Our 2025-2026 internship season has started. Check out the list of openings and apply for fun and knowledge!

Internship Offers for the 2025-2026 Season - Quarkslab's blog

The internship season is back at Quarkslab! Our internship positions cover a wide range of topics and expertise, and aim at tackling new challenges...

Finding a buggy driver is one thing, abusing it is another🧠 In his latest blog post, Luis Casvella shows you how BYOVD can be used as a Reflective Rootkit Loader ! 🚀 ➡️

BYOVD to the next level (part 2) — rootkit like it's 2025 - Quarkslab's blog

Bring Your Own Vulnerable Driver (BYOVD) is a well-known post-exploitation technique used by adversaries. This blog post is part of a series. In pa...

BYOVD is a well-known technique commonly used by threat actors to kill EDR 🔪 However, with the right primitives, you can do much more. Find out how Luis Casvella found and exploited 4 vulns (CVE-2025-8061) in a signed Lenovo driver. 👇

BYOVD to the next level (part 1) — exploiting a vulnerable driver (CVE-2025-8061) - Quarkslab's blog

Bring Your Own Vulnerable Driver (BYOVD) is a well-known post-exploitation technique used by adversaries. This blog post is part of a series. We wi...

RTFM they say but if you read the manual and copy code examples from it you may inadvertently introduce vulns in your code 🙀 In April we audited the PHP code. Now we followed up with a review of the code snippets in PHP documentation and found 81 issues 👇

Security review of PHP documentation - Quarkslab's blog

The Open Source Technology Improvement Fund, Inc., engaged with Quarkslab to perform a security audit of the code snippets in the English version o...

Hacking & Barbecue in the south of France What could possibly be better? Barbhack 2025 starts this Saturday August 30th at the Palais des Congrès Neptune in Toulon We are giving away a ticket to a student nearby looking to live the experience. Send us a DM with your name and school. We will notify the winner tonight.

BARBHACK Hacking conference

BARBHACK is organized by a team of ethical hackers and cybersec professionals you already know, supported by HackerZVoice association

Unrestrict the restricted mode for USB on iPhone. A first analysis @npub12h89...ac3t #CVE-2025-24200 👉

First analysis of Apple's USB Restricted Mode bypass (CVE-2025-24200) - Quarkslab's blog

Apple released iOS 18.3.1 (build 22D72) to patch a vulnerability tied to the Accessibility framework and reported by Citizen Lab. Let's analyze it!

Good tools are made of bugs: How to monitor your Steam Deck with one byte. Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming. A Christmas gift in February, brought to you by the incredible @Gwaby 🫶

Being Overlord on the Steam Deck with 1 Byte - Quarkslab's blog

In this blog post we explain the consequences of asking our R&D boss for a Steam Deck as a Christmas gift. It involves a couple of vulnerabilities,...

👋 Looking for some cool research opportunities in 2025? We still have an open position in our 2024-2025 internships season. Take a look and hurry up to submit, those satellites won't hack themselves

Internship Offers for the 2024-2025 Season - Quarkslab's blog

The internship season is back at Quarkslab! Our internship topics cover a wide range of our expertise and aim at tackling new challenges, namely:

Finding and chaining 4 vulns to exfiltrate encryption keys from the Android Keystore on Samsung series A* devices. Did you miss the "Attacking the Samsung Galaxy A* Boot Chain" talk by [@max_r_b](

bird.makeup - User

) and Raphaël Neveu earlier this year ? Talk && PoC || GTFO:

Attacking the Samsung Galaxy A* Boot Chain - Quarkslab's blog

We discovered several vulnerabilities impacting the boot chain of several Samsung devices. Chained together, they allow us to execute code in the b...

Don't you miss the golden era of SQL Injections? Here Mathieu Farrell (@Coiffeur) explains how to feel the thrill again with the aid of Apache Superset, XML and a bit of parsing tickery: "Bypass Apache Superset restrictions to perform SQL Injections"

Bypass Apache Superset restrictions to perform SQL injections - Quarkslab's blog

The following article explains how during an audit we took a look at Apache Superset and found bypasses (by reading the PostgreSQL documentation) f...