Within Quarkslab, the services / R & D part carries out projects, internal or external, around the following themes:
- reverse engineering: understanding how a program works without having the source code;
- cryptography: analyze or design cryptography in applications to increase security properties;
- vulnerabilities: assess the robustness of a target, search for vulnerabilities and develop exploits;
- hardware and software security: working on Systems on Chip, designing software and hardware architectures for increase our capabilities.
These projects are carried out in various technical environments, from general public OS to dedicated SOCs up to hardware. We focus on the internal mechanisms of these systems than specific tools (see our public tools such as Triton, LIEF or QBDI).
- At least 3 years of experience in security, hands in grease.
- Practical experience, in the context of employment or self-driven initiative or both.
- English written and spoken, another language bonus.
- Experience (s) in other areas of security than those described in the offer.
- Example: experiment with hardware debug or interfaces (eg JTAG, UART, I2C, etc.).
- Knowledge of several architectures or operating systems.
- Publication (s), lecture (s), training (s) given or received, CVE, bug bounties.
- Contributions to open source projects (development, tools, reverse engineering, etc.).
- Participation in challenges or CTFs.
What does Quarkslab offer?
We are regularly confronted with large and partially protected programs with obfuscation, virtual machines and cryptographic protocols. To analyze them, we have to go beyond these protections in order to access useful semantics. This work is a combination of tools and manual approaches.
- The habit of analyzing programs for long hours to understand them up.
- Knowledge of software protections, developing new approaches to circumvent them.
- Contribution to our tools to automate/facilitate the analysis of protections.
- Recode an algorithm (in C, Python, etc.) from a protected code to better understand it.