Obscure Element: Reverse engineering Xiaomi's MJA1 secure chip.
Mengsi Wu's journey starts here:
https://blog.quarkslab.com/black-box-probing-a-security-analysis-of-xiaomis-mja1-secure-chip.html
| website | https://quarkslab.com |
| location | Paris, France |
quarkslab
- 445 Followers
- 0 Following
- 126 Posts
Securing every bit of your data
From prompt ๐to pwned ๐ข:
Implementing an LLM in your org? Useful.
Trusting its output? That's how a low-priv user became admin.
Ship the feature, don't extend it your trust.
https://blog.quarkslab.com/from-prompt-to-pwned-chaining-llm-and-web-bugs-to-admin.html
Practical Android Software Protection in the Wild: An Appetizer
In which @farenain analyzes 2.5 million Android apps to identify and classify the obfuscators, packers and code protectors they use:
https://blog.quarkslab.com/practical-android-software-protection-in-the-wild-an-appetizer.html
Did you hear about Optical Line Terminals? ISPs rely on them to build their service networks, but what if they are vulnerable?
Here @coiffeur0x90 shows how attackers could compromise entire ISPs by exploiting them and cloud-based fleet management software
https://blog.quarkslab.com/how-olts-may-have-exposed-entire-isp-networks.html
Here @coiffeur0x90 shows how attackers could compromise entire ISPs by exploiting them and cloud-based fleet management software
https://blog.quarkslab.com/how-olts-may-have-exposed-entire-isp-networks.html
Do you know how Entra ID applications work?
What about the security mess they can bring and what they can quietly break?
New blog post on Entra ID application permissions, the audit nightmare they create, and QAZPT, the open-source tool we built to actually make sense of it.
Obfuscation vs The Optimizer: A Battle in LLVM Middle End.
@yates82 shows us how the continuous improvement of the LLVM optimizer defeats naive code obfuscation, and how the obfuscator can fight back.
An eternal fight in which all victories are ephemeral
https://blog.quarkslab.com/obfuscation-vs-the-optimizer-an-llvm-middle-end-arms-race.html
๐คEver wondered how your favorite tools work under the hood? During our work on SightHouse, we dug into BSIM, Ghidra's Binary function SIMilarity engine.
Many tools have been built around it, yet its internals remained undocumented. Until now ๐
https://blog.quarkslab.com/bsim-explained-once-and-for-all.html
Many tools have been built around it, yet its internals remained undocumented. Until now ๐
https://blog.quarkslab.com/bsim-explained-once-and-for-all.html
๐ We traced a carโs life from China to Poland.
By analyzing a BYD Telematic Control Unit, Romain Marchand reconstructed its journey and identified a real-world event from GPS logs alone.
Embedded forensics + OSINT = real stories hidden in data.
๐ https://blog.quarkslab.com/tearing-down-a-car-telematic-unit-and-finding-an-accident-on-facebook.html
By analyzing a BYD Telematic Control Unit, Romain Marchand reconstructed its journey and identified a real-world event from GPS logs alone.
Embedded forensics + OSINT = real stories hidden in data.
๐ https://blog.quarkslab.com/tearing-down-a-car-telematic-unit-and-finding-an-accident-on-facebook.html
After @coiffeur0x90 found 3 LPEs in Intego antivirus for macOS, @kaluche_ had to check the Windows version too.
Spoiler: it was vulnerable.
Here's the full write up of a symlink attack to achieve Local Privilege Escalation๐
https://blog.quarkslab.com/milking-the-last-drop-of-intego-time-for-windows-to-get-its-lpe.html
Spoiler: it was vulnerable.
Here's the full write up of a symlink attack to achieve Local Privilege Escalation๐
https://blog.quarkslab.com/milking-the-last-drop-of-intego-time-for-windows-to-get-its-lpe.html
Tired of reversing the same libc for the 100th time? ๐
Meet SightHouse, our open-source tool that automatically detects third-party library functions in binaries.
High-confidence function mapping. Works with any disassembler. By @madsquirrel & Sami.
๐ https://blog.quarkslab.com/sighthouse-automated-function-identification.html
