| website | https://quarkslab.com |
| location | Paris, France |
The dragon has a VM. Of course it does.
Our latest blog walks through the analysis of a complex C++ binary hiding behind a virtual machine, themed as a classic RPG fight.
QBDI & TritonDSE are your weapons of choice. The dragon doesn't stand a chance. ๐
๐ https://blog.quarkslab.com/qbdi-vs-tritondse-against-a-vm-who-will-be-the-fastest.html
Rule 1๏ธโฃ : "In WAF we (should not) trust"
Your WAF is doing its best. That's just not enough ๐ฎโ๐จ
A deep dive into Web Application Firewall bypass techniques, discovering why blocked โ doesn't always mean safe.
"Intego X9: Never trust my updates"
Read @coiffeur0x90's research showing how XPC interprocess communications and the update mechanism of the Intego antivirus for MacOS can be abused for local privilege escalation.
"How does it even work?"
The question that keeps hackers' hearts pumping, blood pressure rising, and curiosity growing.
This is @virtualabs's reverse engineering journey into a cheap smartwatch that measures at least one of those.
https://blog.quarkslab.com/nerd-life-weeks-firmware-teardown-we-were-right.html
SPONSOR
๐ฃ Today, we are delighted to announce the @quarkslab Gold level sponsoring ๐
Since day one (9 years ago!), @quarkslab supports us, it is an incredible help for an organization like us ๐ Thank you so much!
๐ @quarkslab provides to companies Security Audit capabilities (pentest, code & architecture) & Consulting expertise powered by its cutting edge R&D. It can also help you with Qshield, its comprehensive security suite designed to safeguard intellectual property (IP), data, devices, and software against modern cyber threats.
๐ฅ @quarkslab produces year after year a fantastic number of cyber open source projects and contributions (ex: FLOSS audits) ๐
Two 2026 examples:
โก๏ธSighthouse: a tool designed to assist reverse engineers by retrieving information and metadata from programs and identifying similar functions.
๐ https://github.com/quarkslab/sighthouse
โก๏ธBitcoin Core audit : @quarkslab conducted the first public third-party security assessment of Bitcoin Core, the canonical implementation of the Bitcoin network.
If you glitch one, can you glitch many?
Extracting automotive firmware is a challenge.
@Phil_BARR3TT explains how he bypassed the IDCODE protection in several variants of the RH850 MCU family using both voltage glitching and side-channel analysis โก๏ธ๐
Another antivirus ๐ก๏ธ, another unfulfilled promise ๐ฃ. @kaluche_ turns Avira's protection into a privilege escalation playground. This time: not 1, not 2, but 3 LPE vectors ๐ via symlink abuse (CVE-2026-27748, CVE-2026-27750) and unsafe deserialization (CVE-2026-27749).
Find out more: https://blog.quarkslab.com/avira-deserialize-delete-and-escalate-the-proper-way-to-use-an-av.html
Why macOS AVs shouldnโt trust PIDs ๐๐ - new post by @Coiffeur0x90
Intego X9: XPC validation falls back to PID โ PID reuse + posix_spawn() shenanigans ๐ โ confused deputy / privileged methods abused ๐คก๐งจ
Lesson: PID โ identity.
Check it out ๐ https://blog.quarkslab.com/intego_lpe_macos_2.html
Pass the SALT Conference