Quarkslab
@quarkslab.bsky.social
📤 309
📥 3
📝 65
Securing every bit of your data
https://quarkslab.com
pinned post!
Our 2025-2026 internship season has started. Check out the list of openings and apply for fun and knowledge!
blog.quarkslab.com/internship-offers-for-the-2025-2026-season.html
8 months ago
0
3
3
Obscure Element: Reverse engineering Xiaomi's MJA1 secure chip. Mengsi Wu's journey starts here:
blog.quarkslab.com/black-box-pr...
about 24 hours ago
0
2
0
BOLT is a static analysis tool, part of the LLVM compiler infrastructure, used to verify compiler security hardening options have been applied on a binary. Thanks to
@ostifofficial.bsky.social
we've worked since November 2025 to improve it. Check our progress here:
blog.quarkslab.com/extending-ll...
loading . . .
Extending LLVM's BOLT-based Binary Analyser to Validate Stack Variable Initialisation - Quarkslab's blog
The Open Source Technology Improvement Fund (OSTIF) commissioned Quarkslab to extend the BOLT-based static binary analyser in LLVM to support additional compiler flags for security hardening. This wor...
https://blog.quarkslab.com/extending-llvms-bolt-based-binary-analyser-to-validate-stack-variable-initialisation.html
10 days ago
0
4
1
From prompt 😃to pwned 😢: Implementing an LLM in your org? Useful. Trusting its output? That's how a low-priv user became admin. Ship the feature, don't extend it your trust.
blog.quarkslab.com/from-prompt-...
14 days ago
0
1
0
Practical Android Software Protection in the Wild: An Appetizer In which Eduardo Blazquez analyzes 2.5 million Android apps to identify and classify the obfuscators, packers and code protectors they use:
blog.quarkslab.com/practical-an...
15 days ago
0
1
0
What happens when reverse engineers spend weeks poking at the Scala 3 codebase? 🔍 From code review to fuzzing, our assessment helped strengthen Scala's security. The results of our audit, conducted in collaboration with
@ostifofficial.bsky.social
, are here:
blog.quarkslab.com/scala-securi...
loading . . .
Scala Security Audit - Quarkslab's blog
The Scala team has partnered with the Open Source Technology Improvement Fund (OSTIF) to conduct its first security audit. This initiative aims to identify potential vulnerabilities through static and...
https://blog.quarkslab.com/scala-security-audit.html
18 days ago
0
0
0
Did you hear about Optical Line Terminals? ISPs rely on them to build their service networks, but what if they are vulnerable? Here Mathieu Farrell shows how attackers could compromise entire ISPs by exploiting them and cloud-based fleet management software
blog.quarkslab.com/how-olts-may...
about 1 month ago
1
1
0
A hands-on look at Microsoft’s Independent Guest Virtual Machine (IGVM) format inside OpenHCL’s `openhcl.bin`. We unpack the fixed header, variable headers, data layout, and how IGVM measurement supports Confidential Computing with SEV-SNP and TDX. 🔗
blog.quarkslab.com/the-igvm-fil...
loading . . .
The IGVM File Format - Quarkslab's blog
This article presents the structure of the Independent Guest Virtual Machine (IGVM) file format, a binary file designed to define and securely launch the initial state of a virtual machine. It bundles...
https://blog.quarkslab.com/the-igvm-file-format.html
about 1 month ago
0
1
1
Paramiko is a pure-Python implementation of SSHv2. Recently, we worked with the Paramiko team on a security audit sponsored by
@ostifofficial.bsky.social
🙏 Read a summary of our findings and find the full report here:
blog.quarkslab.com/paramiko-sec...
loading . . .
Paramiko Security Audit - Quarkslab's blog
The OSTIF collaborated with Quarkslab to conduct a security audit of Paramiko, a pure-Python implementation of SSHv2 that provides both client- and server-side functionality. Given the sensitivity and...
https://blog.quarkslab.com/paramiko-security-audit.html
about 2 months ago
0
0
0
Do you know how Entra ID applications work? What about the security mess they can bring and what they can quietly break? New blog post on Entra ID application permissions, the audit nightmare they create, and QAZPT, our OSS tool to actually make sense of it:
blog.quarkslab.com/auditing-app...
about 2 months ago
0
0
0
Obfuscation vs The Optimizer: A Battle in LLVM Middle End. Robert Yates shows us how the continuous improvement of the LLVM optimizer defeats naive code obfuscation, and how the obfuscator can fight back. An eternal fight in which all victories are ephemeral
blog.quarkslab.com/obfuscation-...
2 months ago
0
0
0
🤔Ever wondered how your favorite tools work under the hood? During our work on SightHouse, we dug into BSIM, Ghidra's Binary function SIMilarity engine. Many tools have been built around it, yet its internals remained undocumented. Until now 👇
blog.quarkslab.com/bsim-explain...
2 months ago
0
1
1
🚗 We traced a car’s life from China to Poland. By analyzing a BYD Telematic Control Unit, Romain Marchand econstructed its journey and identified a real-world event from GPS logs alone. Embedded forensics + OSINT = real stories hidden in data. 👉
blog.quarkslab.com/tearing-down...
2 months ago
0
2
0
After Mathieu Farrell found 3 LPEs in Intego antivirus for macOS, Lucas Laise had to check the Windows version too. Spoiler: it was vulnerable. Here's the full write up of a symlink attack to achieve Local Privilege Escalation👇
blog.quarkslab.com/milking-the-...
2 months ago
0
1
0
Tired of reversing the same libc for the 100th time? 👀 Meet SightHouse, our open-source tool that automatically detects third-party library functions in binaries. High-confidence function mapping. Works with any disassembler. By @Mad5quirrel & Sami. 🔗
blog.quarkslab.com/sighthouse-a...
3 months ago
0
3
2
The dragon has a VM. Of course it does. Our latest blog walks through the analysis of a complex C++ binary hiding behind a virtual machine, themed as a classic RPG fight. QBDI & TritonDSE are your weapons of choice. The dragon doesn't stand a chance. 🐉 🔗
blog.quarkslab.com/qbdi-vs-trit...
3 months ago
0
0
1
Rule 1️⃣ : "In WAF we (should not) trust" Your WAF is doing its best. That's just not enough 😮💨 A deep dive into Web Application Firewall bypass techniques, discovering why blocked ⛔ doesn't always mean safe.
blog.quarkslab.com/in-waf-we-sh...
3 months ago
0
1
0
"Intego X9: Never trust my updates" Read Mathieu Farrell's research showing how XPC interprocess communications and the update mechanism of the Intego antivirus for MacOS can be abused for local privilege escalation.
blog.quarkslab.com/intego_lpe_m...
3 months ago
0
0
0
"How does it even work?" The question that keeps hackers' hearts pumping, blood pressure rising, and curiosity growing. This is Damien Cauquil's reverse engineering journey into a cheap smartwatch that measures at least one of those.
blog.quarkslab.com/nerd-life-we...
3 months ago
0
1
1
One bit flip to corrupt it all: Exploitation of an old Linux kernel vulnerability using PageJack, a modern technique to create Use After Free bugs. Here Jean Vincent shows you how
blog.quarkslab.com/pagejack-in-...
3 months ago
0
1
0
If you glitch one, can you glitch many? Extracting automotive firmware is a challenge.
@phil-barr3tt.bsky.social
explains how he bypassed the IDCODE protection in several variants of the RH850 MCU family using both voltage glitching and side-channel analysis ⚡️🚗
blog.quarkslab.com/bypassing-de...
4 months ago
0
1
2
Reverse engineers often spend a lot of time deciphering third-party firmware libraries. At RE//verse 2026 (Fri, 5 PM), Benoit & Sami will introduce SightHouse, an open-source tool to automatically identify third-party functions and speed up analysis. Join us!
4 months ago
0
3
2
Another antivirus 🛡️, another unfulfilled promise 😣. @kaluche_ turns Avira's protection into a privilege escalation playground. This time: 3 LPE vectors 🆙 via symlink abuse (CVE-2026-27748, CVE-2026-27750) and unsafe deserialization (CVE-2026-27749). Find out more:
blog.quarkslab.com/avira-deseri...
4 months ago
1
4
1
Why macOS AVs shouldn’t trust PIDs 😄🍏 - new post by @Coiffeur0x90 Intego X9: XPC validation falls back to PID → PID reuse + posix_spawn() shenanigans 😏 ⇒ confused deputy / privileged methods abused 🤡🧨 Lesson: PID ≠ identity. Check it out 🔗
blog.quarkslab.com/intego_lpe_m...
4 months ago
0
0
0
You've never been more right to doubt your MacOS antivirus software 😥 Our latest research by Mathieu Farrell shows how Intego can be abused for Local Privilege Escalation Yes, the antivirus. Yes, as root.
blog.quarkslab.com/intego_lpe_m...
4 months ago
0
1
0
"Dr. Bytecode or: How I Learned to Stop Worrying and Obfuscate Java" A tale about how
@farena.in
started his journey in Java software obfuscation.
blog.quarkslab.com/how-to-write...
4 months ago
0
3
1
"Use a better system prompt" is the new "sanitize your inputs", but when your
#AI
agent's tools don't check permissions, you've got a problem and no amount of prompting will fix it. Check Kaluche's blog post about
#AgenticAI
& the Confused Deputy issue ⬇️
blog.quarkslab.com/agentic-ai-t...
5 months ago
0
0
0
reposted by
Quarkslab
5 months ago
@lfenergy.bsky.social
EVerest underwent a security engagement facilitated by us with auditing by
@quarkslab.bsky.social
. This holistic security work impacts millions of EV charging stations worldwide. Read more at our blog:
ostif.org/everest-secu...
0
1
1
We conducted the first public third-party security assessment of EVerest, an open-source firmware stack for electric vehicle charging stations, deployed in hundreds of thousands of charging points worldwide. The audit was mandated by
@ostifofficial.bsky.social
🙏
blog.quarkslab.com/everest-secu...
5 months ago
0
2
2
A decade is an eternity in security. 🛡️ Ten years ago, we released the Clang Hardening Cheat Sheet. Today, the landscape has changed. @0xTRIKKSS & @bcreusillet break down the latest mitigations to keep your code secure. 🔗Read the update:
blog.quarkslab.com/clang-harden...
5 months ago
0
4
4
A modern tale of Blinkenlights, cheap Christmas shopping and curiosity, narrated by Damien Cauquil Firmware extraction and reverse engineering of a smartwatch FTW!
blog.quarkslab.com/modern-tale-...
6 months ago
0
0
0
K7 Antivirus: Named pipe abuse, registry manipulation and privilege escalation. A story of endpoint post-exploitation by Lucas Laise
blog.quarkslab.com/k7-antivirus...
7 months ago
0
3
0
reposted by
Quarkslab
7 months ago
We've been a bit excited about this one. We are excited and honored to have partnered with Bitcoin, brink, Chaincode Labs, and
@quarkslab.bsky.social
to collaborate on a security audit of Bitcoin Core. This was Bitcoin Core's first external audit. Read more at our blog:
ostif.org/bitcoin-core...
loading . . .
Bitcoin Core Audit Complete! – OSTIF.org
https://ostif.org/bitcoin-core-audit-complete/
1
5
2
Quarkslab engineers Robin David, Mihail Kirov and Kaname just completed the first public security audit of Bitcoin Core, led by
@ostifofficial.bsky.social
and funded by
Brink.dev
Details on the blog post:
blog.quarkslab.com/bitcoin-core...
Congrats to developers for such software masterpiece !
loading . . .
Bitcoin Core audit - Quarkslab's blog
The Open Source Technology Improvement Fund, Inc. mandated Quarkslab to perform the first public security audit of Bitcoin core, the reference open-source implementation of the Bitcoin decentralized p...
https://blog.quarkslab.com/bitcoin-core-audit.html
7 months ago
0
6
5
reposted by
Quarkslab
KubeVirt
7 months ago
We are pleased to announce that the KubeVirt Security Audit report has been published, in collaboration with
@quarkslab.bsky.social
and
@ostifofficial.bsky.social
Check out our blog post for all the details:
kubevirt.io/2025/Announc...
loading . . .
Announcing the results of our Security Audit | KubeVirt.io
As part of our application to Graduate, KubeVirt has a security audit performed by a third-party, organised through the CNCF and OSTIF.
https://kubevirt.io/2025/Announcing-KubeVirt-Security-Audit-Results.html
0
4
3
KubeVirt is open source virtualization technology for Kubernetes. Recently we worked with the @kubevirt team on a security audit sponsored by @OSTIFofficial 🙏 Read a summary of our findings and find the full report here:
blog.quarkslab.com/kubevirt-sec...
7 months ago
0
1
1
Our 2025-2026 internship season has started. Check out the list of openings and apply for fun and knowledge!
blog.quarkslab.com/internship-offers-for-the-2025-2026-season.html
8 months ago
0
3
3
From kernel oops to kernel exploit: How two little bugs (CVE-2025-23330, CVE-2025-23280) in
#NVIDIA
open GPU
#Linux
driver can lead to full system compromise. Full technical breakdown inside,
#vmalloc
exploitation technique included!
blog.quarkslab.com/nvidia_gpu_k...
loading . . .
Oops! It's a kernel stack use-after-free: Exploiting NVIDIA's GPU Linux drivers - Quarkslab's blog
This article details two bugs discovered in the NVIDIA Linux Open GPU Kernel Modules and demonstrates how they can be exploited. The bugs can be triggered by an attacker controlling a local unprivileg...
https://blog.quarkslab.com/nvidia_gpu_kernel_vmalloc_exploit.html
8 months ago
0
2
3
Finding a buggy driver is one thing, abusing it is another🧠 In his latest blog post, Luis Casvella shows you how BYOVD can be used as a Reflective Rootkit Loader ! 🚀 ➡️
blog.quarkslab.com/exploiting-l...
8 months ago
0
3
3
Quantum computers are not quite here yet, but now's the time to get ready. After updating their protocol in 2023,
@signal.org
is now proposing a post-quantum version of their Double Ratchet for message encryption. Let's see what Signal looks like now!
blog.quarkslab.com/triple-threa...
9 months ago
0
5
4
reposted by
Quarkslab
Fabrice Rossi
9 months ago
Brand new paper with Roxane Cohen, Robin David (both from
@quarkslab.bsky.social
) and Florian Yger on obfuscation detection in binary code
doi.org/10.1007/s411...
We show that carefully selected features can be leveraged by graph neural networks to outperform classical solutions.
loading . . .
Identifying obfuscated code through graph-based semantic analysis of binary code - Applied Network Science
Protecting sensitive program content is a critical concern in various situations, ranging from legitimate use cases to unethical contexts. Obfuscation is one of the most used techniques to ensure such a protection. Consequently, attackers must first detect and characterize obfuscation before launching any attack against it. This paper investigates the problem of function-level obfuscation detection using graph-based approaches, comparing algorithms, from classical baselines to advanced techniques like Graph Neural Networks (GNN), on different feature choices. We consider various obfuscation types and obfuscators, resulting in two complex datasets. Our findings demonstrate that GNNs need meaningful features that capture aspects of function semantics to outperform baselines. Our approach shows satisfactory results, especially in a challenging 11-class classification task and in two practical binary analysis examples. It highlights how much obfuscation and optimization are intertwined in binary code and that a better comprehension of these two principles are fundamental in order to obtain better detection results.
https://doi.org/10.1007/s41109-025-00733-8
1
12
8
BYOVD is a well-known technique commonly used by threat actors to kill EDR 🔪 However, with the right primitives, you can do much more. Find out how Luis Casvella found and exploited 4 vulns (CVE-2025-8061) in a signed Lenovo driver. 👇
blog.quarkslab.com/exploiting-l...
9 months ago
0
1
1
RTFM they say but if you read the manual and copy code examples from it you may inadvertently introduce vulns in your code 🙀 In April we audited the PHP code. Now we followed up with a review of the code snippets in PHP documentation and found 81 issues 👇
blog.quarkslab.com/security-rev...
loading . . .
Security review of PHP documentation - Quarkslab's blog
The Open Source Technology Improvement Fund, Inc., engaged with Quarkslab to perform a security audit of the code snippets in the English version of PHP documentation, focused on some specific pages.
https://blog.quarkslab.com/security-review-of-php-documentation.html
9 months ago
0
6
5
The two bytes that make size matter: Reverse engineering Apple's iOS 0-click CVE-2025-43300 improved bounds checking fix, by Madimodi Diawara
blog.quarkslab.com/patch-analys...
10 months ago
0
5
3
Hacking & Barbecue in the south of France. What could possibly be better? Barbhack starts this Saturday in Toulon and we're giving away a ticket to a student nearby looking to live the experience Send us a Chat msg with your name and school We will notify the winner tonight
www.barbhack.fr/2025/fr/
10 months ago
0
7
6
🚀Ever heard of ControlPlane, software to help you automate tasks on macOS? Turns out, it might also help you become root. Oops! 😱 @coiffeur0x90 found a Local Privilege Escalation vulnerability. Read before someone automates your admin rights 👉
blog.quarkslab.com/controlplane...
loading . . .
ControlPlane Local Privilege Escalation Vulnerability on macOS - Quarkslab's blog
A technical exploration of Local Privilege Escalation Vulnerability in ControlPlane on macOS.
https://blog.quarkslab.com/controlplane_lpe_macos.html
11 months ago
0
0
0
You finally pwned the Holy Confluence server. What now? Create a user? Reset a password? 🚨Best way to trigger an alert What if you craft your own Personal Access Token 🔑 for the Admin account ? Find out how in this blog post by Quarkslab's Red Teamer YV
blog.quarkslab.com/a-story-abou...
12 months ago
0
0
0
The leHack conference (
@le-hack.bsky.social
) starts tomorrow at the Cité des Sciences et de l’Industrie in Paris. We will be there to meet with peers and friends. 3 technical talks, a cool challenge & our famous Car in a Box to play with. Come and say hi at booth 20. Full program here:
lehack.org
loading . . .
leHACK 2025 incoming! - leHACK
false
https://lehack.org/
12 months ago
0
1
0
Are you a network protocol reverse engineer? Tired of writing Wireshark plugins in memory unsafe or esoteric languages named after celestial objects? Now you can do it in a few lines of Go, Python or Rust with Wirego. Benoit Girard explains how here:
blog.quarkslab.com/getting-star...
about 1 year ago
1
2
3
Attention ✨WomenAtSSTIC✨ We meet at 18:00 today at L'Equinoxe: 3 Place des Lices, 35000 Rennes See you there!
#sstic2025
add a skeleton here at some point
about 1 year ago
0
0
0
Are you a cyber professional, or a future one, coming to
#sstic2025
next week? Come to ✨WomenATsstic✨, an informal and unofficial friendly meetup on Wednesday, June 4th at 6 pm. We will reserve a bar/café near the Halle Martenot. Register here:
framadate.org/hH2t9FcRtgEG...
loading . . .
Sondage - Women@sstic 2025 - Framadate
Framadate est un service en ligne permettant de planifier un rendez-vous ou prendre des décisions rapidement et simplement.
https://framadate.org/hH2t9FcRtgEGmTWq
about 1 year ago
0
4
5
Load more
feeds!
log in
