Contact us

Security Audit, Consulting and Training

Your demanding (and unique) projects require expertise and for us to search more, share, imagine and customize solutions to address your security challenges on the long term.

For more than 10 years, we make no compromise on our knowledge-rich and specialized personnel in both hardware and software security areas with the same passion and curiosity.

Audit & Consulting

In-depth skills and know-how

Connected Devices (IoT)

Mastering connected devices (IoT) security (yours or your suppliers ones) has become  critical for compliance, IP Protection and data privacy.
From the early stage of design to post-deployment phase, our end-to-end security
and regulation expertise (software, hardware, mobile application and cloud) will provide you audits, advice and exhaustive reports taking into account your hardware and cost constraints.

Cloud

You have the responsibility to ensure that your Cloud infrastructure has the right level of security, that State of the Art practices are applied (rights management, Company rules,..) or migrate your on-premise assets on the cloud without losing control ?
At any stage of your project you can benefit from our end-to-end security expertise ( (application, cloud, DevOps, Kubernetes, connected device, …) to support or challenge your architectural choices.

Blockchain

Transparency and high-level of functional and cryptographic security are required for a successful crypto-currency launch under time constraint.
Our security expertise (cryptography, vulnerability research, code review and upskilling capacity) and our blockchain specific languages and eco-systems knowledge and tools will provide you with a high reputation audit.

CSPN

You have to evaluate and certify your products by an ANSSI official CESTI organization (Centre d’Evaluation de la Sécurité des Technologies de l’Information) to address French Public/Defense markets with a competitive advantage ?
Leverage our recognized team security expertise (cryptography, reverse-engineering, …) along the entire CSPN process (Certification de Sécurité de Premier Niveau) so support your definition and redaction of the security target “CDS” (cible de sécurité) and by evaluating your product in order to write the “RTE” evaluation report (rapport technique d’évaluation).

Cryptography

You want to use cryptography in the design and development phases or to apply it to your existing software or hardware device and you are looking forward to challenge security robustness, its maintenance and its adequacy to regulatory constraints.
Leverage the expertise of our team (offensive and defensive, R&D, cryptography scientists, …), our CESTI agreement (= certified Evaluation Lab), our methodology and our tools to provide you with audits and advice on both your software (DRM, communication, messaging, authentication…) and hardware (HSM, Electronic Payment Terminal, …)

Mobile Apps

You want to protect your Apps (payment, content distribution, gaming, IoT controller, ...) and by researching vulnerability, checking compliance and by securing its interactions with external components.
From the early stage of design to post-deployment phase, our security expertise (cryptography, native code analysis, vulnerability research...) associated with our end-to-end mastery (from the App to the smartphone) and our open source tools (LIEF, QBDI, ..) will provide you required audits, advice and exhaustive reports.

Automotive

To build a secure connected vehicle with production and delivery time constraints, you have to master and integrate multiple technology suppliers.
From pre-production to deployment phase, you can audit your solutions or your suppliers, receive advice and exhaustive reports. You will benefit from our 10 years reverse-engineering expertise in Automotive (ECU, IVI, protocols and communication with the unit) and from our specific tools to emulate your architecture.

Outsourced Research

Your unique project not only requires security expertise but also an approach combining research, creativity and challenging the status quo to reach your strategic goals and imagine a solution to your long term security challenges.
Since more than 10 years, we make no compromise on our knowledge-rich and specialized personnel in both hardware and software security areas with the same passion and curiosity
  • Blockchain
  • Cryptography
  • Embedded Systems
  • Low cost HW attacks
  • Reverse Engineering
  • Code review
  • Development
  • Fuzzing
  • Offensive and Defensive
  • Secure SW Architecture
More details here

Trainings

  • Android Applications
  • Practical Car Hacking
  • Binary fuzzing
  • iOS Application Security and OS Internals
  • Reverse engineering like a pro
Android Applications
For reverse engineers or analysts who are familiar with Android and willing to understand applications reversing as well as Android internals. This training aims to give you the keys to analyze Android applications as well as their interactions with the system.
Learn more
Practical car hacking
For Security researchers, Car equipment designers & Hackers interested in cars. This training aims to facilitate your understanding of the theory of each attack (how it works, how you can use it) and how to perform these attacks (during the practical sessions on the demo ECU).
Learn more
Binary fuzzing
For Reverse Engineers and Vulnerability Researchers who want to get the proper means to hunt bugs through fuzzing. This training aims to provide you with the methodology, knowledge and means to achieve fast, smart and efficient fuzzing on real-life software facing challenging situations (no source code, exotic targets) with our tools or with the capacity to build yours.
Learn more
iOS Application Security and OS Internals
For Reverse engineers interested in iOS and Security engineers with no prior experience in iOS but who need to assess apps (or start studying the system). This training aims to provide you knowledge of latest versions of iOS (from v11) and the majority of iOS Userland components so that you can perform either a security assessment or a comprehensive reverse engineering.
Learn more
Reverse engineering like a pro
For analysts who want to better understand or analyze faster, in a blackbox way, any code that can be found in the wild (malwares, applications, libraries, an exploit…). This training aims to improve your knowledge of key concepts and methodologies to reverse a binary from a static and dynamic point of view and to improve your debugging, static and dynamic analysis skills and your capacity to use tools like IDA.
Learn more
Précédent
Suivant

Our upcoming sessions

  • iOS: Application Security and OS Internals : SEPTEMBER 18 to 19, 2022

  • Reverse engineering introduction : JUNE 13 to 17, 2022

  • Android Applications: From a Reverse Point of View : NOVEMBER 21 to 25, 2022

Register

QLab contributions

430h

trainings

5

PhD

5

panel of judges

9

OSS tools

21 bugs

reported 

QLab selected tools

Instrumenting executable formats

Multi-platform library to parse, modify and abstract ELF, PE, MachO and other executable formats, injecting code or unpacking without focusing on the details.

Learn more
Tool to observe program execution

Cross-platform, cross-architecture dynamic binary instrumentation framework to observe a program during runtime and automate data collection and processing.

Learn more
Dynamic symbolic execution framework 

Cross-platform, cross-architecture dynamic binary analysis framework providing symbolic engine, taint analysis and AST representations of instructions.

Learn more

Resources

Binbloom blooms: introducing v2​

Read more

Quarkslab's Github

Go to the page
Twitter Linkedin Youtube Github

Softwares and Services

Company