conf presentations Download - conf presentations Source code download

conf presentations

Other categories

1.0.0

Download

Quarkslab Lectures at Conferences and Seminars

2024

2024-12: Identifying Obfuscated Code through Graph-Based Semantic Analysis of Binary Code at Complex Networks 2024
2024-12: Invited talk: MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors at COSIC Seminar, KUL
2024-12: Faster Signatures from MPC-in-the-Head at Asiacrypt 2024
2024-11: Invited talk: MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoors at C&ESAR 2024 by DGA
2024-11: Improving binary diffing through similarity and matching intricacies at CAID: Conference on Artificial Intelligence for Defense
2024-11: Invited talk: MIFARE Classic: exposing the static encrypted nonce variant at Grehack 2024
2024-10: Bluetooth Low Energy GATT Fuzzing: from specification to implementation at Hardwear.io NL 2024
2024-10: MIFARE Classic: exposing the static encrypted nonce variant at Hardwear.io NL 2024
2024-10: Spyware for Rent at Les Assises 2024
2024-08: De 'branch' en 'branch' : récupération d'un FW d'ECU sur une mémoire FAT 'nettoyée' at Barbhack 2024
2024-08: One for all and all for WHAD: wireless shenanigans made easy ! at DEF CON 32
2024-08: Attacking Samsung Galaxy A * Boot Chain, and Beyond at Black Hat USA 2024
2024-07: Prism, a light BEAM disassembler at LeHack 2024
2024-07: Analysing malicious documents and files with oletools at Pass the SALT 2024
2024-07: Rump: Passbolt: a bold use of HaveIBeenPwned at Pass the SALT 2024
2024-07: Rump: How to download large datasets of files using CommonCrawl at Pass the SALT 2024
2024-07: Hydradancer, using USB3 to improve USB hacking with Facedancer at Pass the SALT 2024
2024-07: Test your cryptographic primitives with crypto-condor at Pass the SALT 2024
2024-07: Prism, a light BEAM disassembler at Pass the SALT 2024
2024-06: Attacking the Samsung Galaxy Boot Chain at Off-by-One 2024
2024-06: Belenios: the Certification Campaign at SSTIC 2024
2024-06: Tame the (q)emu: debug firmware on custom emulated board at SSTIC 2024
2024-06: PyAxml at SSTIC 2024
2024-06: When Samsung meets Mediatek: the story of a small bug chain at SSTIC 2024
2024-06: QBinDiff: A modular differ to enhance binary diffing and graph alignment at SSTIC 2024
2024-06: Testez vos primitives cryptographiques avec crypto-condor at SSTIC 2024
2024-05: Numbat/Pyrrha: Naviguez facilement dans les binaires de votre système at ESIEA Secure Edition 2024
2024-05: Finding low-hanging fruits vulnerabilities in a commercial antivirus at StHack 2024
2024-05: Attacking the Samsung Galaxy A * Boot Chain at OffensiveCon 2024
2024-04: PASTIS: Fuzzing tool competition at SBFT 2024
2024-03: Finding low-hanging fruits vulnerabilities in a commercial antivirus at HackSecuReims 2024
2024-03: How automatisation can improve firmware analysis? at Forum InCyber 2024
2024-03: Spyware for Rent at NullCon 2024
2024-01: FCSC Chaussette - A Triton showcase at Ambrosia 2024

2023

2023-11: Google Apps Script - this talk requires access to your e-mails at GreHack 2023
2023-11: Breaking Secure Boot on the Silicon Labs Gecko platform at Ekoparty 2023
2023-11: Breaking Secure Boot on the Silicon Labs Gecko platform at Hardwear.io NL 2023
2023-11: Dissecting the Modern Android Data Encryption Scheme at Hardwear.io NL 2023
2023-11: On the All UR are to be considered harmful for fun and profit is the new cool trick, hackers hate it. Redux. at Ekoparty 2023
2023-10: Intel SGX assessment methodology at Azure Confidential Computing 2023
2023-10: Pyrrha: navigate easily into your system binaries at Hack.lu 2023
2023-09: Fuzzing ntop at ntopconf 2023
2023-08: Introduction au CarHacking Comment construire sa “Car-in-a-box” workshop at Barbhack 2023
2023-08: Emulation de périphérique USB-ETH pour l'audit IoT/Automotive at Barbhack 2023
2023-07: Map your Firmware! at Pass the SALT 2023
2023-07: For Science! - Using an Unimpressive Bug in EDK II To Do Some Fun Exploitation at Pass the SALT 2023
2023-07: Vulnerabilities in the TPM 2.0 reference implementation code at Pass the SALT 2023
2023-06: Parasitizing servers for fun and profit at LeHack 2023
2023-06: Vulnerabilities in the TPM 2.0 Reference Implementation Code at Troopers 2023
2023-06: Google Apps Script at ESIEA Secure Edition 2023
2023-06: Who evaluates the evaluators ? at WRACH 2023
2023-06: Dissecting the Modern Android Data Encryption Scheme at Recon 2023
2023-06: Trace-based approach to compiler debugging at GDR GPL National Days 2023
2023-06: Exploring OpenSSL Engines to Smash Cryptography at SSTIC 2023
2023-06: peetch: an eBPF based Networking Tool at SSTIC 2023
2023-06: Rétro-ingénierie et détournement de piles protocolaires embarquées at SSTIC 2023
2023-05: ESPwn32: Hacking with ESP32 System-on-Chips at WOOT 2023
2023-05: Emulating RH850 for fun and vulnerability research at QPSS2023
2023-05: PASTIS - A Collaborative Approach to Combine Heterogeneous Software Testing Techniques at SBFT2023
2023-05: For Science! - Using an Unimpressive Bug in EDK II To Do Some Fun Exploitation at StHack 2023
2023-05: Trying to break randomness with statistics in less than 5minutes at StHack 2023
2023-04: Reflections on Supply chain security at CERT Vendor Conference 2023
2023-04: Weaponizing ESP32 RF Stacks at THCon 2023
2023-03: Whatever Pown2own at Insomni'hack 2023
2023-03: Traceability of the compilation process at CLAP-HiFi-LVP 2023

2022

2022-11: Attack on Titan M, Reloaded: Vulnerability Research on a Modern Security Chip at Ekoparty 2022
2022-11: kdigger at DefCon Paris meetup
2022-11: Quokka - A Fast and Accurate Binary Exporter at Grehack 2022
2022-10: From Offensive to Defensive Security at Les Assises 2022
2022-10: A journey of fuzzing Nvidia graphic driver leading to LPE exploitation at Hexacon 2022
2022-09: Symbolic Execution the Swiss-Knife of the Reverse Engineering Toolbox at KLEE Workshop 2022
2022-08: Attack on Titan M, Reloaded at Black Hat USA 2022
2022-07: kdigger - Kubernetes focused container assessment and context discovery tool for penetration testing at Pass the SALT 2022
2022-07: Binbloom Reloaded at Pass the SALT 2022
2022-07: Mattermost End-to-End Encryption Plugin at Pass the SALT 2022
2022-06: Attack on Titan M: Vulnerability Research on a Modern Security Chip at Troopers 2022
2022-06: So you hacked a WiFi router, and now what? at LeHack 2022
2022-06: Augmenter votre résistance aux malwares en recyclant vos vielles machines en stations blanches et plus si affinités at FIC 2022
2022-06: TPM is not the holy way at SSTIC 2022
2022-06: Binbloom v2 - Ceci est une (r)evolution at SSTIC 2022
2022-05: Hackers, Reprenez Le Contrôle Des Objets Connectés ! at Mixit 2022
2022-05: When eBPF meets TLS! at CanSecWest 2022
2022-05: kdigger - A Context Discovery Tool for Kubernetes Penetration Testing at Black Hat Asia 2022
2022-04: Can you park a car in a classroom? at Hardwear.io webinar
2022-04: Building a Commit-level Dataset of Real-World Vulnerabilities at CODASPY 2022

2021

2021-11: Wookey: Episode VII - The Force Awakens at GreHack 2021
2021-11: Windows kernel snapshot-based fuzzing: the good, the bad and the ugly at GreHack 2021
2021-11: Reversing And Fuzzing The Google Titan M Chip at ROOTS 2021
2021-11: From source code to crash test-cases through software testing automation at C&ESAR 2021
2021-11: 2021: A Titan M Odyssey at Black Hat Europe 2021
2021-10: EEPROM - It will all End in Tears (EN) at Hardwear.io NL 2021
2021-08: SSE and SSD : Page-Efficient Searchable Symmetric Encryption at CRYPTO 2021
2021-08: Greybox Program Synthesis: A New Approach to Attack Dataflow Obfuscation at Black Hat USA 2021
2021-07: Meet Piotr, a firmware emulation tool for trainers and researchers at Pass the SALT 2021
2021-06: Unlinkable and Invisible γ-Sanitizable Signatures at Applied Cryptography and Network Security ACNS 2021
2021-06: Exploitation du graphe de dépendance d'AOSP à des fins de sécurité at SSTIC 2021
2021-06: EEPROM - It Will All End in Tears at SSTIC 2021
2021-06: QBDL - QuarkslaB Dynamic Loader at SSTIC 2021

2020

2020-11: Towards an assymetric white-box proposal at Journées Codage & Cryptographie 2020
2020-11: Participation au panel “RFID Hacking” at PACSEC 2020
2020-10: Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation at Black Hat Asia 2020
2020-09: Anomalie de sécurité sur une JCard EAL6+ en marge d'1 CSPN inter-CESTI at webinaire de l'OSSIR
2020-08: Collision-Based Attacks Against Whiteboxes with QBDI at Barbhack 2020
2020-07: Building Whiteboxes: attacks and defenses at Hardwear.io webinar
2020-06: Why are Frida and QBDI a Great Blend on Android? at Pass the SALT 2020
2020-06: Reverse engineering raw firmware: a tool to get you started at Hardwear.io webinar
2020-06: Inter-CESTI: Methodological and Technical Feedbacks on Hardware Devices Evaluations at SSTIC 2020
2020-06: Fuzz and Profit with WHVP at SSTIC 2020
2020-02: QSynth - A Program Synthesis approach for Binary Code Deobfuscation at Binary Analysis Research (BAR) Workshop 2020
2020-02: Self-hosted server backups for the paranoid at FOSDEM 2020

2019

2019-11: Cryptographie et attaques matérielles : Application à la cryptographie en boîte blanche at GeeksAnonymes, ULiège
2019-11: Epona and the Obfuscation Paradox: Transparent for Users and Developers, a Pain for Reverser at SPRO 2019
2019-09: When C++ Zero-Cost Abstraction Fails: how-to Fix Your Compiler at CppCon 2019
2019-08: Breaking Samsung's ARM TrustZone at Black Hat USA 2019
2019-06: IDArling, la première plateforme de rencontre entre reversers at SSTIC 2019
2019-05: Grey-box attacks, four years later at WhibOx 2019
2019-05: DKOM 3.0: Hiding and Hooking with Windows Extension Hosts at Infiltrate 2019
2019-04: Fuzzing binaries using Dynamic Instrumentation at French-Japan cybersecurity workshop 2019
2019-04: Table-based whitebox techniques applied to lattice based cryptography: towards an asymmetric whitebox proposal? at WRACH 2019
2019-03: Old New Things: An examination of the Philips TriMedia architecture at Troopers 2019
2019-01: Contrôle de passes à grain fin pour l'obfuscation de code at Journées de la Compilation 2019

2018

2018-11: ROPGenerator: practical automated ROP-Chain generation at GreHack 2018
2018-11: Vulnerability Research - What It Takes to Keep Going and Going and Going at HITB 2018 Beijing
2018-09: AFL, QBDI And KSE Are on a Boat at Ekoparty 2018
2018-09: Old New Things: An Examinsation of the Philips TriMedia Architecture at Ekoparty 2018
2018-09: C++ In the Elvenland at CppCon 2018
2018-09: Easy::Jit : A Just-in-Time compilation library for C++ at CppCon 2018
2018-09: Frozen Data Structures in C++14 at CppCon 2018
2018-09: Combining obfuscation and optimizations in the real world at SCAM 2018
2018-08: The Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet at Black Hat USA 2018
2018-07: Quadratic Time Algorithm for Inversion of Binary Permutation Polynomials at ICMS 2018
2018-07: Static instrumentation based on executable file formats at Pass the SALT 2018
2018-06: Symbolic Deobfuscation: From Virtualized Code Back to the Original at 15th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, DIMVA 2018
2018-06: Static instrumentation based on executable file formats at Recon 2018
2018-06: Attacking Serial Flash Chip: Case Study of a Black Box at SSTIC 2018
2018-04: Implementing an LLVM based Dynamic Binary Instrumentation framework at Euro LLVM dev meeting
2018-04: Easy::Jit : Compiler-assisted library to enable Just-In-Time compilation for C++ codes at Euro LLVM dev meeting
2018-04: DragonFFI: Foreign Function Interface and JIT using Clang/LLVM at Euro LLVM dev meeting
2018-04: Automatizing vulnerability research to better face new software security challenges at Cisco Innovation & Research Symposium 2018
2018-02: Surviving in an Open Source Niche: the Pythran case at FOSDEM 2018
2018-02: Literate Programming meets LLVM Passes at FOSDEM 2018
2018-02: Easy::jit : just-in-time compilation for C++ at FOSDEM 2018
2018-02: DragonFFI Foreign Function Interface and JIT using Clang/LLVM at FOSDEM 2018

2017

2017-12: Implementing an LLVM based Dynamic Binary Instrumentation framework at 34th Chaos Communication Congress
2017-12: How to drift with any car at 34th Chaos Communication Congress
2017-11: Flash dumping & hardware 101 at BlackHoodie 2017 #3
2017-11: Kernel Shim Engine for fun at BlackHoodie 2017 #3
2017-10: Challenges building an LLVM-based obfuscator at 2017 LLVM Developers' Meeting
2017-09: L'interpréteur Python, quel sale type at PyConFR 2017
2017-07: LIEF: Library to Instrument Executable Formats at RMLL 2017
2017-06: Playing with Binary Analysis: Deobfuscation of VM based software protection / Désobfuscation binaire : Reconstruction de fonctions virtualisées at SSTIC 2017
2017-04: LIEF: Library to Instrument Executable Formats at Third French Japanese Meeting on Cybersecurity
2017-03: Playing with Binary Analysis: Deobfuscation of VM based software protection at THCon 2017

2016

2016-12: Practical Attacks Against White-Box Crypto Implementations at Séminaire de Cryptographie, Université de Rennes 1
2016-11: Arybo : Manipulation, Canonicalization and Identification of Mixed Boolean-Arithmetic Symbolic Expressions at GreHack 2016
2016-11: How Triton can help to reverse virtual machine based software protections at CSAW 2016
2016-11: Ghost in the PLC: Designing an Undetectable Programmable Logic Controller Rootkit via Pin Control Attack at Black Hat Europe 2016
2016-10: Defeating MBA-based Obfuscation at SPRO 2016
2016-10: Binary Permutation Polynomial Inversion and Application to Obfuscation Techniques at SPRO 2016
2016-10: GAST, Daou Naer - AST pour Python 2 et 3 at PyConFR 2016
2016-09: C++ Costless Abstractions: the compiler view at CppCon 2016
2016-08: Differential computation analysis: Hiding your white-box designs is not enough at CHES 2016
2016-07: Practical Attacks Against White-Box Crypto Implementations workshop at ECRYPT-NET Workshop on Cryptography Design for the IoT
2016-07: Binmap: scanning file systems with Binmap at RMLL Security track 2016
2016-06: Design de cryptographie white-box : et a la fin, c'est Kerckhoffs qui gagne at SSTIC 2016
2016-04: Dynamic Binary Analysis and Obfuscated Codes at StHack 2016
2016-03: Building, Testing and Debugging a Simple out-of-tree LLVM Pass at Euro LLVM 2016
2016-03: Hiding your White-Box Designs is Not Enough at Troopers 2016

2015

2015-10: Building, Testing and Debugging a Simple out-of-tree LLVM Pass at LLVM dev meeting
2015-09: Some technical & scientific challenges I'd like to have working solutions for at SAS 2015
2015-06: IRMA : Incident Response and Malware Analysis at SSTIC 2015
2015-06: Analyse de sécurité de technologies propriétaires SCADA at SSTIC 2015
2015-06: Quatre millions d'échanges de clés par seconde at SSTIC 2015
2015-06: Triton: Concolic Execution Framework at SSTIC 2015
2015-05: Supervising the Supervisor: Reversing Proprietary SCADA Tech. at HITB 2015 Amsterdam
2015-03: Dynamic Binary Analysis and Instrumentation Covering a function using a DSE approach at StHack 2015
2015-01: Dynamic Binary Analysis and Instrumentation Covering a function using a DSE approach at Security Day 2015
2015-01: Keynote at Security Day 2015

2014

2014-10: USB Fuzzing : approaches and tools at Hack.lu 2014
2014-07: Software obfuscation: know your enemy at RMLL 2014
2014-06: Désobfuscation de DRM par attaques auxiliaires at SSTIC 2014
2014-06: Obfuscation de code Python : amélioration des techniques existantes at SSTIC 2014
2014-06: Reconnaissance réseau à grande échelle : port scan is not dead at SSTIC 2014
2014-06: Recherche de vulnérabilités dans les piles USB : approches et outils at SSTIC 2014
2014-05: Port scan is not for pussies, Know yourself, know your enemy at HITB 2014 Amsterdam

2013

2013-10: How Apple Can Read Your iMessages and How You Can Prevent It at HITB 2013 Kuala Lumpur
2013-06: Sécurité des applications Android constructeurs et réalisation de backdoors sans permission at SSTIC 2013
2013-06: UEFI and Dreamboot at SSTIC 2013
2013-04: Dreamboot - A UEFI Bootkit at HITB 2013 Amsterdam

2012

2012-10: Pwn@Home: An Attack Path to jailbreaking your home router at HITB 2012 Kuala Lumpur
2012-05: WinRT: The Metro-politan Museum of Security at HITB 2012 Amsterdam
2012-06: WinRT at SSTIC 2012
2012-06: 10 ans de SSTIC at SSTIC 2012

Quarkslab Publications in Journals or Conference Proceedings and Preprints

2024

2024-12: Identifying Obfuscated Code through Graph-Based Semantic Analysis of Binary Code
2024-12: Faster Signatures from MPC-in-the-Head
2024-11: Improving binary diffing through similarity and matching intricacies
2024-08: MIFARE Classic: exposing the static encrypted nonce variant
2024-02: Short Signatures from Regular Syndrome Decoding, Revisited

2023

2023-06: Rétro-ingénierie et détournement de piles protocolaires embarquées, un cas d'étude sur le système ESP32
2023-06: Exploring OpenSSL Engines to Smash Cryptography
2023-05: ESPwn32: Hacking with ESP32 System-on-Chips
2023-05: PASTIS - A Collaborative Approach to Combine Heterogeneous Software Testing Techniques

2022

2022-06: TPM is not the holy way
2022-04: Building a Commit-level Dataset of Real-world Vulnerabilities (alt)

2021

2021-11: From Source Code to Crash Test-Case through Software Testing Automation
2021-11: Reversing and Fuzzing the Google Titan M Chip
2021-08: SSE and SSD : Page-Efficient Searchable Symmetric Encryption (alt)
2021-06: Unlinkable and Invisible γ-Sanitizable Signatures (alt)
2021-06: Exploitation du graphe de dépendance d'AOSP à des fins de sécurité
2021-06: EEPROM : It Will All End in Tears
2021-11: 2021 : A Titan M Odyssey
2021-08: Greybox Program Synthesis : A New Approach to Attack Obfuscation

2020

2020-07: Toward an Asymmetric White-Box Proposal
2020-06: Fuzz and Profit with WHVP
2020-06: Inter-CESTI : Methodological and Technical Feedbacks on Hardware Devices
2020-02: QSynth - A Program Synthesis based approach for Binary Code Deobfuscation

2019

2019-11: Epona and the Obfuscation Paradox : Transparent for Users and Developers, a Pain for Reversers
2019-10: White-Box Cryptography : Don't Forget About Grey-Box Attacks

2018

2018-09: Combining obfuscation and optimizations in the real world
2018-07: Quadratic Time Algorithm for Inversion of Binary Permutation Polynomials (alt)
2018-06: Attacking serial flash chip : case study of a black box device
2018-06: Symbolic Deobfuscation : From Virtualized Code Back to the Original (alt)
2018-04: Easy::Jit : compiler assisted library to enable just-in-time compilation in C++ codes

2017

2017-06: Reconstruction de fonctions virtualisées

2016

2016-11: Arybo : Manipulation, Canonicalization and Identification of Mixed Boolean-Arithmetic Symbolic Expressions
2016-10: Binary Permutation Polynomial Inversion and Application to Obfuscation Techniques (alt)
2016-10: Defeating MBA-based Obfuscation (alt)
2016-11: Ghost in the PLC: Designing an Undetectable Programmable Logic Controller Rootkit via Pin Control Attack
2016-08: Differential computation analysis: Hiding your white-box designs is not enough
2016-08: Collecting relations for the Number Field Sieve in $GF(p^6)$
2016-06: Design de cryptographie white-box : et à la fin, c'est Kerckhoffs qui gagne
2016-02: NFLlib: NTT-Based Fast Lattice Library

2015

2015-06: IRMA : Incident Response and Malware Analysis
2015-06: Analyse de sécurité de technologies propriétaires SCADA
2015-06: Triton: Concolic Execution Framework
2015-06: Quatre millions d'échanges de clés par seconde

2014

2014-06: Désobfuscation de DRM par attaques auxiliaires
2014-06: Obfuscation de code Python : amélioration des techniques existantes
2014-06: Reconnaissance réseau à grande échelle : port scan is not dead
2014-06: Recherche de vulnérabilités dans les piles USB : approches et outils

2013

2013-06: Sécurité des applications Android constructeurs et réalisation de backdoors sans permission
2013-06: UEFI and Dreamboot

2012

2012-06: WinRT

Quarkslab Publications in Specialized Magazines

2024-03: Comprendre et manipuler les mécanismes d’isolation des conteneurs In MISC Numéro 132
2023-05: Bug Bounty, Quand les hackers deviennent chasseurs de primes ! In MISC Numéro 127
2023-03: Comment attaquer un port USB ? In MISC Numéro 126 (freely accessible)
2023-01: Dossier: Web 2023, Les nouvelles surfaces d'attaques ! In MISC Numéro 125
2022-11: Découverte de Fuchsia et analyses préliminaires du Google Nest Hub In MISC Numéro 124
2022-10: Isoler ses ressources MS Azure In MISC Numéro HS 26
2022-10: Les nouveautés de sécurité de Kubernetes In MISC Numéro HS 26
2022-10: Bienvenue chez les cLoud In MISC Numéro HS 26
2022-03: La compilation statique démythifiée - Une plongée dans les entrailles de mon compilo In MISC Numéro 120 (freely accessible)
2021-09: Comment analyser un programme : du statique au dynamique jusqu'à l'instrumentation In MISC HS Numéro 24
2021-09: Introduction au reverse hardware In MISC HS Numéro 24 (freely accessible)
2021-09: De l'extraction de firmware à l'exécution de code sur la carte SD FlashAir In MISC HS Numéro 24
2021-09: La compilation : du code au binaire... et retour ! In MISC HS Numéro 24 (freely accessible)
2021-09: Vulnérabilités, Binary Diffing et Crashs In MISC Numéro 117
2021-07: Un EDR sous Android ? In MISC Numéro 116 (freely accessible)
2021-03: Découverte de la puce Titan M a.k.a Citadel In MISC Numéro 114 (freely accessible)
2020-11: Orchestration d'analyse In MISC Numéro 112 (freely accessible)
2020-11: Grandeur et décadence de Kubernetes : attaquer le futur Cloud OS In MISC Numéro 112 (freely accessible)
2020-05: Introduction à QBDI et ses bindings Python In MISC Numéro 109
2020-05: Faciliter la création d'exploits avec DragonFFI : le cas de CVE-200977-18 In MISC Numéro 109 (freely accessible)
2019-07: Exploitation du CVE-200977-18 dans le noyau Windows In MISC Numéro 104
2019-03: Analyse du contournement de KTRR In MISC Numéro 102 (freely accessible)
2017-09: Voyages en C++ie : les symboles In MISC Numéro 93 (freely accessible)
2017-07: Anti-RE 101 In MISC Numéro 92