@quarkslab security assessment of Monero's Bulletproofs implementation (a state-of-the-art non-interactive zero-knowledge proof protocol) is finally out! So glad to have had the opportunity to work on it. Big thanks to OSTIF and the Monero Research Lab!
https://t.co/OAKmKYey8e
@JonathanSalwan@quarkslab You are staying true to what Moitessier said: "Tout ce que les hommes ont fait de beau et de bien, ils l'ont construit avec leurs rêves"
Have fun my friend, may the wind always be at your back!
We overly celebrate offense in InfoSec, but we don't get more secure by finding and fixing bugs one-by-one. We get more secure by building systems that obliterate entire bug classes.
We need to shift focus to celebrating the defenders who build scalable and effective defenses.
Want to learn about bypassing anti-root, anti-Frida and packer in Android malware or applications?
Read @rh0main’s presentation at #BHASIA from @BlackHatEvents on “DBI Techniques to Address Native Code Obfuscation”
Slides: https://t.co/JkGoBoquh8
Article: https://t.co/ce9Ip40Mwk
This month marks Sqreen’s 5 year anniversary! It’s been an incredible journey so far & milestones like this serve as a good opportunity to take stock and celebrate. Have a look at a few of the highlights from the past 5 years at Sqreen: https://t.co/37HM1wPmvO #AppSec
[TOOL] QBDI v0.7.1. our dynamic binary instrumentation framework, is out. A lot of love and new features brought by Nicolas and the team: https://t.co/x9qGqnl2we
Enjoy Python 3, "pip install pyqbdi”, bindings for Windows, …
Today is a big day, especially for @JonathanSalwan: he will defend his PhD: symbolic execution for binary deobfuscation. The team is super proud of the long road he walked!
(1/2) Here is my analysis of Tencent's Legu:
https://t.co/MKu4XdJAQp
Most of the analysis was done thanks to open source tools:
- Frida (devkit) for hooking
- QBDI (AArch64) for memory traces and instruction traces
- Kaitai struct for reverse engineering the custom formats
We are so excited to announce TamaGo: bare metal Go for ARM SoCs.
This project allows, with minimal adaptation to upstream Go, execution of 100% Go applications on the USB armory and hopefully more platforms in the future.
Check it out!
https://t.co/odaaUafppM
Dear SF Bay Area #appsec practitioners using security testing (DAST, IAST...), I'd love to pick your brain one hour this week to understand your usage and help us shape the @SqreenIO testing part (based on an in-app fuzzer & in-app metadata 🤩 - cc @nezetic). DM me if you're in!
After more than 1 year, we are glad to announce the release of Triton v0.7 https://t.co/yTQ2FpXl0A - AArch64 semantics, Android compilation, Python 3.6, bug fixes and much more! @quarkslab is already working on the v0.8 and have some surprises in store =)
#ATO#attacks can happen to anyone, even #security companies! We recently blocked a major ATO attack against our own Sqreen deployment. Here's how we did it. https://t.co/7ZaNrGUSRz