Olivia
Online
quarkslab
@quarkslab
Securing every bit of your data
Paris, France
Joined October 2011
13 Following
12.5K Followers
1.7K Posts
From prompt 😃to pwned 😢:
Implementing an LLM in your org? Useful.
Trusting its output? That's how a low-priv user became admin.
Ship the feature, don't extend it your trust.
https://t.co/1SIHdbQQ97
Practical Android Software Protection in the Wild: An Appetizer
In which @Farenain analyzes 2.5 million Android apps to identify and classify the obfuscators, packers and code protectors they use:
https://t.co/xKQGrK2qxI
What happens when reverse engineers spend weeks digging into a Scala 3 codebase?
🔍 From code review to fuzzing, our assessment helped strengthen Scala's security .
The results of our audit, conducted in collaboration with @OSTIFofficial, are here:
https://t.co/hWkcJ5SPrI
Did you hear about Optical Line Terminals? ISPs rely on them to build their service networks, but what if they're vulnerable?
Here @coiffeur0x90 shows how attackers could compromise entire ISPs by exploiting them and cloud-based fleet management software
https://t.co/RuPyojhZrs
Who to follow
REcon 
@reconmtl
REcon: Annual reverse engineering and security conference held in Montreal.
SSTIC
@sstic
Le SSTIC est une conférence francophone sur le thème de la sécurité de l'information. Il a lieu à Rennes au mois de juin.
https://t.co/N0ZJfr5V3s
Project Zero Bugs
@ProjectZeroBugs
A bot that posts the latest blog posts and disclosures from Google's Project Zero
A hands-on look at Microsoft’s Independent Guest Virtual Machine (IGVM) format inside OpenHCL’s `openhcl.bin`.
We unpack the fixed header, variable headers, data layout, and how IGVM measurement supports Confidential Computing with SEV-SNP and TDX.
🔗https://t.co/uDDReDn2sZ
Paramiko is a pure-Python implementation of SSHv2. Recently, we worked with the Paramiko team on a security audit sponsored by @OSTIFofficial 🙏
Read a summary of our findings and find the full report here:
https://t.co/ffrzq5RlhC
My new blog post is released. It explains in detail how applications (App Registrations, Service Principals, MI) and their permissions really work, why they can introduce several subtle paths for privilege escalation, and presents my open-source tool designed to uncover them.
Do you know how Entra ID applications work?
What about the security mess they can bring and what they can quietly break?
New blog post on Entra ID application permissions, the audit nightmare they create, and QAZPT, our OSS tool built to make sense of it:
https://t.co/MkWdsuqF0Z
Obfuscation vs The Optimizer: A Battle in LLVM Middle End.
@yates82 shows us how the continuous improvement of the LLVM optimizer defeats naive code obfuscation, and how the obfuscator can fight back.
An eternal fight in which all victories are ephemeral
https://t.co/KGRcbImqf4
🤔Ever wondered how your favorite tools work under the hood? During our work on SightHouse, we dug into BSIM, Ghidra's Binary function SIMilarity engine.
Many tools have been built around it, yet its internals remained undocumented. Until now 👇
https://t.co/Gw9AkTk0yb
🚗 We traced a car’s life from China to Poland.
By analyzing a BYD Telematic Control Unit, Romain Marchand reconstructed its journey and identified a real-world event from GPS logs alone.
Embedded forensics + OSINT = real stories hidden in data.
👉 https://t.co/O408d2gbj9
Recently @quarkslab published a solution of a CTF using TritonDSE and QBDI where they analyzed a VM protected binary, and I thought "Shit, I want to analyze something too...". And this weekend I did an analysis of another crackme with a custom VM but this time using Triton! 🧵
After @Coiffeur0x90 found 3 LPEs in Intego antivirus for macOS, @kaluche_ had to check the Windows version too.
Spoiler: it was vulnerable.
Here's the full write up of a symlink attack to achieve Local Privilege Escalation👇
https://t.co/5HOygEPoVP
Tired of reversing the same libc for the 100th time? 👀
Meet SightHouse, our open-source tool that automatically detects third-party library functions in binaries.
High-confidence function mapping. Works with any disassembler. By @Mad5quirrel & Sami.
🔗 https://t.co/PVxOyyISG9
The dragon has a VM. Of course it does. Our latest blog walks through the analysis of a complex C++ binary hiding behind a virtual machine, themed as a classic RPG fight. QBDI & TritonDSE are your weapons of choice. The dragon doesn't stand a chance. 🐉
https://t.co/59TX9v5Msq
Rule 1️⃣ : "In WAF we (should not) trust"
Your WAF is doing its best. That's just not enough 😮💨
A deep dive into Web Application Firewall bypass techniques, discovering why blocked ⛔ doesn't always mean safe.
https://t.co/kxe4GW3C6M
"Intego X9: Never trust my updates"
Read @Coiffeur0x90's research showing how XPC interprocess communications and the update mechanism of the Intego antivirus for MacOS can be abused for local privilege escalation.
https://t.co/OQM6QYvpbG
"How does it even work?"
The question that keeps hackers' hearts pumping, blood pressure rising, and curiosity growing.
This is @virtualabs's reverse engineering journey into a cheap smartwatch that measures at least one of those.
https://t.co/iFEGzkZEiE
SPONSOR
📣 Today, we are very happy to announce the @quarkslab Gold level sponsoring 😍
📄 @quarkslab provides to companies Security Audit capabilities, Consulting expertise powered by its cutting edge R&D and Qshield, its comprehensive security suite
1/2
One bit flip to corrupt it all:
Exploitation of an old Linux kernel vulnerability using PageJack, a modern technique to create Use After Free bugs.
Here @AzazheI shows you how
https://t.co/MLKX0pykhe
Last Seen Users on Sotwe
胸大无脑
Seen from United States
sexy mummy ass(brazzer video)
Seen from India
bangtam_23 ( ทวิตจริง )
Seen from Thailand
gececi34
Seen from United States
みたう🐹
Seen from Japan
แบ่งปันรูปเมีย
Seen from Thailand
.
Seen from Bahrain
Bambi Cummins
Seen from Italy
sur yadi77
Seen from Malaysia
Daniel Moragues
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers