🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Chamilo is an open source e-Learning platform written in PHP and used worldwide. During a red team engagement Quarkslab's engineer Mathieu Farrell learned how to exploit it for Remote Code Execution. Now you can too: blog.quarkslab.com/exploiting-cha…

Dive into crypto-condor, our open-source test suite for cryptographic primitives by Julio Loayza Meneses! Perfect for ensuring compliance & correctness in your implementations. Let's secure your cryptography together! blog.quarkslab.com/crypto-condor-… #cryptography

The Cryptodifference Engine: An in-depth look at differential fuzzing for harvesting crypto bugs, by Célian Glénaz blog.quarkslab.com/differential-f…

Mathieu Farrell (@coiffeur0x90) discovered a dylib injection vulnerability in Microsoft Teams on MacOS. The bug allows an attacker to secretly spy on users through their microphone and camera. Here he explains how he identified and exploited it: blog.quarkslab.com/exploiting-mic…

Don't you miss the golden era of SQL injections? Here Mathieu Farrell (@coiffeur0x90) explains how to feel the thrill again with the aid of Apache Superset, XML and a bit of parsing tickery: "Bypass Apache Superset restrictions to perform SQL injections" blog.quarkslab.com/bypass-apache-…

We are proud to sponsor the 1st edition of the HackHer Challenge, a CTF competition dedicated to female students and professionals, with the mission of promoting diversity. This Saturday October 19th 10:00 to 18:00 Details and registration here: hackher-challenge.com

Linux kernel instrumentation from Qemu and gdb: A technique to analyze binaries or kernel modules that may try to monitor themselves. In this blog post Professor Forgette Benoît explains the trick blog.quarkslab.com/linux-kernel-i…

Our 2024-2025 internships season has started Check out the 3 new openings and apply for fun and knowledge! (paid internships, fur coats not included) blog.quarkslab.com/internship-off…

Are you ready to brainstorm at #hw_ioNL2024? Organized by quarkslab, Hardware CTF is your chance to test your knowledge, learn from fellow enthusiasts, and win amazing prices! RFID 📡 Bluetooth 📶 Automotive 🚗 3D 🖨️ (De)Soldering🔥 Radio 📻 Know More: hardwear.io/netherlands-20…

Sacre BLE! Fuzzing Bluetooth Low Energy GATT and annoying your colleagues for fun and silence Let Baptiste Boyer show you the way blog.quarkslab.com/bluetooth-low-…

En route pour Rain (Rennes comme ils disent en Bretagne). Je viens de trouver cette blague et je rigole bêtement dans le tgv …

Good tools are made of bugs: How to monitor your Steam Deck with one byte. Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming . A Christmas gift in February, brought to you by the amazing Gwaby 🫶 blog.quarkslab.com/being-overlord…

Unrestrict the restricted mode for USB on iPhone. A first analysis The Citizen Lab #CVE-2025-24200 👉 blog.quarkslab.com/first-analysis…

A Plan to Pwn: Reviving a 17 year old bug or winning a race against Project Management? We've got both. Mathieu Farrell (@coiffeur0x90 ) shows you how in the "Pwn Everything, Bounce Everywhere, all at once" blog post series. blog.quarkslab.com/pwn-everything…

ICYMI: 5 vulns in SOPlanning, an open source project management application used by major consulting services providers. In part 2 of "Pwn Everything, Bounce Everywhere, all at once" @coiffeur0x90 tells you how to chain them for unautheticated RCE blog.quarkslab.com/pwn-everything…

There is a small bug in the signature verification of OTA packages in the Android Open Source Framework. Official builds doing normal double verification of packages are not vulnerable but OEMs and third party apps may be. Jérémy Jourdois explains it here: blog.quarkslab.com/aosp_ota_signa…

Quarkslab audited PHP-SRC, the open source interpreter of PHP. The security audit, sponsored by OSTIF Official with funding from Sovereign Tech Agency, aimed at strengthening the project's security ahead of the upcoming PHP 8.4 release. Here is what we found: blog.quarkslab.com/security-audit…

Quarkslab was glad to sponsor the Real World Cryptography Paris Meetup 4 hosted by Ledger last night. Julio Loayza Meneses talked about crypto-condor, our open source tool to test cryptography implementations. You can learn more about it here: quarkslab.github.io/crypto-condor/…

Good morning Singapore! The amazing Off by One conference (Off-By-One Conference) starts today. If you are attending don't miss pappy's (our fearless CEO) keynote at 9:35am: "Spyware for rent & the world of offensive cyber" The full agenda is available here: offbyone.sg/agenda

Are you a cyber professional, or a future one, coming to #sstic2025 next week? Come to ✨WomenATsstic✨, an informal and unofficial friendly meetup on Wednesday, June 4th at 6 pm. We will reserve a bar/café near the Halle Martenot. Register here: framadate.org/hH2t9FcRtgEGmT…