The internship season is back at Quarkslab! Our internship topics cover a wide range of our expertise and aim at tackling new challenges, namely:

• 🟢 Build a ROP chain using a Reinforcement Learning agent observing the dataflow graph
• 🟢 Network devices vulnerability research
• 🟢 Vulnerability Assessment and Exploitation of Satellite Communication Systems

We are also welcoming people with wide but realistic creativity, so if you have an idea and want to join the team, don't hesitate to reach out to discuss it with our experts!

Our goal is to publish most of the results of our internships. Here are some examples of publications from previous internships:

• A blogpost on Starlink's User Terminal internals;
• A SSTIC talk presenting crypto-condor, an open-source test suite for compliance testing of implementations of cryptographic primitives;
• A Hardwear.io talk on Bluetooth Low Energy GATT Fuzzing;
• A Black Hat EU talk on the Google Titan M chip;
• A blogpost on Differential fuzzing for cryptography

Quarkslab's team is always pleased to welcome new talents who want to work on complex security research subjects. If you want to face new challenges and work in a dynamic environment where curiosity and teamwork are at the heart of our way to do R&D, please apply!

In particular, we would be more than happy to welcome more applications from female candidates, and under-represented minorities. Quarkslab is dedicated to making the cybersecurity world more welcoming and inclusive for all, and that starts with our internships. With that in mind, and because we know impostor syndrome is a big obstacle for women in particular -- we've been there -- don't hesitate to reach out to us at icandoit-AT-quarkslab-DOT-com to discuss your skills, and we will help you navigate our offers.

To apply for an internship position, you must be a student, able to efficiently communicate on technical matters in written and spoken English, and willing to present the results of your internship to a large group of curious Quarkslab colleagues. Beforehand, you need to prepare the following elements:

• A resume;
• A cover letter: avoid the generic letter saying that you are so motivated and that we are so interesting. We welcome a more personal letter which explains why the topic is of particular interest to you, why you, and why us;
• Your proposed solution to the assignment attached to the offer you are interested in.

Package these elements and send them via email to internship-AT-quarkslab-DOT-com, with the subject field containing the internship name mentioned in the respective offer.

Do not forget that the key aspect of a good application is being curious and motivated, not meeting all requirements listed in the offers below should not prevent you from sending us your application, and we can discuss your skills. Keep in mind that internships are meant for learning. Let's go!

Each internship offer comes with a little assignment that should not require too much time to be completed. The result will show us not only the type of skills and knowledge you already possess, but also how ingenious you are and how well you can present your reasoning. It will serve as the basis for the interview you will have in the selection process. The assignment works both ways and is also intended to make sure that you like the topic as well as the technical aspects of the internship. If unsure about a specific aspect of a challenge, do not hesitate to drop us an email. We are open to discussion!

The first applications usually reach us a few days after publication, and we start reviewing them right away. Some internships are filled before the end of the year, while others remain open until March.

Did you notice the colored circles next to the title of the offers at the top of this blogpost? They reflect the state of internships:

• 🟢 Waiting for applications;
• 🟠 Reviewing applications, we are still accepting internship assignments but hurry up;
• 🔴 Internship is filled.

Training and helping people grow in the security industry is part of the company's DNA. That is why we provide in-depth blogposts, tools, trainings, weekly internal conferences (called Fridaycon, guess when they are), we teach in universities and schools and write articles in tech magazines. Sharing is caring, but sharing is also learning. We provide the environment for that and the rest relies on you.

Intern package in France:

• Salary: €1800 gross per month (approximately €1550 net);
• "Tickets restaurant" (restaurant coupons);
• In-depth and challenging topics.

Build a ROP chain using a Reinforcement Learning agent observing the dataflow graph.

Description

Return-Oriented Programming consists in chaining pieces of codes that already reside in the executable memory to perform what the attackers want. The aim of this internship is to explore the use of Deep Reinforcement Learning techniques guided by a dataflow graph to generate a program of equivalent semantics.

Required Skills

• Appetency for Python development.
• Some idea and interest about Machine Learning algorithms and Deep Learning internals.
• Notions of hacking and low-level stuff (assembly, ASLR...).
• A bit of knowledge in Reinforcement Learning and/or Message Passing Neural Network would be great.

What you will do

You will create a prototype on x86_64 to evaluate the feasibility of using Reinforcement Learning techniques to automatically build a ROP chain from a reduced set of gadgets:

• Study the state of the art;
• Generate a dataset of functions to translate;
• Setup a sample library with a variety of gadgets;
• Create a test bench to execute a ROP chain;
• Extract the dataflow graphs from binary code;
• Design the action space and reward function;
• Integrate a Reinforcement Learning algorithm to drive the chaining;
• Experiment the use of dataflow graphs as an observation for the RL agent.

You will be aided by Machine Learning and Cyber-security experts.

Assignment

Supposing you want to create a RL environment for the μRTS AI competition using a GNN approach:

• How would you design the observation and action spaces?
• What reward function could you try?
• Which agent algorithm could be well suited?

No code will be asked, but coding skills will be evaluated during the interview.

Duration

• 6 months

Location

• Rennes

Network devices vulnerability research

Description

As more enterprises transition their network perimeters to home offices, ensuring the security of SOHO (Small Office/Home Office) network devices becomes critically important. These consumer-grade devices are frequently plagued by vulnerabilities because they lack advanced security features and receive less rigorous updates. The goal of the proposed internship is to study this ecosystem.

Required Skills

• Preferably knowledgeable with embedded devices specificities;
• Reverse engineering skills (e.g. via CTF or RootMe);
• Knowledge of the MIPS or ARM architecture and Linux.

What you will do

Reverse engineer selected firmwares and associated network protocols. Study the attack surface, identify existing vulnerabilities through CVE/firmware updates analysis, and/or perform vulnerability research. Assess feasibility of possible exploitation of identified/found vulnerabilities. The findings might not lead to publication (blog post, conf submission), depending on their criticality.

Assignment

Pick up a recent CVE of your choice impacting a SOHO network device such as CVE-2024-1179, CVE-2022-27643, or CVE-2024-5243. Describe the root cause and an exploitation path (a PoC, even nonfunctional, will be appreciated).

Duration

• 6 months

Location

• Paris

Vulnerability Assessment and Exploitation of Satellite Communication Systems

Description

This internship project focuses on assessing and exploiting vulnerabilities in satellite communication systems, to improve their resilience against cyber threats. The intern will simulate various cyber-attacks on a selected satellite system, analyzing its communication interfaces, and attempting to identify and exploit weaknesses. The project will also involve designing and testing mitigation strategies that can defend satellite systems against these attacks. Over the six months, the intern will develop practical cybersecurity skills while working with satellite communication technology and conducting in-depth research.

Required Skills

• Programming Skills: Proficiency in Python, C++, or related languages for scripting attack simulations and data analysis.
• Research Skills: Ability to conduct comprehensive literature reviews, interpret technical documents, and apply findings to real-world systems.
• Data Analysis: Knowledge of data analysis tools to retrieve and analyze intercepted satellite signals.
• Cybersecurity Knowledge: Understanding of security assessment techniques, vulnerability research, and penetration testing.

What you will do

• Satellite System Selection: Identify and analyze a suitable satellite system (e.g., aging weather satellite, decommissioned research satellite) for vulnerability testing.
• Communication Interface Analysis: Perform a detailed analysis of the satellite’s communication systems, including uplink (command) and downlink (data) channels, identifying potential security vulnerabilities in these pathways.
• Attack Simulations: Conduct simulated cyber-attacks on the selected satellite.
• Data Retrieval and Analysis: Attempt to retrieve valuable data from the satellite's transmissions, such as telemetry and operational commands. Analyze the data for potential security risks and sensitive information leaks.
• Mitigation Strategy Development: Propose and validate cybersecurity measures to protect the satellite from future threats, based on the results of attack simulations.

Assignment

1. Choose a Relevant CVE:
   Select a CVE from 2022 or later that impacts satellite communication systems, satellite ground stations, or related components. For example: CVE-2024-44910, CVE-2024-44911, CVE-2024-44912. There exists a detailed blogpost explaining the latter mentioned CVEs, if you choose either of them try to dig deeper.

2. Detailed Analysis:

   • Root Cause Analysis: Describe the root cause of the vulnerability, including the affected components and how the flaw originated. Discuss any relevant design or implementation flaws that led to the vulnerability.
   • Impact Assessment:
     Explain the potential impact of the vulnerability on satellite operations and security. Consider scenarios such as data interception, service disruption, or unauthorized control.

3. Exploitation Path:

   • Outline a clear exploitation path for the vulnerability. Describe the steps an attacker would need to take to exploit the identified vulnerability effectively.
   • Include any prerequisites or conditions required for successful exploitation.

4. Proof of Concept (PoC):

   • Develop a non-functional proof of concept to demonstrate the feasibility of your exploitation path. This could be a code snippet, a detailed walkthrough, or a flowchart illustrating the attack steps.
   • Provide clear instructions on how the PoC can be replicated or tested.

Duration

• 6 months

Location

• Paris