Quarkslab Publications

• Quarkslab Publications
  • Conference Papers / Presentations
    • 2024
    • 2023
    • 2022
    • 2021
    • 2020
    • 2019
    • 2018
    • 2017
    • 2016
    • 2015
    • 2013
    • 2012
  • Hardware CTFs

Conference Papers / Presentations

2024

• 2024-11: Invited talk: MIFARE Classic: exposing the static encrypted nonce variant 🖥️ at Grehack 2024
• 2024-10: Bluetooth Low Energy GATT Fuzzing: from specification to implementation 🖥️📜 at Hardwear.io NL 2024
• 2024-10: MIFARE Classic: exposing the static encrypted nonce variant 🖥️ at Hardwear.io NL 2024
• 2024-10: Spyware for Rent 🖥️ at Les Assises 2024
• 2024-08: De 'branch' en 'branch' : récupération d'un FW d'ECU sur une mémoire FAT 'nettoyée' 🖥️ at Barbhack 2024
• 2024-08: One for all and all for WHAD: wireless shenanigans made easy ! 🖥️📽️ at DEF CON 32
• 2024-08: Attacking Samsung Galaxy A * Boot Chain, and Beyond 🖥️ at Black Hat USA 2024
• 2024-07: Prism, a light BEAM disassembler 🖥️ at LeHack 2024
• 2024-07: Analysing malicious documents and files with oletools 🖥️📽️ at Pass the SALT 2024
• 2024-07: Rump: Passbolt: a bold use of HaveIBeenPwned 🖥️📽️ at Pass the SALT 2024
• 2024-07: Rump: How to download large datasets of files using CommonCrawl 🖥️📽️ at Pass the SALT 2024
• 2024-07: Hydradancer, using USB3 to improve USB hacking with Facedancer 🖥️📽️ at Pass the SALT 2024
• 2024-07: Test your cryptographic primitives with crypto-condor 🖥️📽️ at Pass the SALT 2024
• 2024-07: Prism, a light BEAM disassembler 🖥️📽️ at Pass the SALT 2024
• 2024-06: Attacking the Samsung Galaxy Boot Chain 🖥️ at Off-by-One 2024
• 2024-06: Belenios: the Certification Campaign 🖥️📜📽️ at SSTIC 2024
• 2024-06: Tame the (q)emu: debug firmware on custom emulated board 🖥️📜📽️ at SSTIC 2024
• 2024-06: PyAxml 🖥️📽️ at SSTIC 2024
• 2024-06: When Samsung meets Mediatek: the story of a small bug chain 🖥️📜📽️ at SSTIC 2024
• 2024-06: QBinDiff: A modular differ to enhance binary diffing and graph alignment 🖥️📽️ at SSTIC 2024
• 2024-06: Testez vos primitives cryptographiques avec crypto-condor 🖥️📽️ at SSTIC 2024
• 2024-05: Numbat/Pyrrha: Naviguez facilement dans les binaires de votre système 🖥️ at ESIEA Secure Edition 2024
• 2024-05: Finding low-hanging fruits vulnerabilities in a commercial antivirus 🖥️ at StHack 2024
• 2024-05: Attacking the Samsung Galaxy A * Boot Chain 🖥️📽️ at OffensiveCon 2024
• 2024-04: PASTIS: Fuzzing tool competition 🖥️ at SBFT 2024
• 2024-03: Finding low-hanging fruits vulnerabilities in a commercial antivirus 🖥️ at HackSecuReims 2024
• 2024-03: How automatisation can improve firmware analysis? 🖥️ at Forum InCyber 2024
• 2024-03: Spyware for Rent 🖥️📽️ at NullCon 2024
• 2024-01: FCSC Chaussette - A Triton showcase 🖥️ at Ambrosia 2024

2023

• 2023-11: Google Apps Script - this talk requires access to your e-mails 🖥️📽️ at GreHack 2023
• 2023-11: Breaking Secure Boot on the Silicon Labs Gecko platform 🖥️📽️ at Ekoparty 2023
• 2023-11: Breaking Secure Boot on the Silicon Labs Gecko platform 🖥️📽️ at Hardwear.io NL 2023
• 2023-11: Dissecting the Modern Android Data Encryption Scheme 🖥️📽️ at Hardwear.io NL 2023
• 2023-11: On the All UR are to be considered harmful for fun and profit is the new cool trick, hackers hate it. Redux. 🖥️📽️ at Ekoparty 2023
• 2023-10: Intel SGX assessment methodology 🖥️ at Azure Confidential Computing 2023
• 2023-10: Pyrrha: navigate easily into your system binaries 🖥️📽️ at Hack.lu 2023
• 2023-09: Fuzzing ntop 🖥️📽️ at ntopconf 2023
• 2023-08: Introduction au CarHacking Comment construire sa “Car-in-a-box” 🖥️ workshop at Barbhack 2023
• 2023-08: Emulation de périphérique USB-ETH pour l'audit IoT/Automotive 🖥️ at Barbhack 2023
• 2023-07: Map your Firmware! 🖥️📽️ at Pass the SALT 2023
• 2023-07: For Science! - Using an Unimpressive Bug in EDK II To Do Some Fun Exploitation 🖥️📽️ at Pass the SALT 2023
• 2023-07: Vulnerabilities in the TPM 2.0 reference implementation code 🖥️📽️ at Pass the SALT 2023
• 2023-06: Parasitizing servers for fun and profit 🖥️📽️ at LeHack 2023
• 2023-06: Vulnerabilities in the TPM 2.0 Reference Implementation Code 🖥️📽️ at Troopers 2023
• 2023-06: Google Apps Script 🖥️ at ESIEA Secure Edition 2023
• 2023-06: Who evaluates the evaluators ? 🖥️📜 at WRACH 2023
• 2023-06: Dissecting the Modern Android Data Encryption Scheme 🖥️📽️ at Recon 2023
• 2023-06: Trace-based approach to compiler debugging 🖥️ at GDR GPL National Days 2023
• 2023-06: Exploring OpenSSL Engines to Smash Cryptography 🖥️📜📽️ at SSTIC 2023
• 2023-06: peetch: an eBPF based Networking Tool 🖥️📽️ at SSTIC 2023
• 2023-06: Rétro-ingénierie et détournement de piles protocolaires embarquées 🖥️📜📽️ at SSTIC 2023
• 2023-05: ESPwn32: Hacking with ESP32 System-on-Chips 🖥️📜📽️ at WOOT 2023
• 2023-05: Emulating RH850 for fun and vulnerability research 🖥️ at QPSS2023
• 2023-05: PASTIS - A Collaborative Approach to Combine Heterogeneous Software Testing Techniques 🖥️📜 at SBFT2023
• 2023-05: For Science! - Using an Unimpressive Bug in EDK II To Do Some Fun Exploitation 🖥️📽️ at StHack 2023
• 2023-05: Trying to break randomness with statistics in less than 5minutes 🖥️ at StHack 2023
• 2023-04: Reflections on Supply chain security 🖥️ at CERT Vendor Conference 2023
• 2023-04: Weaponizing ESP32 RF Stacks 🖥️📽️ at THCon 2023
• 2023-03: Whatever Pown2own 🖥️📽️ at Insomni'hack 2023
• 2023-03: Traceability of the compilation process 🖥️ at CLAP-HiFi-LVP 2023

2022

• 2022-11: Attack on Titan M, Reloaded: Vulnerability Research on a Modern Security Chip 🖥️📽️ at Ekoparty 2022
• 2022-11: kdigger 📽️ at DefCon Paris meetup
• 2022-11: Quokka - A Fast and Accurate Binary Exporter 🖥️📽️ at Grehack 2022
• 2022-10: From Offensive to Defensive Security 🖥️ at Les Assises 2022
• 2022-10: A journey of fuzzing Nvidia graphic driver leading to LPE exploitation 🖥️📽️ at Hexacon 2022
• 2022-09: Symbolic Execution the Swiss-Knife of the Reverse Engineering Toolbox 🖥️📽️ at KLEE Workshop 2022
• 2022-08: Attack on Titan M, Reloaded 🖥️📽️ at Black Hat USA 2022
• 2022-07: kdigger - Kubernetes focused container assessment and context discovery tool for penetration testing 🖥️📽️ at Pass the SALT 2022
• 2022-07: Binbloom Reloaded 🖥️📽️ at Pass the SALT 2022
• 2022-07: Mattermost End-to-End Encryption Plugin 🖥️📽️ at Pass the SALT 2022
• 2022-06: Attack on Titan M: Vulnerability Research on a Modern Security Chip 🖥️📽️ at Troopers 2022
• 2022-06: So you hacked a WiFi router, and now what? 📽️ at LeHack 2022
• 2022-06: Augmenter votre résistance aux malwares en recyclant vos vielles machines en stations blanches et plus si affinités 📽️ at FIC 2022
• 2022-06: TPM is not the holy way 🖥️📜📽️ at SSTIC 2022
• 2022-06: Binbloom v2 - Ceci est une (r)evolution 🖥️📽️ at SSTIC 2022
• 2022-05: Hackers, Reprenez Le Contrôle Des Objets Connectés ! 📽️ at Mixit 2022
• 2022-05: When eBPF meets TLS! 🖥️ at CanSecWest 2022
• 2022-05: kdigger - A Context Discovery Tool for Kubernetes Penetration Testing 🖥️ at Black Hat Asia 2022
• 2022-04: Can you park a car in a classroom? 📽️ at Hardwear.io webinar
• 2022-04: Building a Commit-level Dataset of Real-World Vulnerabilities 🖥️📜📽️ at CODASPY 2022

2021

• 2021-11: Wookey: Episode VII - The Force Awakens 🖥️📽️ at GreHack 2021
• 2021-11: Windows kernel snapshot-based fuzzing: the good, the bad and the ugly 📽️ at GreHack 2021
• 2021-11: Reversing And Fuzzing The Google Titan M Chip 🖥️📜 at ROOTS 2021
• 2021-11: From source code to crash test-cases through software testing automation 🖥️📜 at C&ESAR 2021
• 2021-11: 2021: A Titan M Odyssey 🖥️📜📽️ at Black Hat Europe 2021
• 2021-10: EEPROM - It will all End in Tears (EN) 🖥️📽️ at Hardwear.io NL 2021
• 2021-08: SSE and SSD : Page-Efficient Searchable Symmetric Encryption 📜📽️ at CRYPTO 2021
• 2021-08: Greybox Program Synthesis: A New Approach to Attack Dataflow Obfuscation 🖥️📜📽️ at Black Hat USA 2021
• 2021-07: Meet Piotr, a firmware emulation tool for trainers and researchers 🖥️📽️ at Pass the SALT 2021
• 2021-06: Unlinkable and Invisible γ-Sanitizable Signatures 📜 at Applied Cryptography and Network Security ACNS 2021
• 2021-06: Exploitation du graphe de dépendance d'AOSP à des fins de sécurité 🖥️📜📽️ at SSTIC 2021
• 2021-06: EEPROM - It Will All End in Tears 🖥️📜📽️ at SSTIC 2021
• 2021-06: QBDL - QuarkslaB Dynamic Loader 🖥️📽️ at SSTIC 2021

2020

• 2020-11: Towards an assymetric white-box proposal 📜 at Journées Codage & Cryptographie 2020
• 2020-11: Participation au panel “RFID Hacking” 📽️ at PACSEC 2020
• 2020-10: Dynamic Binary Instrumentation Techniques to Address Native Code Obfuscation 🖥️📜📽️ at Black Hat Asia 2020
• 2020-09: Anomalie de sécurité sur une JCard EAL6+ en marge d'1 CSPN inter-CESTI 📽️ at webinaire de l'OSSIR
• 2020-08: Collision-Based Attacks Against Whiteboxes with QBDI 🖥️ at Barbhack 2020
• 2020-07: Building Whiteboxes: attacks and defenses 🖥️📽️ at Hardwear.io webinar
• 2020-06: Why are Frida and QBDI a Great Blend on Android? 🖥️📽️ at Pass the SALT 2020
• 2020-06: Reverse engineering raw firmware: a tool to get you started 📽️ at Hardwear.io webinar
• 2020-06: Inter-CESTI: Methodological and Technical Feedbacks on Hardware Devices Evaluations 🖥️📜📽️ at SSTIC 2020
• 2020-06: Fuzz and Profit with WHVP 🖥️📜📽️ at SSTIC 2020
• 2020-02: QSynth - A Program Synthesis approach for Binary Code Deobfuscation 🖥️📜 at Binary Analysis Research (BAR) Workshop 2020
• 2020-02: Self-hosted server backups for the paranoid 📽️ at FOSDEM 2020

2019

• 2019-11: Cryptographie et attaques matérielles : Application à la cryptographie en boîte blanche 🖥️ at GeeksAnonymes, ULiège
• 2019-11: Epona and the Obfuscation Paradox: Transparent for Users and Developers, a Pain for Reverser 🖥️📜 at SPRO 2019
• 2019-09: When C++ Zero-Cost Abstraction Fails: how-to Fix Your Compiler 📽️ at CppCon 2019
• 2019-08: Breaking Samsung's ARM TrustZone 🖥️📽️ at Black Hat USA 2019
• 2019-06: IDArling, la première plateforme de rencontre entre reversers 🖥️📽️ at SSTIC 2019
• 2019-05: Grey-box attacks, four years later 🖥️ at WhibOx 2019
• 2019-05: DKOM 3.0: Hiding and Hooking with Windows Extension Hosts 🖥️📽️ at Infiltrate 2019
• 2019-04: Fuzzing binaries using Dynamic Instrumentation 🖥️ at French-Japan cybersecurity workshop 2019
• 2019-04: Table-based whitebox techniques applied to lattice based cryptography: towards an asymmetric whitebox proposal? 🖥️ at WRACH 2019
• 2019-03: Old New Things: An examination of the Philips TriMedia architecture 🖥️📽️ at Troopers 2019
• 2019-01: Contrôle de passes à grain fin pour l'obfuscation de code 🖥️ at Journées de la Compilation 2019

2018

• 2018-11: ROPGenerator: practical automated ROP-Chain generation 📽️ at GreHack 2018
• 2018-11: Vulnerability Research - What It Takes to Keep Going and Going and Going 🖥️ at HITB 2018 Beijing
• 2018-09: AFL, QBDI And KSE Are on a Boat 📽️ at Ekoparty 2018
• 2018-09: Old New Things: An Examinsation of the Philips TriMedia Architecture 📽️ at Ekoparty 2018
• 2018-09: C++ In the Elvenland 📽️ at CppCon 2018
• 2018-09: Easy::Jit : A Just-in-Time compilation library for C++ 🖥️📽️ at CppCon 2018
• 2018-09: Frozen Data Structures in C++14 📽️ at CppCon 2018
• 2018-09: Combining obfuscation and optimizations in the real world 📜 at SCAM 2018
• 2018-08: The Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet 📽️ at Black Hat USA 2018
• 2018-07: Quadratic Time Algorithm for Inversion of Binary Permutation Polynomials 📜 at ICMS 2018
• 2018-07: Static instrumentation based on executable file formats 🖥️📽️ at Pass the SALT 2018
• 2018-06: Symbolic Deobfuscation: From Virtualized Code Back to the Original 🖥️📜 at 15th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, DIMVA 2018
• 2018-06: Static instrumentation based on executable file formats 🖥️📽️ at Recon 2018
• 2018-06: Attacking Serial Flash Chip: Case Study of a Black Box 📜📽️ at SSTIC 2018
• 2018-04: Implementing an LLVM based Dynamic Binary Instrumentation framework 📽️ at Euro LLVM dev meeting
• 2018-04: Easy::Jit : Compiler-assisted library to enable Just-In-Time compilation for C++ codes 🖥️📽️ at Euro LLVM dev meeting
• 2018-04: DragonFFI: Foreign Function Interface and JIT using Clang/LLVM 🖥️📽️ at Euro LLVM dev meeting
• 2018-04: Automatizing vulnerability research to better face new software security challenges 🖥️ at Cisco Innovation & Research Symposium 2018
• 2018-02: Surviving in an Open Source Niche: the Pythran case 📽️ at FOSDEM 2018

2017

2018

• 2018-02: Literate Programming meets LLVM Passes 📽️ at FOSDEM 2018
• 2018-02: Easy::jit : just-in-time compilation for C++ 🖥️📽️ at FOSDEM 2018
• 2018-02: DragonFFI Foreign Function Interface and JIT using Clang/LLVM 🖥️📽️ at FOSDEM 2018

2017

• 2017-12: Implementing an LLVM based Dynamic Binary Instrumentation framework 🖥️📽️ at 34th Chaos Communication Congress
• 2017-12: How to drift with any car 📽️ at 34th Chaos Communication Congress
• 2017-11: Flash dumping & hardware 101 🖥️ at BlackHoodie 2017 #3
• 2017-11: Kernel Shim Engine for fun 🖥️ at BlackHoodie 2017 #3
• 2017-10: Challenges building an LLVM-based obfuscator 🖥️📽️ at 2017 LLVM Developers' Meeting
• 2017-09: L'interpréteur Python, quel sale type 🖥️📽️ at PyConFR 2017
• 2017-07: LIEF: Library to Instrument Executable Formats 🖥️📽️ at RMLL 2017
• 2017-06: Playing with Binary Analysis: Deobfuscation of VM based software protection / Désobfuscation binaire : Reconstruction de fonctions virtualisées 🖥️📜📽️ at SSTIC 2017
• 2017-04: LIEF: Library to Instrument Executable Formats 🖥️ at Third French Japanese Meeting on Cybersecurity
• 2017-03: Playing with Binary Analysis: Deobfuscation of VM based software protection 📽️ at THCon 2017

2016

• 2016-12: Practical Attacks Against White-Box Crypto Implementations 🖥️ at Séminaire de Cryptographie, Université de Rennes 1
• 2016-11: Arybo : Manipulation, Canonicalization and Identification of Mixed Boolean-Arithmetic Symbolic Expressions 📜📽️ at GreHack 2016
• 2016-11: How Triton can help to reverse virtual machine based software protections 🖥️📽️ at CSAW 2016
• 2016-11: Ghost in the PLC: Designing an Undetectable Programmable Logic Controller Rootkit via Pin Control Attack 🖥️📜📽️ at Black Hat Europe 2016
• 2016-10: Defeating MBA-based Obfuscation 🖥️📜 at SPRO 2016
• 2016-10: Binary Permutation Polynomial Inversion and Application to Obfuscation Techniques 📜 at SPRO 2016
• 2016-10: GAST, Daou Naer - AST pour Python 2 et 3 📽️ at PyConFR 2016
• 2016-09: C++ Costless Abstractions: the compiler view 🖥️📽️ at CppCon 2016
• 2016-08: Differential computation analysis: Hiding your white-box designs is not enough 🖥️📜📽️ at CHES 2016
• 2016-07: Practical Attacks Against White-Box Crypto Implementations 🖥️ workshop at ECRYPT-NET Workshop on Cryptography Design for the IoT
• 2016-07: Binmap: scanning file systems with Binmap 🖥️📽️ at RMLL Security track 2016
• 2016-06: Design de cryptographie white-box : et a la fin, c'est Kerckhoffs qui gagne 🖥️📜📽️ at SSTIC 2016
• 2016-04: Dynamic Binary Analysis and Obfuscated Codes 🖥️ at StHack 2016
• 2016-03: Building, Testing and Debugging a Simple out-of-tree LLVM Pass 🖥️📽️ at Euro LLVM 2016
• 2016-03: Hiding your White-Box Designs is Not Enough 🖥️📽️ at Troopers 2016

2015

• 2015-10: Building, Testing and Debugging a Simple out-of-tree LLVM Pass 🖥️📽️ at LLVM dev meeting
• 2015-09: Some technical & scientific challenges I'd like to have working solutions for 🖥️ at SAS 2015
• 2015-06: IRMA : Incident Response and Malware Analysis 🖥️📜📽️ at SSTIC 2015
• 2015-06: Analyse de sécurité de technologies propriétaires SCADA 🖥️📜📽️ at SSTIC 2015
• 2015-06: Quatre millions d'échanges de clés par seconde 🖥️📜📽️ at SSTIC 2015
• 2015-06: Triton: Concolic Execution Framework 🖥️📜📽️ at SSTIC 2015
• 2015-05: Supervising the Supervisor: Reversing Proprietary SCADA Tech. 📜 at HITB 2015 Amsterdam
• 2015-03: Dynamic Binary Analysis and Instrumentation Covering a function using a DSE approach 🖥️ at StHack 2015
• 2015-01: Dynamic Binary Analysis and Instrumentation Covering a function using a DSE approach 🖥️📽️ at Security Day 2015
• 2015-01: Keynote 📽️ at Security Day 2015

2014

• 2014-10: USB Fuzzing : approaches and tools 🖥️ at Hack.lu 2014
• 2014-07: Software obfuscation: know your enemy 🖥️📽️ at RMLL 2014
• 2014-06: Désobfuscation de DRM par attaques auxiliaires 🖥️📜 at SSTIC 2014
• 2014-06: Obfuscation de code Python : amélioration des techniques existantes 🖥️📜 at SSTIC 2014
• 2014-06: Reconnaissance réseau à grande échelle : port scan is not dead 📜 at SSTIC 2014
• 2014-06: Recherche de vulnérabilités dans les piles USB : approches et outils 🖥️📜📽️ at SSTIC 2014
• 2014-05: Port scan is not for pussies, Know yourself, know your enemy 🖥️ at HITB 2014 Amsterdam

2013

• 2013-10: How Apple Can Read Your iMessages and How You Can Prevent It 🖥️📽️ at HITB 2013 Kuala Lumpur
• 2013-06: Sécurité des applications Android constructeurs et réalisation de backdoors sans permission 🖥️📜 at SSTIC 2013
• 2013-06: UEFI and Dreamboot 🖥️📜 at SSTIC 2013
• 2013-04: Dreamboot - A UEFI Bootkit 📽️ at HITB 2013 Amsterdam

2012

• 2012-10: Pwn@Home: An Attack Path to jailbreaking your home router 🖥️ at HITB 2012 Kuala Lumpur
• 2012-05: WinRT: The Metro-politan Museum of Security 📽️ at HITB 2012 Amsterdam
• 2012-06: WinRT 🖥️📜 at SSTIC 2012
• 2012-06: 10 ans de SSTIC 🖥️ at SSTIC 2012

Hardware CTFs

• 2024-10: Hardware CTF v7 🖥️ at Hardwear.io NL. Results on CTFtime.
• 2024-05: Hardware CTF v6 🖥️ at Hardwear.io USA 2024. Results on CTFtime.
• 2023-11: Hardware CTF v6 🖥️ at Hardwear.io NL 2023. Results on CTFtime.
• 2023-06: Hardware CTF v5 🖥️ at Hardwear.io USA 2023. Results on CTFtime.
• 2022-10: Hardware CTF v5 🖥️ at Hardwear.io NL 2022. Results on CTFtime.
• 2022-09: Hardware CTF v4 🖥️ at Nullcon Goa 2022. Results on CTFtime.
• 2022-06: Hardware CTF v4 🖥️ at Hardwear.io USA 2022. Results on CTFtime.
• 2021-10: Hardware CTF v4 🖥️ at Hardwear.io NL 2021. Results on CTFtime.
• 2020-03: Hardware CTF v3 🖥️ at Nullcon Goa 2020. Results on CTFtime.
• 2019-09: Hardware CTF v3 🖥️ at Hardwear.io NL 2019. Results on CTFtime.
• 2019-06: Hardware CTF v2 🖥️ at Hardwear.io USA 2019. Results on CTFtime.
• 2019-03: Hardware CTF v2 at Nullcon Goa 2019. Results on CTFtime.
• 2018-09: Hardware CTF v2 🖥️ at Hardwear.io NL 2018. Results on CTFtime.
• 2018-04: Hardware CTF v1 at HITB Amsterdam 2018. Results on CTFtime.
• 2018-03: Hardware CTF v1 at Nullcon Goa 2018. Results on CTFtime.
• 2017-09: Hardware CTF v1 🖥️ at Hardwear.io NL 2017. Results on CTFtime.