Internship : Design of an Interactive Learning Framework for QShield Protection Tools

Quarkslab is a French infosecurity company. Our expertise lies in combining offensive and defensive security to help organizations adopt a new security posture: forcing attackers, not defenders, to constantly adapt.

Through our consulting services and software solutions, we provide tailored solutions to organizations, assisting them in protecting their assets, sensitive datas, and users against increasingly sophisticated attacks.

We develop two commercial software products: QFlow, for protection against threats and malware, and QShield, for the protection of applications, keys, and data.

We consider internships as opportunities to spot profiles that match how we work. They are intended to guide students to enter the professional world as potential future colleagues if they feel like it. We love interns because they bring fresh air to the company and because we see them grow, not only during the internship but also after, when they are hired and can get to work on so many other topics. There are two goals in every internship we offer:

1. Exploring a topic we don't necessarily know very well, hence training the new expert on the topic;

2. Hiring you after the internship to keep and share your new expertise with colleagues.

Training and growing people in the security industry is part of the company's DNA. That is why we provide in-depth blogposts, tools, trainings, weekly internal conferences (called Fridaycon, guess when they are), we teach in universities and schools, write articles in tech magazines and send our less experienced hires to a 6-month intensive training program (BADGE-RE or BADGE-SO). Sharing is caring, but sharing is also learning. We provide the environment for that the rest relies on you.

At Quarkslab, we have been developing application protection tools since 2014, featuring obfuscation and runtime application self-protections (RASP). One of these tools (QShield App Protection) relies on a compiler framework, LLVM, and thus comes as a replacement for the regular compiler used by our customers. One of the challenges they face, however, is to gain expertise efficiently, so they can be proficient in using our tools to the maximum of their functionalities.

The main goal of the internship will be to create tutorials, documentation and interactive tools to help them in this task. The idea of an interactive learning framework is inspired by Rustlings, online courses running Jupyter notebooks, and the like. The design and technology are left for the intern to choose; the end product can be web-based, CLI-based, or whatever else fits the purpose!

What you will do

• Review the documentation and play with QShield modules that are used to protect applications (through obfuscation and RASP), data and cryptographic keys (through Whitebox);

• Improve samples, tutorials, examples and docs of current QShield products;

• Create an interactive learning framework with a learn-by-doing approach, offering problems to solve by adding protection using QShield products.

Intern package in France:

• Salary: €1800 gross per month (approximately €1550 net);

• "Tickets restaurant" (restaurant coupons);

• In-depth and challenging topics.

Required Skills

• Have an interest in compilers and software protection; (you don't need to be an expert in compilation ;))

• Be able to write technical documentation

• Be able to demonstrate experience with scripting and the Linux environment;

• Communicate effectively about technical matters in English, written and spoken.

How to apply :

• A resume;

• A cover letter: avoid the generic letter saying that you are so motivated and that we are so interesting. We welcome a more personal letter which explains why the topic is of particular interest to you, why you, and why us;

• Your proposed solution to the assignment attached to the offer you are interested in;

• Your preference between pain au chocolat or chocolatine.

Disclaimer : Any application that does not contain an assignment will be rejected.

Assignment

• Look at the Tigress obfuscator documentation, in particular the proposed protections;

• Choose one of the obfuscation passes and write a small tutorial on how to use it. It should be targeted at beginners and cover the chosen topic comprehensively, providing step-by-step guidance and explanations;

• Design a small C/C++ coding exercise that must be solved by protecting the code using that pass;

• Write a script validating the usage of the pass: if it has been used correctly and the target to protect is protected, print "Success!"

The candidate should submit the following, packaged in an archive:

• The tutorial in a document format (Markdown, RST, ...) with any code, images or visual aids that are part of the tutorial.

• The coding exercise, written in C or C++, and its accompanying validating script, written in bash or python.

You will find other offers on our blog : https://blog.quarkslab.com/internship-offers-for-the-2023-2024-season.html