• Français
  • English

Your strategic outsourced
R&D partner
for offensive & defensive Security

Because your innovations require excellence, an applied research and tailored approach.

Your demanding (and unique) projects require expertise and for us to search more, share, imagine and customize solutions to address your security challenges on the long term.

For more than 10 years, we make no compromise on our knowledge-rich and specialized personnel in both hardware and software security areas with the same passion and curiosity.

Security audit, consulting and training

Audit & Consulting

Connected Devices (IoT)

Mastering connected devices (IoT) security (yours or your suppliers ones) has become  critical for compliance, IP Protection and data privacy.


From the early stage of design to post-deployment phase, our end-to-end security and regulation expertise (software, hardware, mobile application and cloud) will provide you audits, advice and exhaustive reports taking into account your hardware and cost constraints.

Cloud

You have the responsibility to ensure that your Cloud infrastructure has the right level of security, that State of the Art practices are applied (rights management, Company rules,..) or migrate your on-premise assets on the cloud without losing control ?


At any stage of your project you can benefit from our end-to-end security expertise ( (application, cloud, DevOps, Kubernetes, connected device, …) to support or challenge your architectural choices.

Blockchain

Transparency and high-level of functional and cryptographic security are required for a successful crypto-currency launch under time constraint.


Our security expertise (cryptography, vulnerability research, code review and upskilling capacity) and our blockchain specific languages and eco-systems knowledge and tools will provide you with a high reputation audit.

CSPN

You have to evaluate and certify your products by an ANSSI official CESTI organization (Centre d’Evaluation de la Sécurité des Technologies de l’Information) to address French Public/Defense markets with a competitive advantage ?


Leverage our recognized team security expertise (cryptography, reverse-engineering, …) along the entire CSPN process (Certification de Sécurité de Premier Niveau) so support your definition and redaction of the security target “CDS” (cible de sécurité) and by evaluating your product in order to write the “RTE” evaluation report (rapport technique d’évaluation).

IP and content protection

You deliver contents or services (streaming, gaming, IP protected content) and you want to ensure that the security in place is robusts enough to protect your business model? How do you know the intellectual property or the sensitive information stored in your solution is protected with the right level of security?

Whether it is a userland desktop application, a driver or involving a hardware security component, you will get an estimate of the attack cost to guide your business decisions.

Cryptography

You want to use cryptography in the design and development phases or to apply it to your existing software or hardware device and you are looking forward to challenge security robustness, its maintenance and its adequacy to regulatory constraints.


Leverage the expertise of our team (offensive and defensive, R&D, cryptography scientists, …), our CESTI agreement (= certified Evaluation Lab), our methodology and our tools to provide you with audits and advice on both your software (DRM, communication, messaging, authentication…) and hardware (HSM, Electronic Payment Terminal, …)

Mobile Apps, trustlets and platform

You want to protect your Apps (payment, content distribution, gaming, IoT controller, ...) by researching vulnerability, checking compliance and by securing its interactions with external components. From the early stage of design to post-deployment phase, our security expertise (cryptography, native code analysis, vulnerability research...) associated with our end-to-end mastery (from the App to the smartphone) and our open source tools (LIEF, QBDI, ..) will provide you required audits, advice and exhaustive reports.

Automotive

To build a secure connected vehicle with production and delivery time constraints, you have to master and integrate multiple technology suppliers.


From pre-production to deployment phase, you can audit your solutions or your suppliers, receive advice and exhaustive reports. You will benefit from our 10 years reverse-engineering expertise in Automotive (ECU, IVI, protocols and communication with the unit) and from our specific tools to emulate your architecture.

Outsourced Research

Your unique project not only requires security expertise but also an approach combining research, creativity and challenging the status quo to reach your strategic goals and imagine a solution to your long term security challenges.


Since more than 10 years, we make no compromise on our knowledge-rich and specialized personnel in both hardware and software security areas with the same passion and curiosity

COTS product pentesting

What is the impact on your global security of this new Commercial Off-the-shelf solution (COTS)? Before you deploy it, or because it is already in your systems, you want to ensure that its behavior is exactly as advertised by the editor without creating new attack paths in your defense?

You will get the attack surface of that COTS and an estimate of the cost for an attacker to use it to intrude deeper into your systems. You will then be able to optimize your security posture considering these new risks.

Technical blogposts on a great variety of R&D topics, such as cryptography, reverse engineering, vulnerabilities, and more, written by our engineers
Check out our blog

In-depth skills and know-how

  • Blockchain
  • Cryptography
  • Embedded Systems
  • Low cost HW attacks
  • Reverse Engineering
  • Code review
  • Development
  • Fuzzing
  • Offensive and Defensive
  • Secure SW Architecture

QLab contributions

0 h

trainings

0

PhD

0

panel of judges

0

OSS tools

0 bugs

reported

Trainings​

Our trainings

  • Android Applications
  • Practical Car Hacking
  • Binary fuzzing
  • iOS Application Security and OS Internals
  • Reverse engineering like a pro

How to get our training

  • Our training can be purchased by customer for internal needs. We provide the content (slidedeck), the tools and the experts to teach the training, and we can also organize the logistic (finding and booking an appropriate location).

  • We deliver these training as well within conference program. To get registered, please refer to the conference website.

QLAB selected tool

Instrumenting executable formats

Multi-platform library to parse, modify and abstract ELF, PE, MachO and other executable formats, injecting code or unpacking without focusing on the details.

Tool to observe program execution

Cross-platform, cross-architecture dynamic binary instrumentation framework to observe a program during runtime and automate data collection and processing.

Dynamic symbolic execution framework 

Cross-platform, cross-architecture dynamic binary analysis framework providing symbolic engine, taint analysis and AST representations of instructions.

Resources

Binbloom blooms: introducing v2​

Quarkslab's Github