Obscure Element: Reverse engineering Xiaomi's MJA1 secure chip.
Mengsi Wu's journey starts here:
https://blog.quarkslab.com/black-box-probing-a-security-analysis-of-xiaomis-mja1-secure-chip.html
| website | https://quarkslab.com |
| location | Paris, France |
quarkslab
- 445 Followers
- 0 Following
- 126 Posts
Securing every bit of your data
BOLT is a static analysis tool, part of the LLVM compiler infrastructure, used to verify that compiler security hardening options have been applied on a binary.
Thanks to @ostifofficial we've worked since November 2025 to improve it. Check our progress here:
Extending LLVM's BOLT-based Binary Analyser to Validate Stack Variable Initialisation - Quarkslab's blog
The Open Source Technology Improvement Fund (OSTIF) commissioned Quarkslab to extend the BOLT-based static binary analyser in LLVM to support additional compiler flags for security hardening. This work resulted in the first iteration of a scanner for validating the implementation of -ftrivial-auto-var-init.
From prompt 😃to pwned 😢:
Implementing an LLM in your org? Useful.
Trusting its output? That's how a low-priv user became admin.
Ship the feature, don't extend it your trust.
https://blog.quarkslab.com/from-prompt-to-pwned-chaining-llm-and-web-bugs-to-admin.html
Practical Android Software Protection in the Wild: An Appetizer
In which @farenain analyzes 2.5 million Android apps to identify and classify the obfuscators, packers and code protectors they use:
https://blog.quarkslab.com/practical-android-software-protection-in-the-wild-an-appetizer.html
What happens when reverse engineers spend weeks digging into a Scala 3 codebase?
🔍 From code review to fuzzing, our assessment helped strengthen Scala's security and identify areas for improvement.
We're happy to share the results of our audit, conducted in collaboration with @ostifofficial
Scala Security Audit - Quarkslab's blog
The Scala team has partnered with the Open Source Technology Improvement Fund (OSTIF) to conduct its first security audit. This initiative aims to identify potential vulnerabilities through static and dynamic analysis and provide greater confidence in Scala. The security audit conducted by Quarkslab is particularly focused on Scala 3.
Did you hear about Optical Line Terminals? ISPs rely on them to build their service networks, but what if they are vulnerable?
Here @coiffeur0x90 shows how attackers could compromise entire ISPs by exploiting them and cloud-based fleet management software
https://blog.quarkslab.com/how-olts-may-have-exposed-entire-isp-networks.html
Here @coiffeur0x90 shows how attackers could compromise entire ISPs by exploiting them and cloud-based fleet management software
https://blog.quarkslab.com/how-olts-may-have-exposed-entire-isp-networks.html
A hands-on look at Microsoft’s Independent Guest Virtual Machine (IGVM) format inside OpenHCL’s `openhcl.bin`.
We unpack the fixed header, variable headers, data layout, and how IGVM measurement supports Confidential Computing with SEV-SNP and TDX.
The IGVM File Format - Quarkslab's blog
This article presents the structure of the Independent Guest Virtual Machine (IGVM) file format, a binary file designed to define and securely launch the initial state of a virtual machine. It bundles all necessary components such as the BIOS/OVMF, kernel, and initial ramdisk, into a single file. We'll focus on a concrete example to understand the main structure of the file format.
Paramiko is a pure-Python implementation of SSHv2. Recently, we worked with the Paramiko team on a security audit sponsored by @ostifofficial 🙏
Read a summary of our findings and find the full report here:
https://blog.quarkslab.com/paramiko-security-audit.html
Read a summary of our findings and find the full report here:
https://blog.quarkslab.com/paramiko-security-audit.html
Paramiko Security Audit - Quarkslab's blog
The OSTIF collaborated with Quarkslab to conduct a security audit of Paramiko, a pure-Python implementation of SSHv2 that provides both client- and server-side functionality. Given the sensitivity and importance of the target, the review focused not only on Paramiko itself but also on its dependencies. The assessment covered its interaction with rust-openssl bindings, the use of secure entropy sources, adherence to constant-time requirements, as well as code quality, testing practices, and the CI/CD pipeline, with the goal of identifying opportunities for further hardening.
Do you know how Entra ID applications work?
What about the security mess they can bring and what they can quietly break?
New blog post on Entra ID application permissions, the audit nightmare they create, and QAZPT, the open-source tool we built to actually make sense of it.
Obfuscation vs The Optimizer: A Battle in LLVM Middle End.
@yates82 shows us how the continuous improvement of the LLVM optimizer defeats naive code obfuscation, and how the obfuscator can fight back.
An eternal fight in which all victories are ephemeral
https://blog.quarkslab.com/obfuscation-vs-the-optimizer-an-llvm-middle-end-arms-race.html
