quarkslab

@[email protected]
410 Followers
0 Following
111 Posts
Securing every bit of your data
websitehttps://quarkslab.com
locationParis, France
quarkslab4d ago

Rule 1๏ธโƒฃ : "In WAF we (should not) trust"

Your WAF is doing its best. That's just not enough ๐Ÿ˜ฎโ€๐Ÿ’จ
A deep dive into Web Application Firewall bypass techniques, discovering why blocked โ›” doesn't always mean safe.

https://blog.quarkslab.com/in-waf-we-should-not-trust.html

quarkslabMar 20

"Intego X9: Never trust my updates"

Read @coiffeur0x90's research showing how XPC interprocess communications and the update mechanism of the Intego antivirus for MacOS can be abused for local privilege escalation.

https://blog.quarkslab.com/intego_lpe_macos_3.html

quarkslabMar 12

"How does it even work?"

The question that keeps hackers' hearts pumping, blood pressure rising, and curiosity growing.

This is @virtualabs's reverse engineering journey into a cheap smartwatch that measures at least one of those.

https://blog.quarkslab.com/nerd-life-weeks-firmware-teardown-we-were-right.html

quarkslabMar 11
One bit flip to corrupt it all: Exploitation of an old Linux kernel vulnerability using PageJack, a modern technique to create Use After Free bugs.
Here Jean Vincent shows you how
https://blog.quarkslab.com/pagejack-in-action-cve-2022-0995-exploit.html
quarkslabMar 5

If you glitch one, can you glitch many?
Extracting automotive firmware is a challenge.
@Phil_BARR3TT explains how he bypassed the IDCODE protection in several variants of the RH850 MCU family using both voltage glitching and side-channel analysis โšก๏ธ๐Ÿš—

https://blog.quarkslab.com/bypassing-debug-password-protection-on-the-rh850-family-using-fault-injection.html

quarkslabMar 5
Reverse engineers often spend a lot of time deciphering third-party firmware libraries. At RE//verse 2026 (Fri, 5 PM), Benoit & Sami will introduce SightHouse, an open-source tool to automatically identify third-party functions and speed up analysis.
Join us!
quarkslabMar 3

Another antivirus ๐Ÿ›ก๏ธ, another unfulfilled promise ๐Ÿ˜ฃ. @kaluche_ turns Avira's protection into a privilege escalation playground. This time: not 1, not 2, but 3 LPE vectors ๐Ÿ†™ via symlink abuse (CVE-2026-27748, CVE-2026-27750) and unsafe deserialization (CVE-2026-27749).

Find out more: https://blog.quarkslab.com/avira-deserialize-delete-and-escalate-the-proper-way-to-use-an-av.html

quarkslabFeb 26

Why macOS AVs shouldnโ€™t trust PIDs ๐Ÿ˜„๐Ÿ - new post by @Coiffeur0x90

Intego X9: XPC validation falls back to PID โ†’ PID reuse + posix_spawn() shenanigans ๐Ÿ˜ โ‡’ confused deputy / privileged methods abused ๐Ÿคก๐Ÿงจ

Lesson: PID โ‰  identity.
Check it out ๐Ÿ”— https://blog.quarkslab.com/intego_lpe_macos_2.html

quarkslabFeb 10

You've never been more right to doubt your MacOS antivirus software ๐Ÿ˜ฅ
Our latest research by @coiffeur0x90 shows how Intego can be abused for Local Privilege Escalation
Yes, the antivirus.
Yes, as root.

https://blog.quarkslab.com/intego_lpe_macos_1.html

quarkslabFeb 5

"Dr. Bytecode or: How I Learned to Stop Worrying and Obfuscate Java"

A tale about how @farenain started his journey in Java software obfuscation.

https://blog.quarkslab.com/how-to-write-your-first-obfuscator-of-java-bytecode.html