Quarkslab Publications
Conference Papers / Presentations
2023
- Emulation de périphérique USB-ETH pour l’audit IoT/Automotive 🖥️ BarbHack'23
- Introduction au CarHacking Comment construire sa “Car-in-a-box” 🖥️ BarbHack'23
- Map your Firmware! 🖥️📽️ PTS'23
- For Science! - Using an Unimpressive Bug in EDK II To Do Some Fun Exploitation 🖥️📽️ PTS'23
- Vulnerabilities in the TPM 2.0 reference implementation code 🖥️📽️ PTS'23
- Parasitizing servers for fun and profit 🖥️ Le HACK'23
- Vulnerabilities in the TPM 2.0 Reference Implementation Code 🖥️ Troopers'23
- Google Apps Script 🖥️ ESE'23
- Who evaluates the evaluators ? 🖥️ WRACH'23
- Dissecting the Modern Android Data Encryption Scheme 🖥️ Recon'23
- Trace-based approach to compiler debugging 🖥️ GDR GPL National Days'23
- Exploring OpenSSL Engines to Smash Cryptography 🖥️📜📽️ SSTIC'23
- peetch: an eBPF based Networking Tool 🖥️📽️ SSTIC'23
- Rétro-ingénierie et détournement de piles protocolaires embarquées 🖥️📜📽️ SSTIC'23
- ESPwn32: Hacking with ESP32 System-on-Chips 🖥️📜 WOOT'23
- Emulating RH850 for fun and vulnerability research 🖥️ QPSS2023
- PASTIS - A Collaborative Approach to Combine Heterogeneous Software Testing Techniques 🖥️ 📜 SBTF2023
- For Science! - Using an Unimpressive Bug in EDK II To Do Some Fun Exploitation 🖥️📽️ StHack'23
- Trying to break randomness with statistics in less than 5minutes 🖥️ StHack'23
- Reflections on Supply chain security 🖥️ CERT Vendor Conference'23
- Weaponizing ESP32 RF Stacks 🖥️📽️ THCon'23
- Whatever Pown2own 🖥️ Insomni'hack'23
- Traceability of the compilation process 🖥️ CLAP-HiFi-LVP'23
2022
- Attack on Titan M 🖥️📽️ Troopers'22
- Attack on Titan M, Reloaded 🖥️📽️ BlackHatUS'22
- Attack on Titan M, Reloaded 🖥️📽️ Ekoparty'22
- kdigger - A Context Discovery Tool for Kubernetes Penetration Testing 🖥️ BlackHatAsia'22
- Building a Commit-level Dataset of Real-World Vulnerabilities 🖥️📽️ CODASPY'22
- When eBPF meets TLS 🖥️ CanSecWest'22
- Quokka - A Fast and Accurate Binary Exporter 🖥️📽️ GreHack'22
- A journey of fuzzing Nvidia graphic driver leading to LPE exploitation 🖥️📽️ Hexacon'22
- Symbolic Execution the Swiss-Knife of the Reverse Engineering Toolbox 🖥️📽️ KleeWorkshop'22
- From Offensive to Defensive Security 🖥️ Les Assises'22
- TPM is not the holy way 🖥️📽️📜 SSTIC'22
- Binbloom v2 - Ceci est une (r)evolution 🖥️📽️ SSTIC'22
- Mattermost End-to-End Encryption Plugin 🖥️📽️ PTS'22
- Binbloom Reloaded 🖥️📽️ PTS'22
- kdigger - Kubernetes focused container assessment and context discovery tool for penetration testing 🖥️📽️ PTS'22
2021
- From source code to crash test-cases through software testing automation 🖥️ C&ESAR'22
- Wookey: Episode VII - The Force Awakens 🖥️📽️ GreHack'21
- EEPROM - It will all End in Tears (EN) 🖥️📽️ Hardwear.io NL'21
- EEPROM - It Will All End in Tears (FR) 🖥️📽️📜 SSTIC'21
- Meet Piotr, a firmware emulation tool for trainers and researchers 🖥️📽️ PTS'21
- Reversing And Fuzzing The Google Titan M Chip 🖥️ ROOTS'21
- QBDL - QuarkslaB Dynamic Loader 🖥️📽️ SSTIC'21
- Mining AOSP Dependency Graph for Security 🖥️📽️📜 SSTIC'21
- 2021: A Titan M Odyssey 🖥️📽️📜 BlackHatEU'21
2020
- QSynth - A Program Synthesis approach for Binary Code Deobfuscation 🖥️ BAR'20
- Collision-Based Attacks Against Whiteboxes with QBDI 🖥️ BarbHack'20
- Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation 🖥️📽️📜 BlackHat Asia'20
- Why are Frida and QBDI a Great Blend on Android? 🖥️📽️ PTS'20
- Fuzz and Profit with WHVP 🖥️📽️📜 SSTIC'20
2019
- Old New Things: An examination of the Philips TriMedia architecture 🖥️📽️ Troopers'19
- Grey-box attacks, four years later 🖥️ WhibOx'19
2018
- QBDI - Implementing an LLVM based Dynamic Binary Instrumentation framework 🖥️📽️ 34C3'18
- Automatizing vulnerability research 🖥️ CISCO'18
- Symbolic deobfuscation: from virtualized code back to the original 🖥️ DIMVA'18
- Vulnerability Research - What It Takes to Keep Going and Going and Going 🖥️ HITB'18
- Static instrumentation based on executable file formats 🖥️📽️ PTS'18
- Static instrumentation based on executable file formats 🖥️ Recon'18
- Attacking Serial Flash Chip: Case Study of a Black Box 📜📽️ SSTIC'18
2017
- LIEF: Library to Instrument Executable Formats 🖥️📽️ RMLL'17
- Playing with Binary Analysis: Deobfuscation of VM based software protection / Desobfuscation binaire : Reconstruction de fonctions virtualisées 🖥️📽️📜 SSTIC'17
2016
- Design de cryptographie white-box : et a la fin, c'est Kerckhoffs qui gagne 🖥️📽️📜 SSTIC'16
- Dynamic Binary Analysis and Obfuscated Codes 🖥️ StHack'16
- How Triton can help to reverse virtual machine based software protections 🖥️ CSAW'16
2015
- Some technical & scientific challenges I'd like to have working solutions for 🖥️ SAS'15
- Triton: Concolic Execution Framework 🖥️, Fr SSTIC'15
- Dynamic Binary Analysis and Instrumentation Covering a function using a DSE approach 🖥️ SecurityDay'15 -- Dynamic Binary Analysis and Instrumentation Covering a function using a DSE approach 🖥️ StHack'15
2013
- UEFI and Dreamboot 🖥️ SSTIC'13
2012
Hardware CTFs
- First Edition
- Second Edition
- Third Edition
- Fourth Edition
- Fifth Edition