Talk to an expert
Talk to an expert

Defense

Manufacturers, suppliers, agencies

Where technical failure costs lives.

Modern weapons systems contain tens of millions of lines of code, are designed to last 30 years, and are targeted by nation-state adversaries. Quarkslab is one of the few independent players qualified to audit them in depth — with no conflict of interest.

1 %
of cyberattacks linked to nation-state APTs
1 %
of attacks target subcontractors
1 years
Average lifespan of weapons systems (non-patchable code)
EAL 7
The highest Common Criteria certification level. Quarkslab is an approved CESTI evaluation lab.

A PRIME TARGET FOR STATE ADVERSARIES

Theft of strategic IP
APT28, APT40 and APT29 are actively operating on networks. Every year, know-how-acquisition campaigns target companies and their Tier-2 and Tier-3 subcontractors.
Backdoors in delivered systems — activatable in a crisis
Adversaries seek to plant backdoors in delivered systems, ready to be triggered in times of crisis. A guidance firmware compromised during manufacturing, a poisoned update: the attack window spans the system's entire lifecycle.
Tier 2-3 subcontractors: the most vulnerable link
An incident can begin with an infostealer on a supplier's PC. CMMC 2.0 now mandates certification across the entire US DIB supply chain. Tier 2-3 SMEs are the systematic entry vector.
Code delivered abroad, beyond control
When equipment is exported, the embedded code goes with it. Protection against reverse engineering by non-allied third-party states, and the guarantee of integrity on delivery, are both contractual and sovereignty issues.

OUR SERVICES

QREDTEAM

ADVERSARY SIMULATION

  • Nation-state APT Red Team (TTPs of APT28, APT40, APT29) on defense-industrial-base networks
  • Penetration testing of C2 command systems and tactical networks
  • Supply-chain simulation via supplier portals and partner access
  • Red Team on embedded combat systems (military RTOS, autonomous drones).
Discover QRedTeam

QLAB

DEEP SECURITY RESEARCH

  • Firmware reverse engineering of weapons systems without sources (ARM, PowerPC, DSP)
  • JTAG/UART hardware analysis, SCA/FIA on embedded cryptographic components
  • 0-day research on proprietary military communication protocols
  • Common Criteria evaluation (ANSSI-approved CESTI) — from EAL4 to EAL7.
Discover QLab

QSHIELD

SOFTWARE PROTECTION

  • Protection of embedded weapons-system code against adversary RE
  • Anti-RE for exported systems (code beyond control)
  • Protection of exported guidance and navigation algorithms
  • Certifiable anti-tamper for components subject to Common Criteria.
Discover QShield

QUARKSLAB DIFFERENCIATOR

Most consulting firms lack low-level offensive depth on defense hardware. Quarkslab is the only independent player combining ANSSI qualification, offensive and defensive expertise on critical hardware, and QShield to protect the code of exported systems against nation-state reverse engineering.

WHAT WOULD WE SAY TO EACH OTHER, FACE TO FACE

When did you last have the binary code of your embedded systems audited?

Most defense manufacturers have invested heavily in their SOC and network detection. But who has actually looked inside the binaries running in your combat systems?

Defense-classified — ANSSI/DGA cleared
Quarkslab holds the accreditations required to work on the most sensitive systems. Zero conflict of interest — we don't build weapons systems.
Binaries without sources — VxWorks, LynxOS, Green Hills
Our engineers read the binaries. No black box. We find what automated scanners never see.
Your code delivered abroad, tamper-proof
QShield protects exported firmware against reverse engineering by third-party states — a defensible contractual guarantee.
Your Tier 2-3 audited to the same standard
CMMC 2.0 requires it — we audit your suppliers with the same level of rigor as your own systems.
Our publications & CVEs
Request a confidential briefing