After lunch, Eloïse Brocas and Forgette Benoît will present at Sthack their adventure at Pwn2Own and how they tried to break randomness with statistics in less than 5minutes #Sthack23

Exploitation of UEFI bugs is a rarely discussed topic. In this blog post Gwaby shows how she leveraged a boring UEFI bug in the Tianocore's EDK2 implementation to develop a cool exploitation technique. For science! #UEFI #vulnresearch #exploit blog.quarkslab.com/for-science-us…

Excellent blog post about exploiting EDK II (UEFI public implementation) Credits Gwaby (quarkslab) blog.quarkslab.com/for-science-us… #uefi #cybersecurity

Reversing Windows Container, episode I: Silo An exploration of the depths of #Windows #container technology by Quarkslab's engineer Lucas di Martino #docker #hyperv #reversing blog.quarkslab.com/reversing-wind…

Is remote code execution in UEFI firmware possible? Yes it is. Meet #PixieFAIL: 9 vulnerabilities in the IPv6 stack of EDK II, the open source UEFI implementation used by billions of computers. Full details by Francisco Falcon and iarce in our new blog post: blog.quarkslab.com/pixiefail-nine…

Write up of the HVCI bypass vuln (CVE-2024-21305) with Andrea Allievi ! tandasat.github.io/blog/2024/01/1…

💥#LogoFAIL Redux: The Binarly REsearch team creates PoC to show how fuzzing crashes of firmware image parsers can be leveraged by attackers to achieve arbitrary code execution with firmware privileges during the boot process (OS -> FW). 🔬More details: binarly.io/posts/inside_t…

Intel Hardware Shield deep dive: part 1 is user-mode System Management Mode (ISRD). tandasat.github.io/blog/2024/02/2… ISRD is beautifully architected, and I have enjoyed studying it a lot. Excellent work by Intel.

Interested in navigation of source code, binaries and other artifacts? Let a marsupial and goddess help you. Here Eloïse Brocas and Fenrisfulsur introduce Numbat, a new Python API for Sourcetrail, and Pyrrha, a mapper collection for firmware cartography. blog.quarkslab.com/leveraging-sou…

Better late than never! The slides of our talk "Attacking Samsung Galaxy A* Boot Chain" at offensivecon can be found here: github.com/quarkslab/conf… The video is also available: youtube.com/watch?v=WJ7wkJ…

✍️ When Samsung Meets Mediatek - The story of a small bug chain by Maxime Rossi Bellom Gwaby Raphaël Neveu sstic.org/media/SSTIC202…

Finding and chaining 4 vulns to exfiltrate encryption keys from the Android Keystore on Samsung series A* devices. Did you miss the "Attacking the Samsung Galaxy A* Boot Chain" talk by Maxime Rossi Bellom and Raphaël Neveu earlier this year ? Talk && PoC || GTFO: blog.quarkslab.com/attacking-the-…

quarkslab And the exploits can be found here: github.com/quarkslab/sams…

Good tools are made of bugs: How to monitor your Steam Deck with one byte. Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming . A Christmas gift in February, brought to you by the amazing Gwaby 🫶 blog.quarkslab.com/being-overlord…

AMD published Security Bulletin AMD-SB-7027 addressing CVE-2024-0179 and CVE-2024-21925, the two UEFI SMM vulnerabilities disclosed in our blog post. Data center, desktop, mobile and embedded processors products are affected: amd.com/en/resources/p…