EXPERTISE TO SEEK WHAT OTHERS CANNOT FIND
Some vulnerabilities appear in no scanner. They trigger no alert. They lie dormant in the firmware of an embedded component, in the logic of a proprietary protocol, in the silent interaction between a chip and its operating system.
Those are exactly the flaws our researchers look for first. With the same techniques as the world’s best attackers — reverse engineering, advanced fuzzing, fault injection, side-channel analysis — and with no generic safety net. Every engagement is a bespoke investigation, carried through to its conclusion: proof of exploitability and a concrete remediation path.
TECHNICAL EXPERTISE: SOFTWARE RESEARCH
Reverse engineering
Deconstruction of closed binaries and firmware without source-code access — IDA Pro, Ghidra, Binary Ninja, obfuscated code.
Advanced fuzzing
Coverage-guided fuzzing on binaries, protocols and interfaces — AFL++, libFuzzer, Boofuzz, hybrid approaches with DSE.
Static analysis & SAST
Detection of vulnerable patterns without execution — CodeQL, Semgrep, taint analysis on source code and binaries.
Dynamic analysis
Behavioral observation at runtime — instrumentation, tracing, data- and control-flow analysis.
Advanced exploitation
Heap/stack exploitation, ROP chains, kernel exploits, sandbox escapes — proof of the real impact of each vulnerability.
Code review
In-depth audit of source code — proprietary protocols, firmware, critical libraries and applications.
Program analysis
Modeling of control and data flow to reach the vulnerable states of a complex system.
File format
Vulnerabilities in parsers — PDF, images, proprietary binary protocols, industrial exchange formats.
Cryptography
Implementation audit, cryptanalysis, software side-channel, misuse of cryptographic primitives.
TECHNICAL EXPERTISE: EMBEDDED HARDWARE SEARCH
Fault injection
Voltage glitching, EM fault injection, clock glitching — targeted physical disturbance to bypass hardware security.
Side-channel analysis
Extraction of secrets through power-consumption analysis (SPA/DPA), EM emissions and timing on real components.
Interface & debug attack
Exploitation of JTAG, UART, SWD, SPI/I2C — firmware extraction and unauthorized access on embedded systems.
PCB & component analysis
Physical mapping, decapsulation, electron microscopy — complete hardware reverse engineering down to the silicon.
RFID
Analysis and attacks on access-control systems, contactless cards and short-range communication protocols.
Embedded hardware
SoCs, microcontrollers, embedded boards — physical and logical analysis in their real operating conditions.
QUARKSLAB MOBILIZED TOOLS
Fast, precise binary explorer — the entry point for any static-analysis engagement on complex binaries.
Cross-platform parser and modifier of ELF, PE and MachO binaries — indispensable for firmware analysis and manipulation.
Collaborative fuzzing combining AFL++, libFuzzer and DSE — maximizes code coverage on complex targets.
Automatic firmware mapping — components, dependencies and attack surfaces mapped quickly.
Symbolic execution to reason about target behavior and automate the discovery of attack paths.
Dynamic binary instrumentation to analyze in depth the EDR defense mechanisms in place.
Snapshot-based fuzzer for the Windows kernel — discovery of exploitable 0-days in advanced Red Team engagements.
Analysis of raw binary firmware with no identified filesystem — detects the base address and internal structures.
Advanced binary diffing for patch tracking and detection of unpatched CVEs in production.
Compliance and robustness testing of cryptographic implementations — validation during product audits.
Asynchronous analysis system for suspicious files — automated triage and threat qualification.
Kernel-level TLS communication interception via eBPF — bypassing application protections without altering binaries.
MISSION TYPES
Product security audit
In-depth investigation of a hardware or software product — complete attack surface, remediation included.
Component analysis
Fault injection, side-channel, debug interfaces — assessment of the physical resistance of a component or board.
Firmware reverse engineering
Extraction, mapping and in-depth analysis of embedded firmware — without source-code access.
Cryptographic audit
Evaluation of cryptographic implementations and protocols — compliance, robustness, resistance to attacks.
Outsourced R&D
A dedicated team of researchers over time — contracted objectives, 0-days, skills transfer.
Product threat modeling
Threat modeling upstream of development — Security by Design built in from the design stage.
DOMAINS & VERTICALS COVERED
Automotive
ECUs, embedded CAN/LIN/Ethernet, OTA update security, ADAS systems.
Mobile
Android & iOS — kernel, TEE, Secure Enclave, boot chain, critical apps.
Cloud & infra
Hypervisors, containers, managed services, CI/CD pipelines.
IoT
Firmware, wireless protocols (BLE, Zigbee, LoRa), physical interfaces.
Artificial intelligence
ML model security — poisoning, extraction, adversarial inputs.
Healthcare & medical
Connected medical devices, Class II/III firmware, proprietary protocols.
Blockchain
Smart contracts, decentralized protocols, on-chain application logic.
Defense & sovereignty
Critical systems, certified components, high-security environments.
DISCOVER THE QLAB OFFERING
Bespoke vulnerability research — hardware, firmware, software — with concrete remediation as the outcome.