Quarkslab https://quarkslab.com/ Securing Every Bit of Your Data Thu, 04 Jun 2020 15:21:52 +0000 en-US hourly 1 https://wordpress.org/?v=5.2.4 https://quarkslab.com/wp-content/uploads/2020/02/favicon.png Quarkslab https://quarkslab.com/ 32 32 Epona new release https://quarkslab.com/epona-new-release/ Fri, 20 Dec 2019 00:27:27 +0000 https://quarkslab.com/?p=1561 Quarkslab, the leading information security R&D, consulting and software company in Europe, announced today the release of Epona Application Protection v1.5, its advanced application shielding solution for mobile, desktop and embedded software. Epona Application Protection protects software and firmware against attacks that seek to obtain cryptographic signing and encryption keys, exfiltrate encrypted data itself, lift […]

The post Epona new release appeared first on Quarkslab.

]]>
Quarkslab, the leading information security R&D, consulting and software company in Europe, announced today the release of Epona Application Protection v1.5, its advanced application
shielding solution for mobile, desktop and embedded software.
Epona Application Protection protects software and firmware against attacks that seek to obtain cryptographic signing and encryption keys, exfiltrate encrypted data itself, lift proprietary
algorithm implementations, or compromise other high-valued assets present on software that runs on unmanaged devices. It also allows organizations to detect when a protected application is running on a potentially hostile environment such as a tampered or otherwise unsanctioned device, and to enforce protection measures according to the developers’ policy.
Quarkslab’s unique combination of in-depth knowledge of offensive and defensive information security, coupled with its compiler engineering and program analysis expertise crystallized
in a comprehensive application protection solution built to meet the requirements of customer organizations in the Banking, Mobile Payments, Media and Entertainment, Automotive,
Defense, Aerospace, and Healthcare markets.
Epona Application Protection is based on the industrial-strength, widely adopted LLVM compiler infrastructure maintained and extensively tested by the world’s top technology organizations, resulting in seamless integration with the most common software development environments and toolchains.
The full set of capabilities includes:

  • State-of-the-art obfuscation techniques agnostic of the application’s programming language and target platform, thus the same protection mechanisms can be used on all supported
    platforms and with software written in any of the supported languages. This guarantees a similar level of protection and robustness against manual and automated reverse engineering for software running on any of the supported platforms.
  • Integrity protection to prevent modification of the application code or tampering with the application’s sensitive data.
  • Runtime Application Self-Protection (RASP) capabilities to prevent and detect tampering of the application’s runtime environment such as jailbreaking, rooting, debugging, and dynamic
    instrumentation (hooking).
  • Static and dynamic whitebox cryptography implementations of standard ciphers.
  • Fine-grained controls that let customer organizations optimize the performance vs. security trade-off according to their needs and policies.
    «The release of Epona Application Protecion v1.5 is the result of an effort of many person-years developing an answer to our customer’s most challenging question: How do I protect my
    code and data on an unmanaged device, under the control of a potential attacker ? We believe we now have a robust, comprehensive and affordable response to address that question»
    said Iván Arce, CTO of Quarkslab.
    What’s new in Epona Application Protection v1.5
  • A new Control Flow Graph obfuscation, in addition to CFG Flattening.
  • Improved use of Opaque Predicates.
  • Improved instruction-level obfuscation.
  • Fine grained control of obfuscations to achieve binary runtime performance and size optimizations.
  • Android NDK 18b and 19b support.
  • Obfuscations that require threading support can now be used on ARM.
  • The epona-report tools can now be used to check properties of the protected app’s final binary.
  • A static and dynamic whitebox implementation using Epona compiler.
  • An advanced whitebox implementation library.
    Epona Application Protection v1.5 supports software written in C, C++, and Objective-C for iOS, Android, OS X, Windows, and Linux on 32 or 64 bits x86 and ARM and it is available now
    from Quarkslab.
    For more information visit https://epona.quarkslab.com or contact us at sales@quarkslab.com or @quarkslab on Twitter.

The post Epona new release appeared first on Quarkslab.

]]>
Automation of Security Analysis Workloads: Why and How? https://quarkslab.com/automation-of-security-analysis-workloads-why-and-how/ https://quarkslab.com/automation-of-security-analysis-workloads-why-and-how/#respond Fri, 10 Jan 2020 14:19:21 +0000 https://quarkslab.com/?p=3052 Epona

The post Automation of Security Analysis Workloads: Why and How? appeared first on Quarkslab.

]]>
Over the past decades the information security landscape has changed significantly but one thing has remained constant: a continuous increase in the number of different threats that a security team has to deal with per unit of time.  

Ever since the term “virus” was first used in 1984, security practitioners and vendors have scrambled to acquire knowledge and build tools able to detect malware and prevent it from entering users’ computers and enterprise networks, or mitigate the damage it causes. While the initial virus detection techniques were simple, effective (at least for a while), and naive. Things have changed a lot since then.   

Download the article (written in English) to learn more about how and why automate security analysis workloads and what to expect from software tools built for that purpose 

The post Automation of Security Analysis Workloads: Why and How? appeared first on Quarkslab.

]]>
https://quarkslab.com/automation-of-security-analysis-workloads-why-and-how/feed/ 0
Les applications de messagerie peuvent-elles être sécurisées ? https://quarkslab.com/les-applications-de-messagerie-peuvent-elles-etre-securisees/ https://quarkslab.com/les-applications-de-messagerie-peuvent-elles-etre-securisees/#respond Fri, 31 Jan 2020 16:17:59 +0000 https://quarkslab.com/?p=3735 The post Les applications de messagerie peuvent-elles être sécurisées ? appeared first on Quarkslab.

]]>

The post Les applications de messagerie peuvent-elles être sécurisées ? appeared first on Quarkslab.

]]>
https://quarkslab.com/les-applications-de-messagerie-peuvent-elles-etre-securisees/feed/ 0
[Avis d’expert] Cybersécurité : redonner l’avantage à la défense https://quarkslab.com/avis-dexpert-cybersecurite-redonner-lavantage-a-la-defense/ https://quarkslab.com/avis-dexpert-cybersecurite-redonner-lavantage-a-la-defense/#respond Fri, 31 Jan 2020 17:49:50 +0000 https://quarkslab.com/?p=3763 The post [Avis d’expert] Cybersécurité : redonner l’avantage à la défense appeared first on Quarkslab.

]]>

The post [Avis d’expert] Cybersécurité : redonner l’avantage à la défense appeared first on Quarkslab.

]]>
https://quarkslab.com/avis-dexpert-cybersecurite-redonner-lavantage-a-la-defense/feed/ 0
Paris en ligne : peut-on miser son argent en toute sécurité ? https://quarkslab.com/paris-en-ligne-peut-on-miser-son-argent-en-toute-securite/ https://quarkslab.com/paris-en-ligne-peut-on-miser-son-argent-en-toute-securite/#respond Fri, 31 Jan 2020 17:51:06 +0000 https://quarkslab.com/?p=3766 The post Paris en ligne : peut-on miser son argent en toute sécurité ? appeared first on Quarkslab.

]]>

The post Paris en ligne : peut-on miser son argent en toute sécurité ? appeared first on Quarkslab.

]]>
https://quarkslab.com/paris-en-ligne-peut-on-miser-son-argent-en-toute-securite/feed/ 0
Vulnérabilités dans les iPhones : le ver dans la pomme ? https://quarkslab.com/vulnerabilites-dans-les-iphones-le-ver-dans-la-pomme/ https://quarkslab.com/vulnerabilites-dans-les-iphones-le-ver-dans-la-pomme/#respond Fri, 31 Jan 2020 17:51:51 +0000 https://quarkslab.com/?p=3769 The post Vulnérabilités dans les iPhones : le ver dans la pomme ? appeared first on Quarkslab.

]]>

The post Vulnérabilités dans les iPhones : le ver dans la pomme ? appeared first on Quarkslab.

]]>
https://quarkslab.com/vulnerabilites-dans-les-iphones-le-ver-dans-la-pomme/feed/ 0
Propriété intellectuelle : enfin une réponse technologique pour compléter l’arsenal juridique https://quarkslab.com/propriete-intellectuelle-enfin-une-reponse-technologique-pour-completer-larsenal-juridique/ https://quarkslab.com/propriete-intellectuelle-enfin-une-reponse-technologique-pour-completer-larsenal-juridique/#respond Fri, 31 Jan 2020 17:52:48 +0000 https://quarkslab.com/?p=3772 The post Propriété intellectuelle : enfin une réponse technologique pour compléter l’arsenal juridique appeared first on Quarkslab.

]]>

The post Propriété intellectuelle : enfin une réponse technologique pour compléter l’arsenal juridique appeared first on Quarkslab.

]]>
https://quarkslab.com/propriete-intellectuelle-enfin-une-reponse-technologique-pour-completer-larsenal-juridique/feed/ 0
Training | Practical car hacking https://quarkslab.com/practical-car-hacking/ https://quarkslab.com/practical-car-hacking/#respond Mon, 17 Feb 2020 16:56:53 +0000 https://quarkslab.com/?p=4823 Learn how to classical attacks on the CAN bus and understand the data…

The post Training | Practical car hacking appeared first on Quarkslab.

]]>
OBJECTIVES
  • Understand and execute several classical attacks on the CAN bus
  • Being able to understand the data circulating on the CAN bus
  • Have the basics to reverse engineer an ECU’s firmware

SYNOPSIS

In the last few years, we have seen many new attacks on cars, but this environment is still hard to get into, mainly because the tools are different from classical reversing or hacking tools.

This training introduces the basic theory about the CAN bus and its communication so that the attendees can try their hands on a CAN bus. We will provide the necessary CAN tools and perform attacks on simulated systems as well as real cars. The attendees will be able to reproduce attacks like breaking a security sessions, fuzzing an ECU, spoofing messages, … Finally, the specificities of reverse engineering an ECU firmware will be addressed: the general methodology, how to handle Autosar firmware, where to start, what to look for, … These techniques will then be applied to an example of real-life Tricore firmware. The reverse engineering exercises will first focus on a simple ARM firmware to help everybody get to the same level.

In this training, the car hacking tools will be presented along with many practical labs to make sure the attendees will be able to redo the attacks later on.

TARGET AUDIENCE

  • Security researchers
  • Automotive manufacturers and suppliers
  • Hackers interested in cars

DURATION

  • 2 days

PREREQUISITES

  • Knowledge:
    • This is an introductory course, it does not require any prior knowledge of automotive systems.
    • Basic Python Knowledge
    • Basic knowledge of Linux
    • Basic knowledge of firmware reversing is a plus, but not required
  • Hardware / software:
    • Laptop with WiFi
    • SSH client
    • A reverse engineering software is a plus

MODULES

Day 1

  • Automotive and CAN bus 101
    • What is a CAN bus
    • Communications on a CAN bus
    • Lab: Send / receive messages on the CAN bus
    • Lab: Writing a minimalistic ECU to communicate on the CAN bus
    • Lab: Sniffing and message analysis on a CAN bus
  • Diagnostic
    • What is an OBD-2 port
    • How to use it
    • Demo: locating a CAN bus in a car
    • Demo: using a car diagnostic device
    • Lab: sniffing, analysis and replay of diagnostic messages
  • CAN security
    • Practical point of view
    • Lab: spoofing and fuzzing CAN messages
    • Scanning the different ECUs of a car
    • Lab: replaying the fuzzed messages on a real car

Day 2

  • CAN security sessions
    • Protocols and algorithms
    • Lab: brute forcing a security session
    • Lab: reusing sniffed messages for security sessions
  • ECU architecture
    • Description of the different architectures
    • Lab: firmware dumping via the CAN bus
    • Lab: idem with breaking a security session first
  • ECU reverse engineering
    • Reverse engineering methodology for an automotive firmware
    • Reverse engineering 101
    • Lab: ARM reverse engineering 101
    • Lab: reverse engineering of an simple ARM firmware (Teensy)
    • Lab/demo: reverse engineering of the security session algorithm from an actual ECU
  • Autosar: a new way of developping firmwares. How to reverse engineer them ?
    • Reverse engineering methodology for an autosar firmware
    • Lab/demo: reverse engineering an Autosar firmware

Optional modules

  • Your own CAN device: build you own CAN device with a microcontroller and a CAN controller/transceiver
  • Bluetooth implant: build an implant and plant it on a CAN bus inside the engine bay of a car.
  • Tricore reverse engineering: analyse a real-life automotive firmware and break its security algorithm

The post Training | Practical car hacking appeared first on Quarkslab.

]]>
https://quarkslab.com/practical-car-hacking/feed/ 0
Training | iOS: Application Security and OS Internals https://quarkslab.com/ios-application-security-and-os-internals/ https://quarkslab.com/ios-application-security-and-os-internals/#respond Mon, 17 Feb 2020 16:57:31 +0000 https://quarkslab.com/?p=4825 Learn how to study iOS applications to perform a security assessment or a comprehensive reverse…

The post Training | iOS: Application Security and OS Internals appeared first on Quarkslab.

]]>

SYNOPSIS

During this training, we will dispense all the knowledge needed to study iOS applications to perform either a security assessment, or a comprehensive reverse engineering. We will focus on the latest versions of iOS (starting from 11). The training heavily relies on practice therefore numerous labs exercises will be done.

TARGET AUDIENCE

  • Reverse engineers interested in iOS
  • Security engineers with no prior experience in iOS but who needs to assess apps or start studying the system.

DURATION

3 days (15-16-17 January 2020)

PREREQUISITES

  • Familiar with an assembly language
  • Familiar with operating system concepts
  • Basic knowledge of Python

OBJECTIVES

  • Being able to assess or study an iOS application
  • Being able to understand or explore most of iOS Userland components

EXERCISES

  • Binaries reversing
  • Small tools writing

MODULES

Day 1

  • Introduction
    • Lab setup
  • Applications
    • Architecture
    • Mach-O
    • Shared Cache
    • App Life Cycle
    • Objective-C

Day 2

  • App Reverse Engineering & Security
    • Instruction Set Architecture
    • Static Analysis
    • Dynamic Analysis
    • Security

Day 3

  • Daemons & Communications
    • XPC
  • iOS Security Mechanisms
    • Code Signing
    • Entitlements
    • Jailbreaks

The post Training | iOS: Application Security and OS Internals appeared first on Quarkslab.

]]>
https://quarkslab.com/ios-application-security-and-os-internals/feed/ 0
Training | Reverse engineering like a pro https://quarkslab.com/reverse-engineering-like-a-pro/ https://quarkslab.com/reverse-engineering-like-a-pro/#respond Mon, 17 Feb 2020 16:58:19 +0000 https://quarkslab.com/?p=4827 Learn key concepts and methodologies to reverse a binary from a static and dynamic point of view

The post Training | Reverse engineering like a pro appeared first on Quarkslab.

]]>
NEXT SESSION FROM 5th TO 9th OCTOBER 2020

OBJECTIVES

Be able to:

  • analyze standard malwares or userland applications;
  • improve its debugging skills and more generally its static/dynamic analysis techniques;
  • use tools like IDA to perform static analysis and script them.

Methodology is at the heart of the training to maximize the autonomy of attendees once the training is completed.

SYNOPSIS

This training is dedicated to analysts who want to learn key concepts and methodologies and better understand or analyze faster, in a blackbox way, any code that can be found in the wild (malwares, applications, libraries, an exploit…). The training is focused on methodological aspects with all technical concepts that are needed to learn how to reverse a binary from a static and dynamic point of view. Practical exercises own an important place in this training.

TARGET AUDIENCE

People who want to start with binary analysis on Intel platforms (e.g. malware analysts or application pentesters at large) Target OS are Linux and Windows but knowledge can easily be applied on any platform running on Intel IA-32 architecture.

DURATION

5 days

PREREQUISITES

Reverse engineering is hard to learn when fully beginning from scratch, some knowledge is needed as prerequisites to let the training focus on analysis methodology.

Some key skills that are needed:

  • Python for basic scripting;
  • C language basic/intermediate knowledge (pointers handling, standard C library usage);
  • Basic knowledge of x86 assembly (base instructions, stack, shellcode, hello world debugging…).

EXERCISES

The whole training in divided into theoretical courses and practices (more than 50%), proportionally distributed inside each training day.

Exercises will be adapted according attendees group reverse engineering level which can vary from various reasons.

Some practical exercises:

  • Various algorithm analysis, some crackmes resolving;
  • Malware analysis;
  • Bypass anti-debug / anti-analysis tricks;
  • IDA scripting (e.g: automated string deciphering in a obfuscated binary);
  • Tooling with frida and some debuggers.

MODULES

Day 1

  • Focus on x86/x86-64 assembly language
  • Assembly reminders (mnemonics, stacks and main concepts)
  • Common structures recognition
  • First steps with IDA and static analysis

Day 2

  • Binary file format (PE / ELF)
  • How a program is loaded in memory?
  • What’s inside process address space?
  • Analysis methodologies (static and dynamic)

Day 3

  • Dynamic analysis with debuggers (OS specific)
  • Analysis automation, “build your own tools” using frida and hooking techniques
  • Scripting analysis with tools

Day 4

  • Protected binary analysis
  • Bypassing anti-debugs, anti-vm and basic obfuscations
  • More on tools scripting (IDA and debuggers)

Day 5

The last day is dedicated to an optional module depending on the topic to focus on:

  • Option 1 (native malware analysis): – Deal with common tricks used in malwares – Malware code injection techniques – Dealing with malwares using cryptography – Focus on a malware analysis on Windows
  • Option 2 (.net reverse engineering): – Introduction to .net specific analysis tool and methodology – Ransomware analysis (written in .net) as practical work – First steps with protected .net binaries
  • Option 3 (Deobfuscation / protected binaries analysis): – Binaries/functions rebuilding – Understand and bypass common obfuscation techniques – First steps with virtual machines

The post Training | Reverse engineering like a pro appeared first on Quarkslab.

]]>
https://quarkslab.com/reverse-engineering-like-a-pro/feed/ 0