Profile avatar
quarkslab.bsky.social
Securing every bit of your data https://quarkslab.com
19 posts 227 followers 1 following
Regular Contributor
Posts 21 Comments 0

Good morning Singapore! The amazing Off by One Conference 2025 starts today. If you are attending don't miss Fred Raynal's (our fearless CEO) keynote at 9:35am: "Spyware for rent & the world of offensive cyber" The full agenda is available here: offbyone.sg/agenda

submitted 21 days ago • 0 comments

Quarkslab was glad to sponsor the Real World Cryptography Paris Meetup 4 hosted by @Ledger last night. Julio Loayza Meneses talked about crypto-condor, our open source tool to test cryptography implementations. You can learn more about it here: quarkslab.github.io/crypto-condo...

submitted 28 days ago • 0 comments

Look at those cute little blobs in your internal network. They look harmless, but how about the one carrying SOCKS? It's ProxyBlob, a reverse proxy over Azure. Check out Alexandre Nesic's article on how it came to exist after an assumed breach mission ⤵️ 👉 blog.quarkslab.com/proxyblobing...

submitted 29 days ago • 0 comments

While casually reading Moodle's code Mathieu Farrell found a SSRF bug exploitable by any authenticated user. Fun twist? This vuln matches exactly the example Orange Tsai presented at Black Hat 2017. Real life imitates conference slides 😅 Details here: blog.quarkslab.com/auditing-moo...

submitted 36 days ago • 0 comments

We are so excited to announce the publication of our audit of PHP core! This work was made possible through a collaboration between OSTIF, @thephpf.bsky.social, and @quarkslab.bsky.social with funding provided by @sovereign.tech. For the report and further links, check out ostif.org/php-audit-co...

submitted 48 days ago • 0 comments

We are pleased to announce the completion of security audit of PHP core! Executed by @quarkslab.bsky.social in partnership with @ostifofficial.bsky.social and commissioned by the @sovereign.tech. Learn more: thephp.foundation/blog/2025/04...

submitted 48 days ago • 0 comments

Quarkslab audited PHP-SRC, the open source interpreter of PHP. The security audit, sponsored by @ostifofficial.bsky.social with funding from @sovereign.tech, aimed at strengthening the project's security ahead of the upcoming PHP 8.4 release. Here's what we found: blog.quarkslab.com/security-aud...

submitted 48 days ago • 0 comments

There is a small bug in the signature verification of OTA packages in the Android Open Source Framework. Official builds doing normal double verification of packages are not vulnerable but OEMs and third party apps may be. Jérémy Jourdois explains it here: blog.quarkslab.com/aosp_ota_sig...

submitted 50 days ago • 0 comments

New GUI or root access? Choose wisely! Exploiting a Local Privilege Escalation vulnerability in CCleaner version 1 for MacOS, by @Coiffeur0x90 blog.quarkslab.com/ccleaner_lpe...

submitted 64 days ago • 0 comments

Next week at the Hack The Box 0x4d meetup in Lille, France @rayanle.cat will talk about PwnShop, the challenge he prepared for the PwnMe CTF 2025 and how he accidentally discovered a RCE 0day while doing so. Join him next Monday at Campus Cyber Hauts-the-France: www.meetup.com/hack-the-box...

submitted 64 days ago • 0 comments

The Fifth Element: Using Quarkslab's cryptographic test suite to find bugs in the reference implementation of HQC, the latest algorithm added to the NIST PQC standard. Here Célian Glénaz, Dahmun Goudarzi and Julio Loayza Meneses tell you how they did it: blog.quarkslab.com/finding-bugs...

submitted 68 days ago • 0 comments

The Open Platform Communications Unified Architecture (OPC UA) is an open standard for industrial systems. In 2024 we worked with @anssi-fr.bsky.social to develop fuzzysully, an OPC UA fuzzer. Today we are glad to announce that this tool is now open source: github.com/ANSSI-FR/fuz...

submitted 68 days ago • 0 comments

From classic HTML pages to advanced MFA bypasses, dive in with @atsika.bsky.social in an exploration of phishing techniques 🎣. Learn some infrastructure tricks and delivery methods to bypass common detection. 👉 blog.quarkslab.com/technical-di... (promise this one is legit 👀)

submitted 78 days ago • 0 comments

We completed our 2nd audit of Allbrige's Estrela, a decentralized exchange built on the Soroban platform. Our audit was focused on the 3-token pool implementation and no critical vulnerabilities were found. The summary and full report can be read here blog.quarkslab.com/audit-of-all...

submitted 89 days ago • 0 comments

ICYMI: 5 vulnerabilities in SOPlanning, an open source project management application used by major consulting services providers. In part 2 of "Pwn Everything, Bounce Everywhere, all at once" Mathieu Farrell tells you how to chain them for unautheticated RCE blog.quarkslab.com/pwn-everythi...

submitted 91 days ago • 0 comments

A Plan to Pwn: Reviving a 17 year old bug or winning a race against Project Management? We've got both. Mathieu Farrell shows you how in the "Pwn Everything, Bounce Everywhere, all at once" blog post series. blog.quarkslab.com/pwn-everythi...

submitted 92 days ago • 0 comments

Unrestrict the restricted mode for USB on iPhone. A first analysis @citizenlab.ca #CVE-2025-24200 👉 blog.quarkslab.com/first-analys...

submitted 103 days ago • 0 comments

AMD published Security Bulletin AMD-SB-7027 addressing CVE-2024-0179 and CVE-2024-21925, the two UEFI SMM vulnerabilities disclosed in our blog post. Data center, desktop, mobile and embedded processors products are affected: www.amd.com/en/resources...

submitted 104 days ago • 0 comments

Good tools are made of bugs: How to monitor your Steam Deck with one byte. Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming. A Christmas gift in February, brought to you by the amazing Gwaby 🫶 blog.quarkslab.com/being-overlo...

submitted 106 days ago • 1 comment

Another audit finalized with @ostifofficial.bsky.social and CNCF! 🔍 Quarkslab reviewed Notary Project’s new cryptographic features — timestamping & certificate revocation — identifying 11 issues, including 2 CVEs! 📖 Read more in our blog post: blog.quarkslab.com/security-aud...

submitted 126 days ago • 0 comments

こんにちは Tokyo! "Of all things, I liked bugs best." ― Nikola Tesla Quarkslab is happy to participate in Pwn2Own Automotive and tomorrow we will try to demonstrate a RCE on an Electric Vehicle Charger on stage. Nikola enlight us, Murphy stay home! www.zerodayinitiative.com/blog/2025/1/...

submitted 127 days ago • 0 comments