• Français
  • English
Contact us
Contactez-nous

Your outsourced R&D partner

At Quarkslab, we leverage over 12 years of research and development (R&D) experience to deliver comprehensive protection against potential risks. In addition to offering top-tier security consulting and services, we ensure that your cybersecurity defenses are not only robust but also evolve continuously to meet the ever-changing threat landscape and the latest industry best practices.

MIFARE Classic
Learn how we developed new attacks defeating one of the most secure static encrypted nonce variant of "MIFARE Classic compatible" cards, and uncovered a hardware backdoor
Read the blog
Attacking the Samsung Galaxy A Boot Chain
Learn how we discovered several vulnerabilities impacting the boot chain of several Samsung devices.
Read the blog
Previous
Next

R&D missions

rd1

At Quarkslab, our mission is clear: to lead the way in research and development (R&D) by setting new industry standards for innovation, expertise, and knowledge-sharing. We are committed to leveraging cutting-edge R&D to secure the future and deliver a competitive edge to our clients and partners.

Our reputation is built on the exceptional technical skills and forward-thinking practices we proudly provide. We aim to be recognized globally for the quality and depth of our expertise, helping our clients tackle complex challenges with confidence.

Collaboration and knowledge-sharing are at the heart of what we do. By fostering open communication and innovation, we empower both individuals and organizations to grow and thrive. Whether within our team or with our clients and communities, we believe progress comes from working together to shape a better, more secure future.

Join us as we push the boundaries of technology and create solutions that inspire.

R&D stats

0

talks presented 

0

blog posts published

0

vulnerabilities identified 

0

academic articles published

Our latest CVEs

Explore the latest CVEs issued by our team.

CVE-2025-1223

A Local Privilege Escalation
vulnerability in Citrix Secure
Agent for MacOS

18-02-2025

Learn more

CVE-2024-21925

AMD UEFI firmware: Improper
input validation within the
AmdPspP2CmboxV2 driver

11-02-2025
Learn more

CVE-2024-0179

AMD UEFI firmware: SMM callout vulnerability within the AmdCpmDisplayFeatureSMM driver

11-02-2025

Learn more

CVE-2025-21194

Microsoft Surface Security Feature Bypass Vulnerability
11-02-2025
Learn more

CVE-2024-56138

Notation-go: Timestamp signature generation vulnerability.
16-12-2024
Learn more

CVE-2024-54137

Correctness error in the reference implementation of the HQC key encapsulation mechanism in liboqs
04-12-2024
Learn more

CVE-2024-53947

SQL injection vulnerabilities in Apache Superset
03-12-2024
Learn more

CVE-2024-51491

Process crash during CRL-based revocation check on OS using separate mount point for temp Directory in notation-go
28-10-2024
Learn more

CVE-2024-47026

out of bounds read due to an incorrect bounds check in gsc_gsa_rescue of gsc_gsa.c
25-10-2024
Learn more

CVE-2024-20659

Windows Hyper-V Security Feature Bypass Vulnerability
08-10-2024
Learn more

CVE-2024-9026

PHP-FPM logs from children may be altered
02-09-2024
Learn more

CVE-2024-8929

Leak partial content of the heap through heap buffer over-read in mysqlnd
17-09-2024
Learn more

Public reports and blog posts

Read our latest insights and findings in our Blog

Security audit of
PHP-SRC

The Open Source Technology Improvement Fund, Inc, thanks to funding provided by Sovereign Tech Fund, engaged with Quarkslab to perform a security audit of PHP-SRC, the interpreter of the PHP language.
Read more

A small bug in the signature verification of AOSP OTA packages

A signature verification bypass in a function that verifies the integrity of ZIP archives in the AOSP framework.

Read more

CCleaner Local Privilege E
scalation Vulnerability on macOS

A technical exploration of a trivial Local Privilege Escalation
Vulnerability in CCleaner <= v1.18.30 on macOS.

Read more

Beyond the Hook:
A Technical Deep Dive into Modern Phishing Methodologies

A technical exploration of modern phishing tactics, from basic HTML pages to advanced MFA-bypassing techniques, with analysis of infrastructure setup and delivery methods used by phishers in 2025.
Read more
Visit our Blog

Open-source tools

Discover the open-source tools developed and maintained by our team of security engineers

CryptoCondor

crypto-condor is a Python library for compliance testing of implementations of cryptographic primitives.
Read more

QBDI

QBDI by Quarkslab is a modular, cross-platform dynamic binary instrumentation framework for analyzing and manipulating binary code at runtime.

Read more

Diffing Portal

Diffing Portal aims to centralize and provide various resources on binary diffing, a useful technique for reverse-engineering, in one place.
Read more

Check out a more exhaustive list of our open-source tools

Discover more

Where to find us

Come and meet us on the road!

LE HACK 2025

27th & 28th June, Paris, France

The Last Resort: Debugging Embedded Systems with Unconventional Methods by Vincent Lopes

SSTIC 2025

4th June, Rennes, France

Pyrrha & Friends: Diving into Firmware Cartography by Eloïse Brocas, Robin David

We Have a Deal: we provide the lego bricks, you build cool wireless attacks by Damien Cauquil, Romain Cayre

Wirego- Un framework de développement de plugins Wireshark by Benoît Girard

apkpatcher : Fast analysis and modification to Android Applications by Benoît Forgette

Pass the SALT 2025

1st July, Lille, France

The Last Resort: Debugging Embedded Systems with Unconventional Methods by Vincent Lopes

Wirego, a Wireshark plugin development framework by Benoît Girard

Bluetooth Low Energy hacking with WHAD by Romain Cayre

Apkpatcher: Reverse Engineering and Modifying Android Applications Without Rooting by Benoît Forgette

Talk to our experts

Get in touch with our team for a demo
Schedule a consultation