @rayanle.cat will talk about PwnShop, the challenge he prepared for the PwnMe CTF 2025 and how he accidentally discovered a RCE 0day while doing so. Join him next Monday at Campus Cyber Hauts-the-France: www.meetup.com/hack-the-box...

The Fifth Element: Using Quarkslab's cryptographic test suite to find bugs in the reference implementation of HQC, the latest algorithm added to the NIST PQC standard. Here Célian Glénaz, Dahmun Goudarzi and Julio Loayza Meneses tell you how they did it: blog.quarkslab.com/finding-bugs...

The Open Platform Communications Unified Architecture (OPC UA) is an open standard for industrial systems. In 2024 we worked with @anssi-fr.bsky.social to develop fuzzysully, an OPC UA fuzzer. Today we are glad to announce that this tool is now open source: github.com/ANSSI-FR/fuz...

From classic HTML pages to advanced MFA bypasses, dive in with @atsika.bsky.social in an exploration of phishing techniques 🎣. Learn some infrastructure tricks and delivery methods to bypass common detection. 👉 blog.quarkslab.com/technical-di... (promise this one is legit 👀)

We completed our 2nd audit of Allbrige's Estrela, a decentralized exchange built on the Soroban platform. Our audit was focused on the 3-token pool implementation and no critical vulnerabilities were found. The summary and full report can be read here blog.quarkslab.com/audit-of-all...

ICYMI: 5 vulnerabilities in SOPlanning, an open source project management application used by major consulting services providers. In part 2 of "Pwn Everything, Bounce Everywhere, all at once" Mathieu Farrell tells you how to chain them for unautheticated RCE blog.quarkslab.com/pwn-everythi...

A Plan to Pwn: Reviving a 17 year old bug or winning a race against Project Management? We've got both. Mathieu Farrell shows you how in the "Pwn Everything, Bounce Everywhere, all at once" blog post series. blog.quarkslab.com/pwn-everythi...

Unrestrict the restricted mode for USB on iPhone. A first analysis @citizenlab.ca #CVE-2025-24200 👉 blog.quarkslab.com/first-analys...

AMD published Security Bulletin AMD-SB-7027 addressing CVE-2024-0179 and CVE-2024-21925, the two UEFI SMM vulnerabilities disclosed in our blog post. Data center, desktop, mobile and embedded processors products are affected: www.amd.com/en/resources...

Good tools are made of bugs: How to monitor your Steam Deck with one byte. Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming. A Christmas gift in February, brought to you by the amazing Gwaby 🫶 blog.quarkslab.com/being-overlo...