Another audit finalized with @OSTIFofficial and @CloudNativeFdn! 🔍 Quarkslab reviewed Notary Project’s new cryptographic features — timestamping & certificate revocation — identifying 11 issues, including 2 CVEs! 📖 Read more in our blog post:

こんにちは Tokyo! "Of all things, I liked bugs best." ― Nikola Tesla Quarkslab is happy to participate in Pwn2Own Automotive and tomorrow we will try to demonstrate a RCE on an Electric Vehicle Charger on stage. Nikola enlight us, Murphy stay home!

👋 Looking for some cool research opportunities in 2025? We still have an open position in our 2024-2025 internships season. Take a look and hurry up to submit, those satellites won't hack themselves

Thinking about moving to #bsky ? We are there too

This year we were proud to sponsor @GrehackConf again! We hope you liked our talks and workshops, including an inside look at the MIFARE Classic smart card backdoor by @doegox and the upcoming Kerberos exploitation workshop by Rayan. ����#GreHack2024

Sacre BLE! Fuzzing Bluetooth Low Energy GATT and annoying your colleagues for fun and silence Let Baptiste Boyer show you the way

RT @hardwear_io: Are you ready to brainstorm at #hw_ioNL2024? Organized by @quarkslab, Hardware CTF is your chance to test your knowledge,…

@hardwear_io is underway in Amsterdam and our team is there contributing to a great experience: The hardware CTF, Car Hacking training, a wireless device hacking workshop & two talks: Attacks on MIFARE-compatible cards and BLE GATT fuzzing Happy hacking!

Our 2024-2025 internships season has started Check out the 3 new openings and apply for fun and knowledge! (paid internships, fur coats not included)

Linux kernel instrumentation from Qemu and gdb: A technique to analyze binaries or kernel modules that may try to monitor themselves. In this blog post Professor @Mad5quirrel explains the trick

We are proud to sponsor the 1st edition of the HackHer Challenge, a CTF competition dedicated to female students and professionals, with the mission of promoting diversity. This Saturday October 19th 10:00 to 18:00 Details and registration here:

Finding and chaining 4 vulns to exfiltrate encryption keys from the Android Keystore on Samsung series A* devices. Did you miss the "Attacking the Samsung Galaxy A* Boot Chain" talk by @max_r_b and Raphaël Neveu earlier this year ? Talk && PoC || GTFO:

Don't you miss the golden era of SQL injections? Here Mathieu Farrell (@coiffeur0x90) explains how to feel the thrill again with the aid of Apache Superset, XML and a bit of parsing tickery: "Bypass Apache Superset restrictions to perform SQL injections"

Mathieu Farrell (@coiffeur0x90) discovered a dylib injection vulnerability in Microsoft Teams on MacOS. The bug allows an attacker to secretly spy on users through their microphone and camera. Here he explains how he identified and exploited it:

The Cryptodifference Engine: An in-depth look at differential fuzzing for harvesting crypto bugs, by Célian Glénaz

RT @EUCyberWeek: 📢 Final of the C&ESAR by DGA: Places are limited 😉! Philippe Teuwen from @quarkslab will discuss vulnerabilities in some…

Dive into crypto-condor, our open-source test suite for cryptographic primitives by Julio Loayza Meneses! Perfect for ensuring compliance & correctness in your implementations. Let's secure your cryptography together! #cryptography

Chamilo is an open source e-Learning platform written in PHP and used worldwide. During a red team engagement Quarkslab's engineer Mathieu Farrell learned how to exploit it for Remote Code Execution. Now you can too:

Operator Fabric is an open source platform built by the @LFE_Foundation for use in electricity, water and other utility operations Last May we did a security audit sponsored by @OSTIFofficial🙏 Read a summary of our findings and find the full report here:

Come to see our automotive security expert @phil_barr3tt on stage at @_barbhack_, twice! As proud sponsors, we have a couple of tickets to offer. You are student? Send us a small motivated email to contact at quarkslab com before tomorrow 15:00 CEST and we'll make a choice.