Our #pts24 program & booking site are online😍
- 21 talks on 10 topics, 9 (!) workshops
- by experts from Let's Encrypt, Google CT and DFIR teams, quarkslab, Synacktiv, rev.ng Kudelski Security ...

Happy (free) booking!

👉cfp.pass-the-salt.org/pts2024/schedu…
🎟️pretix.eu/passthesalt/20…

RT🙏❤️

Fast and Curious: Emulating Renesas RH850 System-on-Chip using Unicorn Engine
Brought to you by Damien Cauquil (@[email protected]) and Phil BARRETT to make your automotive vulnerability research easier

blog.quarkslab.com/emulating-rh85…

Cryptographic vulnerabilities with a 'low' or 'informational' severity are like tiny pebbles in your shoe, you know they're in there but why take them out if you can still walk?
Take care of them before they cause major discomfort!
Angèle Bossuat= cryptopote at infosec dot exchange explains
blog.quarkslab.com/non-compliant-…

This is some cool research by Philippe Teuwen on how someone that can observe Pwned Passwords requests (namely Cloudflare or me) could possibly derive the original password if the search is performed incrementally (char by char): blog.quarkslab.com/passbolt-a-bol…

A very nice project form quarkslab made on a awesome plateforme made by hydrabus.com Benjamin Vernoux let's fuzz some USB now!

Denis Bodor / @lefinnois.bsky.social , un projet super intéressant qui pourrait en inspirer plus d’un.
quarkslab , bravo à tout ceux impliqués dans ce beau projet.

Qui sait, une idée d’(une série d’)article(s) dans un magazine Fr 😇est possible

HydraDancer open source Code released by quarkslab
Including wch-ch56x-lib, hydradancer_fw & HydraDancer/Facedancer thanks to quarkslab team for the hardwork on that master piece of open source code !
blog.quarkslab.com/hydradancer-fa…

Are we human? or are we dancer?
Introducing HydraDancer: A new hardware board and open source firmware for faster USB peripheral emulation.
The Facedancer legacy lives on!
Thiébaud Fuchs tells the story here
blog.quarkslab.com/hydradancer-fa…

🚨 Heads up Passbolt Users! As mentioned last week here is the security bulletin on the two vulnerabilities that were discovered by security researchers and both fixed in v4.6.2. Read the full reports on the incident pages: help.passbolt.com/incidents/

Have you been pwned? You could if you try to find out!
Breaking k-Anonymity due to bad use of the Pwned Password API in the Passbolt password manager.
In the best tradition of PoC||GTFO Philippe Teuwen explains it all here.
Kudos to Passbolt for the quick fix
blog.quarkslab.com/passbolt-a-bol…

🪓Yes we hacked!
Last week QSEC, our CTF team, participated in the European Cyber Cup at the InCyber Forum.
Our team finished 4th among 20 participants but
we could not engage in the hardware CTF...because we organized it!
👏Kudos to QSEC, the CTF organizers and all other teams!

Silos have no windows, but Windows have Silos🤔
It is complicated
So let Lucas Di Martino explain it better in the second installment of his Reversing Windows Containers blog post series.
From Silo to Server Silo:
blog.quarkslab.com/reversing-wind…

Use the Brute Force Luke!
Solving SandboxAQ's Post-Quantum Crypto CTF

A four course meal of cryptanalysis to end the the week on a high note with @dahmung

blog.quarkslab.com/sandboxaq-ctf-…

Exploiting GLPI: A Red Team Christmas story.
Or how Mathieu Farrell tried to reproduce a known vulnerability and the elves brought him two 0days.

We unveil how he obtained code execution and added a backdoor to GLPI, a PHP-based IT asset management app
blog.quarkslab.com/exploiting-glp…

Last month Quarkslab engineers Turt and Zigtur completed a security audit of Allbridge Core, a cross-chain swap built for stablecoins.
We would like to thank the Stellar Development Foundation for supporting this project.
The report is available here: blog.quarkslab.com/allbridge-core…

Wireless hacking is a never ending quest of wandering & wondering, stumbling into puzzles and solving them elegantly with magic, and sometimes new tools
Join Damien Cauquil (@[email protected]) for his latest adventures in wireless protocol analysis. Tomorrow on Twitch at 9am CET twitch.tv/virtualabs

'Attacks only get better'
Well indeed, our WhiteBox Cryptanalysis tool BlueGalaxyEnergy, an open source implementation of the BGE attack, just got improved!

blog.quarkslab.com/bge-attack-on-…