Internship - Binary fuzzing on a mobile platform

About Quarkslab

Quarkslab builds cutting-edge cybersecurity solutions used by security-driven companies and institutions around the world. Our QShield product suite focuses on software protection and reverse engineering resistance across desktop, mobile, and embedded platforms.

We’re not in the cloud — we build real software, tested on real systems. If you enjoy diving deep into complex technical environments, automating smart test coverage, and owning quality end-to-end, read on.

Description

The goal of the internship is to experiment and to develop if necessary fuzzers to target binary targets on Android and iOS.

What you will do

Over the course of your 6 month internship you will work on experimenting and building binary fuzzers capable of targeting native libraries on Android or binary components on iOS. Especially, a focus will be given on using QBDI, Quarkslab's instrumentation framework.

The goal will be to develop fuzzers, or fine-tune existing ones, to enable targetting of native libraries in fuzzing campaigns, then to test your fuzzer against real targets and find vulnerabilities.

At the end of the internship you will deliver:

• Functional tooling that can be used during security assessment.

• A report explaining design choices and benchmarking efficiency against existing solutions.

• A presentation of your research project internally to peers, as well as a public communication (blog post, paper or conference talk) about it.

Required Skills

• Programing: Python (intermediate)

• ARM32/Aarch64 assembly and binary structures(basic)

• Fuzzers and fuzzing infrastructure (basic)

Assignment

Download the challenge app and follow the instructions in the README file.