| website | https://quarkslab.com |
| location | Paris, France |
"Intego X9: Never trust my updates"
Read @coiffeur0x90's research showing how XPC interprocess communications and the update mechanism of the Intego antivirus for MacOS can be abused for local privilege escalation.
"How does it even work?"
The question that keeps hackers' hearts pumping, blood pressure rising, and curiosity growing.
This is @virtualabs's reverse engineering journey into a cheap smartwatch that measures at least one of those.
https://blog.quarkslab.com/nerd-life-weeks-firmware-teardown-we-were-right.html
SPONSOR
π£ Today, we are delighted to announce the @quarkslab Gold level sponsoring π
Since day one (9 years ago!), @quarkslab supports us, it is an incredible help for an organization like us π Thank you so much!
π @quarkslab provides to companies Security Audit capabilities (pentest, code & architecture) & Consulting expertise powered by its cutting edge R&D. It can also help you with Qshield, its comprehensive security suite designed to safeguard intellectual property (IP), data, devices, and software against modern cyber threats.
π₯ @quarkslab produces year after year a fantastic number of cyber open source projects and contributions (ex: FLOSS audits) π
Two 2026 examples:
β‘οΈSighthouse: a tool designed to assist reverse engineers by retrieving information and metadata from programs and identifying similar functions.
π https://github.com/quarkslab/sighthouse
β‘οΈBitcoin Core audit : @quarkslab conducted the first public third-party security assessment of Bitcoin Core, the canonical implementation of the Bitcoin network.
If you glitch one, can you glitch many?
Extracting automotive firmware is a challenge.
@Phil_BARR3TT explains how he bypassed the IDCODE protection in several variants of the RH850 MCU family using both voltage glitching and side-channel analysis β‘οΈπ
Another antivirus π‘οΈ, another unfulfilled promise π£. @kaluche_ turns Avira's protection into a privilege escalation playground. This time: not 1, not 2, but 3 LPE vectors π via symlink abuse (CVE-2026-27748, CVE-2026-27750) and unsafe deserialization (CVE-2026-27749).
Find out more: https://blog.quarkslab.com/avira-deserialize-delete-and-escalate-the-proper-way-to-use-an-av.html
Why macOS AVs shouldnβt trust PIDs ππ - new post by @Coiffeur0x90
Intego X9: XPC validation falls back to PID β PID reuse + posix_spawn() shenanigans π β confused deputy / privileged methods abused π€‘π§¨
Lesson: PID β identity.
Check it out π https://blog.quarkslab.com/intego_lpe_macos_2.html
You've never been more right to doubt your MacOS antivirus software π₯
Our latest research by @coiffeur0x90 shows how Intego can be abused for Local Privilege Escalation
Yes, the antivirus.
Yes, as root.
"Dr. Bytecode or: How I Learned to Stop Worrying and Obfuscate Java"
A tale about how @farenain started his journey in Java software obfuscation.
https://blog.quarkslab.com/how-to-write-your-first-obfuscator-of-java-bytecode.html
Pass the SALT Conference