Good tools are made of bugs: How to monitor your Steam Deck with one byte. Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming. A Christmas gift in February, brought to you by the incredible @Gwaby 🫢
Being Overlord on the Steam Deck with 1 Byte - Quarkslab's blog
In this blog post we explain the consequences of asking our R&D boss for a Steam Deck as a Christmas gift. It involves a couple of vulnerabilities,...
 image
πŸ‘‹ Looking for some cool research opportunities in 2025? We still have an open position in our 2024-2025 internships season. Take a look and hurry up to submit, those satellites won't hack themselves
Internship Offers for the 2024-2025 Season - Quarkslab's blog
The internship season is back at Quarkslab! Our internship topics cover a wide range of our expertise and aim at tackling new challenges, namely:
Finding and chaining 4 vulns to exfiltrate encryption keys from the Android Keystore on Samsung series A* devices. Did you miss the "Attacking the Samsung Galaxy A* Boot Chain" talk by [@max_r_b](
bird.makeup - Api Saturated
 ) and RaphaΓ«l Neveu earlier this year ? Talk && PoC || GTFO:
Attacking the Samsung Galaxy A* Boot Chain - Quarkslab's blog
We discovered several vulnerabilities impacting the boot chain of several Samsung devices. Chained together, they allow us to execute code in the b...
 image
Don't you miss the golden era of SQL Injections? Here Mathieu Farrell (@Coiffeur) explains how to feel the thrill again with the aid of Apache Superset, XML and a bit of parsing tickery: "Bypass Apache Superset restrictions to perform SQL Injections"
Bypass Apache Superset restrictions to perform SQL injections - Quarkslab's blog
The following article explains how during an audit we took a look at Apache Superset and found bypasses (by reading the PostgreSQL documentation) f...
 image