quarkslab
@quarkslab
Securing every bit of your data https://bsky.app/profile/quarkslab.bsky.social https://infosec.exchange/@quarkslab
🚀Ever heard of ControlPlane, software to help you automate tasks on macOS? Turns out, it might also help you become root. Oops! 😱@coiffeur0x90 found a Local Privilege Escalation vulnerability. Read before someone automates your admin rights 👉blog.quarkslab.com/controlplane_l…
You finally pwned the Holy Confluence server. What now? Create a user? Reset a password? 🚨Best way to trigger an alert What if you craft your own Personal Access Token 🔑 for the Admin account? Find out how in this blog post by Quarkslab's Red Teamer YV blog.quarkslab.com/a-story-about-…
leHack (@_leHACK_ ) starts tomorrow at the Cité des Sciences et de l’Industrie in Paris. We will be there to meet with peers and friends. 3 talks, a cool challenge and our famous Car in a Box to play with. Come and say hi at booth 20. Full program here: lehack.org
Are you a network protocol reverse engineer? Tired of writing Wireshark plugins in memory unsafe or esoteric languages named after celestial objects? Now you can do it in a few lines of Go, Python or Rust with Wirego. Benoit Girard explains how here: blog.quarkslab.com/getting-starte…
🇬🇧 Proud to welcome Platinium Sponsor ⚪ @Quarkslab! Cyber R&D experts turning advanced security research into real-world solutions for critical industries. Meet their team at #lehACK! 🔗 quarkslab.com #Sponsors
Attention ✨WomenAtSSTIC✨ We meet at 18:00 today at L'Equinoxe: 3 Place des Lices, 35000 Rennes See you there! #sstic2025
Are you a cyber professional, or a future one, coming to #sstic2025 next week? Come to ✨WomenATsstic✨, an informal and unofficial friendly meetup on Wednesday, June 4th at 6 pm. We will reserve a bar/café near the Halle Martenot. Register here: framadate.org/hH2t9FcRtgEGmT…
Are you a cyber professional, or a future one, coming to #sstic2025 next week? Come to ✨WomenATsstic✨, an informal and unofficial friendly meetup on Wednesday, June 4th at 6 pm. We will reserve a bar/café near the Halle Martenot. Register here: framadate.org/hH2t9FcRtgEGmT…
@fredraynal from @quarkslab, our keynote speaker marks the start of 2nd edition of @offbyoneconf with his highly anticipated presentation 𝐒𝐩𝐲𝐰𝐚𝐫𝐞 𝐟𝐨𝐫 𝐫𝐞𝐧𝐭 & 𝐭𝐡𝐞 𝐰𝐨𝐫𝐥𝐝 𝐨𝐟 𝐨𝐟𝐟𝐞𝐧𝐬𝐢𝐯𝐞 𝐜𝐲𝐛𝐞𝐫! @offbyoneconf go! 🚀
@philipp0x90 from @quarkslab in action! After a game of hide and seek, we now 𝐒.𝐇.𝐈.𝐄.𝐋.𝐃: 𝐒𝐜𝐮𝐝𝐨 𝐇𝐞𝐚𝐩 𝐈𝐦𝐩𝐥𝐞𝐦𝐞𝐧𝐭𝐚𝐭𝐢𝐨𝐧 𝐄𝐱𝐩𝐥𝐨𝐢𝐭𝐬, 𝐋𝐞𝐚𝐤𝐬, 𝐚𝐧𝐝 𝐃𝐞𝐟𝐞𝐧𝐬𝐞𝐬 at @offbyoneconf 2025!
Good morning Singapore! The amazing Off by One conference (@offbyoneconf) starts today. If you are attending don't miss @fredraynal's (our fearless CEO) keynote at 9:35am: "Spyware for rent & the world of offensive cyber" The full agenda is available here: offbyone.sg/agenda
Tom Mansion (@philipp0x90) is a junior security researcher from @quarkslab. He is zealous over CTFs, and enjoys heap exploitation. Tom discusses Scudo's mechanisms, its security principles, exploitation techniques... and what's next! More info: linkedin.com/posts/off-by-o…
Quarkslab was glad to sponsor the Real World Cryptography Paris Meetup 4 hosted by @Ledger last night. Julio Loayza Meneses talked about crypto-condor, our open source tool to test cryptography implementations. You can learn more about it here: quarkslab.github.io/crypto-condor/…
Look at those cute little blobs in your internal network. They look harmless, but how about the one carrying SOCKS? It's ProxyBlob, a reverse proxy over Azure. Check out @_atsika's article on how it came to exist after an assumed breach mission ⤵️ 👉 blog.quarkslab.com/proxyblobing-i…
While casually reading Moodle's code @coiffeur0x90 found a SSRF bug exploitable by any authenticated user. Fun twist? This vuln matches exactly the example @orange_8361 presented at Black Hat 2017. Real life imitates conference slides 😅 Details here: blog.quarkslab.com/auditing-moodl…
We are so excited to announce the publication of our audit of PHP core! This work was a collaboration between our organization, @ThePHPF, and @quarkslab, with funding provided by the @sovtechagency. For the report, high points, and further links ostif.org/php-audit-comp…
We are pleased to announce the completion of security audit of PHP core! Executed by @quarkslab in partnership with @OSTIFofficial and commissioned by the @sovtechagency. Learn more: thephp.foundation/blog/2025/04/1…
Quarkslab audited PHP-SRC, the open source interpreter of PHP. The security audit, sponsored by @OSTIFofficial with funding from @sovtechagency, aimed at strengthening the project's security ahead of the upcoming PHP 8.4 release. Here is what we found: blog.quarkslab.com/security-audit…
There is a small bug in the signature verification of OTA packages in the Android Open Source Framework. Official builds doing normal double verification of packages are not vulnerable but OEMs and third party apps may be. Jérémy Jourdois explains it here: blog.quarkslab.com/aosp_ota_signa…
New GUI or root access? Choose wisely! Exploiting a Local Privilege Escalation vulnerability in CCleaner version 1 for MacOS, by @Coiffeur0x90 blog.quarkslab.com/ccleaner_lpe_m…
Next week at the Hack The Box meetup in Lille, France @rayanlecat will talk about PwnShop, the challenge he prepared for the @pwnmectf and how he accidentally discovered a RCE 0day while doing so. Join him next Monday at Campus Cyber Hauts-the-France: meetup.com/hack-the-box-m…
