You finally pwned the Holy Confluence server. What now? Create a user? Reset a password? .🚨Best way to trigger an alert.What if you craft your own Personal Access Token 🔑 for the Admin account?.Find out how in this blog post by Quarkslab's Red Teamer YV.

leHack (@_leHACK_ ) starts tomorrow at the Cité des Sciences et de l’Industrie in Paris. We will be there to meet with peers and friends. 3 talks, a cool challenge and our famous Car in a Box to play with. Come and say hi at booth 20. Full program here:.

Are you a network protocol reverse engineer? Tired of writing Wireshark plugins in memory unsafe or esoteric languages named after celestial objects? .Now you can do it in a few lines of Go, Python or Rust with Wirego. Benoit Girard explains how here:.

RT @_leHACK_: 🇬🇧 Proud to welcome Platinium Sponsor ⚪ @Quarkslab!.Cyber R&D experts turning advanced security research into real-world solu….

Attention ✨WomenAtSSTIC✨.We meet at 18:00 today at L'Equinoxe: .3 Place des Lices, 35000 Rennes. See you there!.#sstic2025.

Are you a cyber professional, or a future one, coming to #sstic2025 next week?. Come to ✨WomenATsstic✨, an informal and unofficial friendly meetup on Wednesday, June 4th at 6 pm. We will reserve a bar/café near the Halle Martenot. Register here:.

RT @offbyoneconf: @fredraynal from @quarkslab, our keynote speaker marks the start of 2nd edition of @offbyoneconf with his highly anticip….

RT @offbyoneconf: @philipp0x90 from @quarkslab in action! After a game of hide and seek, we now 𝐒.𝐇.𝐈.𝐄.𝐋.𝐃: 𝐒𝐜𝐮𝐝𝐨 𝐇𝐞𝐚𝐩 𝐈𝐦𝐩𝐥𝐞𝐦𝐞𝐧𝐭𝐚𝐭𝐢𝐨𝐧 𝐄𝐱𝐩….

Good morning Singapore!.The amazing Off by One conference (@offbyoneconf) starts today. If you are attending don't miss @fredraynal's (our fearless CEO) keynote at 9:35am:."Spyware for rent & the world of offensive cyber".The full agenda is available here:.

RT @offbyoneconf: Tom Mansion (@philipp0x90) is a junior security researcher from @quarkslab. He is zealous over CTFs, and enjoys heap expl….

Quarkslab was glad to sponsor the Real World Cryptography Paris Meetup 4 hosted by @Ledger last night. Julio Loayza Meneses talked about crypto-condor, our open source tool to test cryptography implementations. You can learn more about it here:.

Look at those cute little blobs in your internal network. They look harmless, but how about the one carrying SOCKS? It's ProxyBlob, a reverse proxy over Azure. Check out @_atsika's article on how it came to exist after an assumed breach mission ⤵️.👉

While casually reading Moodle's code @coiffeur0x90 found a SSRF bug exploitable by any authenticated user. Fun twist? This vuln matches exactly the example @orange_8361 presented at Black Hat 2017. Real life imitates conference slides 😅.Details here:.

RT @OSTIFofficial: We are so excited to announce the publication of our audit of PHP core! This work was a collaboration between our organi….

RT @ThePHPF: We are pleased to announce the completion of security audit of PHP core!. Executed by @quarkslab in partnership with @OSTIFoff….

Quarkslab audited PHP-SRC, the open source interpreter of PHP. The security audit, sponsored by @OSTIFofficial with funding from @sovtechagency, aimed at strengthening the project's security ahead of the upcoming PHP 8.4 release. Here is what we found: .

There is a small bug in the signature verification of OTA packages in the Android Open Source Framework. Official builds doing normal double verification of packages are not vulnerable but OEMs and third party apps may be. Jérémy Jourdois explains it here:.

New GUI or root access? Choose wisely!. Exploiting a Local Privilege Escalation vulnerability in CCleaner version 1 for MacOS, by @Coiffeur0x90 .

Next week at the Hack The Box meetup in Lille, France @rayanlecat will talk about PwnShop, the challenge he prepared for the @pwnmectf and how he accidentally discovered a RCE 0day while doing so. Join him next Monday at Campus Cyber Hauts-the-France:.

The Fifth Element: Using Quarkslab's cryptographic test suite to find bugs in the reference implementation of HQC, the latest algorithm added to the NIST PQC standard. Here Célian Glénaz, Dahmun Goudarzi and Julio Loayza Meneses tell you how they did it:.