Maxime Rossi Bellom
@max_r_b
Android security geek. My tweets are all yours. http://mastodon.social/@maxrb
قد يعجبك
The video of our talk with @DamianoMelotti at #BHEU (with some work of @doegox in it), "2021: A Titan M Odyssey" is now available: youtube.com/watch?v=UNPblJ… Slides and exploit PoC available here: github.com/quarkslab/tita…
Together with @0xjet, we conducted a comprehensive analysis of Android software protection deployment across 2.5 million applications. Using @enovella_'s APKiD, we examined protection adoption patterns across Google Play, alternative markets, and malware datasets.
got r00t? poked around new Pixel 10 Pro; Shannon S5400 w/ lots of Google intermediate code. custom AT CMDs prefixed +GOOG. still able to force CP crash à la SysDump *#9900# on Samsungs via other means. modem_adapter/rust_hooks/* & gems_rust_malloc symbols look interesting... 🦀
reconstructed source code tree (via DBT traces) is interesting to compare against mainline Exynos devices. lots of Google specific code under /modem_extn/ dir... same applies to the RIL libsitril.so & its related modules :) github.com/ntpopgetdope/s…
got r00t? poked around new Pixel 10 Pro; Shannon S5400 w/ lots of Google intermediate code. custom AT CMDs prefixed +GOOG. still able to force CP crash à la SysDump *#9900# on Samsungs via other means. modem_adapter/rust_hooks/* & gems_rust_malloc symbols look interesting... 🦀
Is vibe coding a security nightmare? We benchmarked 5 AI coding agents. 71.6% vulnerability rate. 264 security issues. 100% password management failures! The vibes are shipping vulnerabilities, SecMate catches them: blog.secmate.dev/posts/vibe-cod…
I am proud to introduce SecMate, a platform born from years of vulnerability research and offensive security work. Our mission: make security reviews of complex mobile and embedded code easier, faster, and more reliable. Feel free to reach out if you want to know more
How to deal with the security of your code in the vibe coding era? That is why SecMate was built: blog.secmate.dev/posts/hello-wo… Working on mobile or embedded systems? DM to join our private Beta or join us on: secmate.dev
I've published a write-up on reversing and analyzing Samsung's H-Arx hypervisor architecture for Exynos devices, which has had a lot of changes in recent years and pretty interesting design. Hope you all enjoy :) dayzerosec.com/blog/2025/03/0…
Good tools are made of bugs: How to monitor your Steam Deck with one byte. Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming . A Christmas gift in February, brought to you by the amazing @pwissenlit 🫶 blog.quarkslab.com/being-overlord…
こんにちは Tokyo! "Of all things, I liked bugs best." ― Nikola Tesla Quarkslab is happy to participate in Pwn2Own Automotive and tomorrow we will try to demonstrate a RCE on an Electric Vehicle Charger on stage. Nikola enlight us, Murphy stay home! zerodayinitiative.com/blog/2025/1/21…
Another audit finalized with @OSTIFofficial and @CloudNativeFdn! 🔍 Quarkslab reviewed Notary Project’s new cryptographic features — timestamping & certificate revocation — identifying 11 issues, including 2 CVEs! 📖 Read more in our blog post: blog.quarkslab.com/security-audit…
Learn Reversing Cryptography in Black Box Binaries with Quarkslab's Dahmun Goudarzi and Robin David at BOOTSTRAP25, Austin, TX, March 18-21 ringzer0.training/bootstrap25-re…
Receiving Starlink Signals with an RTL-SDR and Ku-Band LNB rtl-sdr.com/receiving-star…
How does the new iOS inactivity reboot work? What does it protect from? I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented. naehrdine.blogspot.com/2024/11/revers…
🔗 #BluetoothLowEnergy (#BLE) has seen extensive research, but few studies have targeted the specification corner cases requiring high-level manipulation of the #GATT layer Baptiste at #hw_ioNL2024 proposes fuzzing approach to identify vulnerabilities 👉 hardwear.io/netherlands-20…
Our 2024-2025 internships season has started Check out the 3 new openings and apply for fun and knowledge! (paid internships, fur coats not included) blog.quarkslab.com/internship-off…
Linux kernel instrumentation from Qemu and gdb: A technique to analyze binaries or kernel modules that may try to monitor themselves. In this blog post Professor @Mad5quirrel explains the trick blog.quarkslab.com/linux-kernel-i…
Finding and chaining 4 vulns to exfiltrate encryption keys from the Android Keystore on Samsung series A* devices. Did you miss the "Attacking the Samsung Galaxy A* Boot Chain" talk by @max_r_b and Raphaël Neveu earlier this year ? Talk && PoC || GTFO: blog.quarkslab.com/attacking-the-…
Behold! My magnum opus! The inaugural blog post! And... it's the fourth one to be posted? Turns out, developing a bootloader on retail embedded hardware is more difficult than first imagined. blog.timschumi.net/2024/10/05/lld…
The Cryptodifference Engine: An in-depth look at differential fuzzing for harvesting crypto bugs, by Célian Glénaz blog.quarkslab.com/differential-f…
Are "MIFARE-compatible" contactless cards not playing fair? That's what you may wonder after @doegox spotted some odd behavior. Curiosity led to experiments to devise a new attack technique that uncovered some backdoors. The RFID hacking spirit lives on! blog.quarkslab.com/mifare-classic…
After two years of hard work with @virtualabs , we are proud to release for DEFCON32 the first public version of WHAD, a whole new ecosystem of opensource libs, tools & firmwares for wireless security ! The main repo is here: github.com/whad-team/whad… . And now, demo time ! [1/n]
United States الاتجاهات
- 1. #NXXT_NEWS N/A
- 2. Nano Banana Pro 7,072 posts
- 3. #WeekndTourLeaks N/A
- 4. Good Thursday 37.1K posts
- 5. #TheGamingAwards N/A
- 6. #thursdayvibes 3,362 posts
- 7. FINAL DRAFT FINAL LOVE 132K posts
- 8. Dick Cheney 9,128 posts
- 9. #LoveDesignFinalEP 121K posts
- 10. Haymitch 9,874 posts
- 11. Nnamdi Kanu 115K posts
- 12. The Hunger Games 76.5K posts
- 13. sohee 33.2K posts
- 14. Happy Friday Eve N/A
- 15. Pablo 64.7K posts
- 16. Reaping 67.9K posts
- 17. Ray Dalio 2,390 posts
- 18. Unemployment 28.5K posts
- 19. Janemba 2,529 posts
- 20. FAYE SHINE IN ARMANI 213K posts
قد يعجبك
-
quarkslab
@quarkslab -
REcon
@reconmtl -
Netlas.io
@Netlas_io -
Hexacon
@hexacon_fr -
Patrick Ventuzelo
@Pat_Ventuzelo -
Moshe Kol
@0xkol -
Almond OffSec
@AlmondOffSec -
HADESS
@Hadess_security -
Martijn Bogaard
@jmartijnb -
Taszk Security Labs
@TaszkSecLabs -
Lsec
@lsecqt -
Dohyun Lee
@l33d0hyun -
Cristofaro Mune
@pulsoid -
Angèle Bossuat= cryptopote at infosec dot exchange
@AngeleBossuat -
Thach Nguyen Hoang 🇻🇳
@hi_im_d4rkn3ss
Something went wrong.
Something went wrong.