The video of our talk with @DamianoMelotti at #BHEU (with some work of @doegox in it), "2021: A Titan M Odyssey" is now available: https://t.co/J5BZM7uU8T Slides and exploit PoC available here:

Together with @0xjet, we conducted a comprehensive analysis of Android software protection deployment across 2.5 million applications. Using @enovella_'s APKiD, we examined protection adoption patterns across Google Play, alternative markets, and malware datasets.

got r00t? poked around new Pixel 10 Pro; Shannon S5400 w/ lots of Google intermediate code. custom AT CMDs prefixed +GOOG. still able to force CP crash à la SysDump *#9900# on Samsungs via other means. modem_adapter/rust_hooks/* & gems_rust_malloc symbols look interesting... 🦀

reconstructed source code tree (via DBT traces) is interesting to compare against mainline Exynos devices. lots of Google specific code under /modem_extn/ dir... same applies to the RIL https://t.co/sxyVNxH2b6 & its related modules :)

Is vibe coding a security nightmare? We benchmarked 5 AI coding agents. 71.6% vulnerability rate. 264 security issues. 100% password management failures! The vibes are shipping vulnerabilities, SecMate catches them: https://t.co/WSfgOc7BfE

I am proud to introduce SecMate, a platform born from years of vulnerability research and  offensive security work. Our mission: make security reviews of complex mobile and embedded code easier, faster, and more reliable. Feel free to reach out if you want to know more

I've published a write-up on reversing and analyzing Samsung's H-Arx hypervisor architecture for Exynos devices, which has had a lot of changes in recent years and pretty interesting design. Hope you all enjoy :) https://t.co/KTJ5IKfSfP

Good tools are made of bugs: How to monitor your Steam Deck with one byte. Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming . A Christmas gift in February, brought to you by the amazing @pwissenlit 🫶 https://t.co/aGTLuFmcc2

こんにちは Tokyo! "Of all things, I liked bugs best." ― Nikola Tesla Quarkslab is happy to participate in Pwn2Own Automotive and tomorrow we will try to demonstrate a RCE on an Electric Vehicle Charger on stage. Nikola enlight us, Murphy stay home! https://t.co/OJNfflWAAn

Another audit finalized with @OSTIFofficial and @CloudNativeFdn! 🔍 Quarkslab reviewed Notary Project’s new cryptographic features — timestamping & certificate revocation — identifying 11 issues, including 2 CVEs! 📖 Read more in our blog post: https://t.co/UJitiEi7zH

Learn Reversing Cryptography in Black Box Binaries with Quarkslab's Dahmun Goudarzi and Robin David at BOOTSTRAP25, Austin, TX, March 18-21

Receiving Starlink Signals with an RTL-SDR and Ku-Band LNB https://t.co/vJofmTZJzT

How does the new iOS inactivity reboot work? What does it protect from? I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented. https://t.co/VbdxhueXtL

🔗 #BluetoothLowEnergy (#BLE) has seen extensive research, but few studies have targeted the specification corner cases requiring high-level manipulation of the #GATT layer Baptiste at #hw_ioNL2024 proposes fuzzing approach to identify vulnerabilities 👉 https://t.co/6zutnI23z8

Our 2024-2025 internships season has started Check out the 3 new openings and apply for fun and knowledge! (paid internships, fur coats not included) https://t.co/R3XKjRCNPY

Linux kernel instrumentation from Qemu and gdb: A technique to analyze binaries or kernel modules that may try to monitor themselves. In this blog post Professor @Mad5quirrel explains the trick https://t.co/nrPUk11lNR

Finding and chaining 4 vulns to exfiltrate encryption keys from the Android Keystore on Samsung series A* devices. Did you miss the "Attacking the Samsung Galaxy A* Boot Chain" talk by @max_r_b and Raphaël Neveu earlier this year ? Talk && PoC || GTFO: https://t.co/JBDU4yOXLm

Behold! My magnum opus! The inaugural blog post! And... it's the fourth one to be posted? Turns out, developing a bootloader on retail embedded hardware is more difficult than first imagined. https://t.co/oAczq8UYTz

The Cryptodifference Engine: An in-depth look at differential fuzzing for harvesting crypto bugs, by Célian Glénaz https://t.co/7VZABr2RUE

Are "MIFARE-compatible" contactless cards not playing fair? That's what you may wonder after @doegox spotted some odd behavior. Curiosity led to experiments to devise a new attack technique that uncovered some backdoors. The RFID hacking spirit lives on! https://t.co/J2BWEPimdi

After two years of hard work with @virtualabs , we are proud to release for DEFCON32 the first public version of WHAD, a whole new ecosystem of opensource libs, tools & firmwares for wireless security ! The main repo is here: https://t.co/s62l8o8h1m . And now, demo time ! [1/n]