• Français
  • English

Security Audit, consulting and training

Your demanding (and unique) projects require expertise and for us to search more, share, imagine and customize solutions to address your security challenges on the long term.

For more than 10 years, we make no compromise on our knowledge-rich and specialized personnel in both hardware and software security areas with the same passion and curiosity.

Audit & Consulting

Connected Devices (IoT)

Mastering connected devices (IoT) security (yours or your suppliers ones) has become  critical for compliance, IP Protection and data privacy.


From the early stage of design to post-deployment phase, our end-to-end security and regulation expertise (software, hardware, mobile application and cloud) will provide you audits, advice and exhaustive reports taking into account your hardware and cost constraints.

Cloud

You have the responsibility to ensure that your Cloud infrastructure has the right level of security, that State of the Art practices are applied (rights management, Company rules,..) or migrate your on-premise assets on the cloud without losing control ?


At any stage of your project you can benefit from our end-to-end security expertise ( (application, cloud, DevOps, Kubernetes, connected device, …) to support or challenge your architectural choices.

Blockchain

Transparency and high-level of functional and cryptographic security are required for a successful crypto-currency launch under time constraint.


Our security expertise (cryptography, vulnerability research, code review and upskilling capacity) and our blockchain specific languages and eco-systems knowledge and tools will provide you with a high reputation audit.

CSPN

You have to evaluate and certify your products by an ANSSI official CESTI organization (Centre d’Evaluation de la Sécurité des Technologies de l’Information) to address French Public/Defense markets with a competitive advantage ?


Leverage our recognized team security expertise (cryptography, reverse-engineering, …) along the entire CSPN process (Certification de Sécurité de Premier Niveau) so support your definition and redaction of the security target “CDS” (cible de sécurité) and by evaluating your product in order to write the “RTE” evaluation report (rapport technique d’évaluation).

Cryptography

You want to use cryptography in the design and development phases or to apply it to your existing software or hardware device and you are looking forward to challenge security robustness, its maintenance and its adequacy to regulatory constraints.


Leverage the expertise of our team (offensive and defensive, R&D, cryptography scientists, …), our CESTI agreement (= certified Evaluation Lab), our methodology and our tools to provide you with audits and advice on both your software (DRM, communication, messaging, authentication…) and hardware (HSM, Electronic Payment Terminal, …)

Mobile Apps

You want to protect your Apps (payment, content distribution, gaming, IoT controller, ...) and by researching vulnerability, checking compliance and by securing its interactions with external components.


From the early stage of design to post-deployment phase, our security expertise (cryptography, native code analysis, vulnerability research...) associated with our end-to-end mastery (from the App to the smartphone) and our open source tools (LIEF, QBDI, ..) will provide you required audits, advice and exhaustive reports.

Automotive

To build a secure connected vehicle with production and delivery time constraints, you have to master and integrate multiple technology suppliers.


From pre-production to deployment phase, you can audit your solutions or your suppliers, receive advice and exhaustive reports. You will benefit from our 10 years reverse-engineering expertise in Automotive (ECU, IVI, protocols and communication with the unit) and from our specific tools to emulate your architecture.

Outsourced Research

Your unique project not only requires security expertise but also an approach combining research, creativity and challenging the status quo to reach your strategic goals and imagine a solution to your long term security challenges.


Since more than 10 years, we make no compromise on our knowledge-rich and specialized personnel in both hardware and software security areas with the same passion and curiosity

In-depth skills and know-how

  • Blockchain
  • Cryptography
  • Embedded Systems
  • Low cost HW attacks
  • Reverse Engineering
  • Code review
  • Development
  • Fuzzing
  • Offensive and Defensive
  • Secure SW Architecture

QLab contributions

0 h

trainings

0 + 5

PhD / panel of judges

0

OSS tools

0 bugs

reported

Trainings

Our trainings

  • Android Applications
  • Practical Car Hacking
  • Binary fuzzing
  • iOS Application Security and OS Internals
  • Reverse engineering like a pro

Our upcoming sessions

  • iOS: Application Security and OS Internals : SEPTEMBER 18 to 19, 2022
  • Reverse engineering introduction : JUNE 13 to 17, 2022
  • Android Applications: From a Reverse Point of View : NOVEMBER 21 to 25, 2022

QLAB selected tool

Instrumenting executable formats

Multi-platform library to parse, modify and abstract ELF, PE, MachO and other executable formats, injecting code or unpacking without focusing on the details.

Tool to observe program execution

Cross-platform, cross-architecture dynamic binary instrumentation framework to observe a program during runtime and automate data collection and processing.

Dynamic symbolic execution framework 

Cross-platform, cross-architecture dynamic binary analysis framework providing symbolic engine, taint analysis and AST representations of instructions.

Resources

Binbloom blooms: introducing v2​

Quarkslab's Github