Exploiting Microsoft Teams on macOS during a Purple Team engagement The following article explains how during a Purple Team engagement... 2024-10-8 06:0:0 | 阅读: 18 | 收藏 | Quarkslab's blog - blog.quarkslab.com microsoft library nslog security

Differential fuzzing for cryptography Following a brief introduction to differential fuzzing, this blog... 2024-10-3 06:0:0 | 阅读: 15 | 收藏 | Quarkslab's blog - blog.quarkslab.com pelican fuzzer cryptofuzz textrm

crypto-condor: a test suite for cryptographic primitives In this blog post we present crypto-condor, an open-source test su... 2024-9-24 06:0:0 | 阅读: 60 | 收藏 | Quarkslab's blog - blog.quarkslab.com condor primitives digest testu01 hashlib

Exploiting Chamilo during a Red Team engagement The following blogpost explains how during a Red Team engagement w... 2024-9-17 06:0:0 | 阅读: 16 | 收藏 | Quarkslab's blog - blog.quarkslab.com php chamilo 58080 attacker

Audit of Operator Fabric Quarkslab was mandated by the O... 2024-9-4 06:0:0 | 阅读: 14 | 收藏 | Quarkslab's blog - blog.quarkslab.com quarkslab security fabric developers

Audit of Airswift's Supply Chain Financing Drawing from our audit of Airswift's SCF, we discuss part of Sorob... 2024-8-27 06:0:0 | 阅读: 28 | 收藏 | Quarkslab's blog - blog.quarkslab.com scf argentina soroban airswift pledge

MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors We studied the most secure stat... 2024-8-20 06:0:0 | 阅读: 23 | 收藏 | Quarkslab's blog - blog.quarkslab.com fm11rf08s mifare annexes fudan hardware

Heap exploitation, glibc internals and nifty tricks. This is a writeup of a heap pwn challenge at HitconCTF Qualifiers... 2024-7-30 06:0:0 | 阅读: 19 | 收藏 | Quarkslab's blog - blog.quarkslab.com bins unsorted allocator username memory

Audit of Cloud Native Buildpacks IntroductionThe Cloud Native Buildpacks (also kn... 2024-7-16 06:0:0 | 阅读: 18 | 收藏 | Quarkslab's blog - blog.quarkslab.com cloud security buildpacks quarkslab

Let’s Go into the rabbit hole (part 3) — the challenges of dynamically hooking Golang programs Golang is the most used programming language for developing cloud... 2024-7-9 06:0:0 | 阅读: 17 | 收藏 | Quarkslab's blog - blog.quarkslab.com library cgocall memory

Looking for vulnerabilities in Strapi (CVE-2024-34065) Discovery of two vulnerabilitie... 2024-6-25 06:0:0 | 阅读: 28 | 收藏 | Quarkslab's blog - blog.quarkslab.com strapi grantconfig microsoft

Recovering an ECU firmware using disassembler and branches This blogpost explains how we recovered the firmware of a fleet-sh... 2024-6-18 06:0:0 | 阅读: 15 | 收藏 | Quarkslab's blog - blog.quarkslab.com clusters sectors fat emmc instr

Let’s Go into the rabbit hole (part 2) — the challenges of dynamically hooking Golang programs Golang is the most used programming language for developing cloud... 2024-6-11 06:0:0 | 阅读: 15 | 收藏 | Quarkslab's blog - blog.quarkslab.com addgo b001 packagefile cfunc

How malware authors play with the LNK file format We did a quick study on the most common ways to deliver malware th... 2024-5-30 06:0:0 | 阅读: 22 | 收藏 | Quarkslab's blog - blog.quarkslab.com itemid windows itu shortcut

Audit of Kuksa, the open-source shared building blocks for Software Defined Vehicles Eclipse KUKSA's committers, with support from Eclipse Foundation,... 2024-5-21 06:0:0 | 阅读: 15 | 收藏 | Quarkslab's blog - blog.quarkslab.com databroker kuksa eclipse quarkslab protobuf

Audit of Allbridge Estrela Allbridge, with support from th... 2024-5-7 06:0:0 | 阅读: 18 | 收藏 | Quarkslab's blog - blog.quarkslab.com allbridge soroban stablecoins stellar security

Emulating RH850 architecture with Unicorn Engine Analyzing an automotive ECU firmware is sometimes quite challengin... 2024-4-30 06:0:0 | 阅读: 22 | 收藏 | Quarkslab's blog - blog.quarkslab.com tcg rh850 memory unicorn i32

Non-Compliant, So What? In cryptography audits, we often find vulnerabilities labeled as l... 2024-4-25 06:0:0 | 阅读: 22 | 收藏 | Quarkslab's blog - blog.quarkslab.com security primitives attacker

Hydradancer: Faster USB Emulation for Facedancer read file error: read notes: is a directory... 2024-4-18 06:0:0 | 阅读: 54 | 收藏 | Quarkslab's blog - blog.quarkslab.com hydradancer facedancer usb2 usb3 hydrausb3

Passbolt: a bold use of HaveIBeenPwned Passbolt, an Open Source Password Manager, is using the Pwned Pass... 2024-4-17 06:0:0 | 阅读: 35 | 收藏 | Quarkslab's blog - blog.quarkslab.com pelican passwords passbolt partial textrm