ControlPlane Local Privilege Escalation Vulnerability on macOS - Quarkslab's blog
A technical exploration of Local Privilege Escalation Vulnerability in ControlPlane on macOS.
πEver heard of ControlPlane, software to help you automate tasks on macOS? Turns out, it might also help you become root.
Oops! π± @coiffeur0x90 found a Local Privilege Escalation vulnerability.
Read before someone automates your admin rights
π blog.quarkslab.com/controlplane...
15.07.2025 17:09 β π 0 π 0 π¬ 0 π 0
You finally pwned the Holy Confluence server. What now? Create a user? Reset a password?
π¨Best way to trigger an alert
What if you craft your own Personal Access Token π for the Admin account ?
Find out how in this blog post by Quarkslab's Red Teamer YV
blog.quarkslab.com/a-story-abou...
03.07.2025 15:56 β π 0 π 0 π¬ 0 π 0
leHACK 2025 incoming! - leHACK
false
The leHack conference (@le-hack.bsky.social) starts tomorrow at the CitΓ© des Sciences et de lβIndustrie in Paris.
We will be there to meet with peers and friends.
3 technical talks, a cool challenge & our famous Car in a Box to play with.
Come and say hi at booth 20.
Full program here:
lehack.org
26.06.2025 12:36 β π 1 π 0 π¬ 0 π 0
A Go gopher surfing over a Wireshark shark
Are you a network protocol reverse engineer? Tired of writing Wireshark plugins in memory unsafe or esoteric languages named after celestial objects?
Now you can do it in a few lines of Go, Python or Rust with Wirego.
Benoit Girard explains how here:
blog.quarkslab.com/getting-star...
10.06.2025 16:28 β π 2 π 3 π¬ 1 π 0
Attention β¨WomenAtSSTICβ¨
We meet at 18:00 today at L'Equinoxe:
3 Place des Lices, 35000 Rennes
See you there!
#sstic2025
04.06.2025 12:07 β π 0 π 0 π¬ 0 π 0
Sondage - Women@sstic 2025 - Framadate
Framadate est un service en ligne permettant de planifier un rendez-vous ou prendre des dΓ©cisions rapidement et simplement.
Are you a cyber professional, or a future one, coming to #sstic2025 next week?
Come to β¨WomenATssticβ¨, an informal and unofficial friendly meetup on Wednesday, June 4th at 6 pm.
We will reserve a bar/cafΓ© near the Halle Martenot. Register here:
framadate.org/hH2t9FcRtgEG...
30.05.2025 15:01 β π 4 π 4 π¬ 0 π 1
Good morning Singapore!
The amazing Off by One Conference 2025 starts today.
If you are attending don't miss Fred Raynal's (our fearless CEO) keynote at 9:35am:
"Spyware for rent & the world of offensive cyber"
The full agenda is available here:
offbyone.sg/agenda
07.05.2025 23:57 β π 0 π 0 π¬ 0 π 0
Julio Loayza Meneses talking about Crypto Condor at RWC2005 Paris
The top bird of crypto implemetation testing
Quarkslab was glad to sponsor the Real World Cryptography Paris Meetup 4 hosted by @Ledger last night.
Julio Loayza Meneses talked about crypto-condor, our open source tool to test cryptography implementations.
You can learn more about it here:
quarkslab.github.io/crypto-condo...
30.04.2025 15:32 β π 2 π 0 π¬ 0 π 0
Proxybloby, the read teamer's mascot that will byte your SOCKS if left alone in your internal network
Look at those cute little blobs in your internal network. They look harmless, but how about the one carrying SOCKS?
It's ProxyBlob, a reverse proxy over Azure.
Check out Alexandre Nesic's article on how it came to exist after an assumed breach mission ‡οΈ
π blog.quarkslab.com/proxyblobing...
29.04.2025 17:32 β π 1 π 1 π¬ 0 π 1
a TOCTOU bug in Moodle's core
While casually reading Moodle's code Mathieu Farrell found a SSRF bug exploitable by any authenticated user.
Fun twist? This vuln matches exactly the example Orange Tsai presented at Black Hat 2017.
Real life imitates conference slides π
Details here:
blog.quarkslab.com/auditing-moo...
22.04.2025 16:04 β π 1 π 0 π¬ 0 π 0
We are so excited to announce the publication of our audit of PHP core! This work was made possible through a collaboration between OSTIF, @thephpf.bsky.social, and @quarkslab.bsky.social with funding provided by @sovereign.tech. For the report and further links, check out ostif.org/php-audit-co...
10.04.2025 19:12 β π 5 π 3 π¬ 0 π 0
PHP Core Security Audit Results
The PHP Foundation β Supporting, Advancing, and Developing the PHP Language
We are pleased to announce the completion of security audit of PHP core!
Executed by @quarkslab.bsky.social in partnership with @ostifofficial.bsky.social and commissioned by the @sovereign.tech.
Learn more: thephp.foundation/blog/2025/04...
10.04.2025 14:54 β π 20 π 11 π¬ 0 π 0
Security audit of PHP-SRC
The Open Source Technology Improvement Fund, Inc, thanks to funding provided by Sovereign Tech Fund, engaged with Quarkslab to perform a security audit of PHP-SRC, the interpreter of the PHP language.
Quarkslab audited PHP-SRC, the open source interpreter of PHP.
The security audit, sponsored by @ostifofficial.bsky.social with funding from @sovereign.tech, aimed at strengthening the project's security ahead of the upcoming PHP 8.4 release.
Here's what we found:
blog.quarkslab.com/security-aud...
10.04.2025 15:18 β π 6 π 3 π¬ 0 π 0
A small bug in the signature verification of AOSP OTA packages
A signature verification bypass in a function that verifies the integrity of ZIP archives in the AOSP framework
There is a small bug in the signature verification of OTA packages in the Android Open Source Framework.
Official builds doing normal double verification of packages are not vulnerable but OEMs and third party apps may be.
JΓ©rΓ©my Jourdois explains it here:
blog.quarkslab.com/aosp_ota_sig...
08.04.2025 17:51 β π 5 π 5 π¬ 0 π 0
Who let the RATs in? why, CCleaner v1 did.
New GUI or root access? Choose wisely!
Exploiting a Local Privilege Escalation vulnerability in CCleaner version 1 for MacOS, by @Coiffeur0x90
blog.quarkslab.com/ccleaner_lpe...
25.03.2025 18:22 β π 1 π 0 π¬ 0 π 0
A CTF challenge in PHP, what could possibly not be a RCE?
Next week at the Hack The Box 0x4d meetup in Lille, France @rayanle.cat will talk about PwnShop, the challenge he prepared for the PwnMe CTF 2025 and how he accidentally discovered a RCE 0day while doing so.
Join him next Monday at Campus Cyber Hauts-the-France:
www.meetup.com/hack-the-box...
25.03.2025 14:01 β π 7 π 2 π¬ 0 π 0
Image of the Cryptocondor, the natural predator of cryptobugs. A mighty bird from the Andes mountain range that fiercely preys on bugs with the invaluable aid of DeltAFLy, which provides differential fuzzing superpowers.
The Fifth Element: Using Quarkslab's cryptographic test suite to find bugs in the reference implementation of HQC, the latest algorithm added to the NIST PQC standard.
Here CΓ©lian GlΓ©naz, Dahmun Goudarzi and Julio Loayza Meneses tell you how they did it:
blog.quarkslab.com/finding-bugs...
21.03.2025 18:12 β π 1 π 0 π¬ 0 π 0
Your OPC vuln research mission is about to crash?
Don't worry fuzzysully can land you safely
The Open Platform Communications Unified Architecture (OPC UA) is an open standard for industrial systems.
In 2024 we worked with @anssi-fr.bsky.social to develop fuzzysully, an OPC UA fuzzer.
Today we are glad to announce that this tool is now open source:
github.com/ANSSI-FR/fuz...
21.03.2025 15:20 β π 1 π 1 π¬ 0 π 0
Phishing in the Cloud with Diamonds
From classic HTML pages to advanced MFA bypasses, dive in with @atsika.bsky.social in an exploration of phishing techniques π£.
Learn some infrastructure tricks and delivery methods to bypass common detection.
π blog.quarkslab.com/technical-di...
(promise this one is legit π)
11.03.2025 16:06 β π 5 π 4 π¬ 0 π 2
We completed our 2nd audit of Allbrige's Estrela, a decentralized exchange built on the Soroban platform.
Our audit was focused on the 3-token pool implementation and no critical vulnerabilities were found.
The summary and full report can be read here
blog.quarkslab.com/audit-of-all...
28.02.2025 14:17 β π 2 π 0 π¬ 0 π 0
An AI generated picture depicting exploitation kungfu against SOplanning. We guess they did not plan for that.
ICYMI: 5 vulnerabilities in SOPlanning, an open source project management application used by major consulting services providers.
In part 2 of "Pwn Everything, Bounce Everywhere, all at once" Mathieu Farrell tells you how to chain them for unautheticated RCE
blog.quarkslab.com/pwn-everythi...
26.02.2025 16:04 β π 1 π 1 π¬ 0 π 0
A Plan to Pwn: Reviving a 17 year old bug or winning a race against Project Management? We've got both.
Mathieu Farrell shows you how in the "Pwn Everything, Bounce Everywhere, all at once" blog post series.
blog.quarkslab.com/pwn-everythi...
25.02.2025 19:39 β π 3 π 2 π¬ 0 π 0
Lock screen with handwritten notation suggesting to use CVE-2025-24200 to go further
Unrestrict the restricted mode for USB on iPhone. A first analysis @citizenlab.ca #CVE-2025-24200 π blog.quarkslab.com/first-analys...
14.02.2025 11:07 β π 17 π 7 π¬ 0 π 3
AMD published Security Bulletin AMD-SB-7027 addressing CVE-2024-0179 and CVE-2024-21925, the two UEFI SMM vulnerabilities disclosed in our blog post.
Data center, desktop, mobile and embedded processors products are affected:
www.amd.com/en/resources...
13.02.2025 14:35 β π 2 π 2 π¬ 0 π 0
calc.exe is the new Doom
Good tools are made of bugs: How to monitor your Steam Deck with one byte.
Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming.
A Christmas gift in February, brought to you by the amazing Gwaby π«Ά
blog.quarkslab.com/being-overlo...
11.02.2025 17:40 β π 15 π 7 π¬ 1 π 2
Another audit finalized with @ostifofficial.bsky.social and CNCF! π Quarkslab reviewed Notary Projectβs new cryptographic features β timestamping & certificate revocation β identifying 11 issues, including 2 CVEs! π Read more in our blog post:
blog.quarkslab.com/security-aud...
22.01.2025 12:32 β π 0 π 1 π¬ 0 π 0
