The internship season is back at Quarkslab! Our internship topics cover a wide range of our expertise and aim at tackling new challenges, namely:
We are also welcoming people with wide but realistic creativity, so if you have an idea and want to join the team, don't hesitate to reach out to discuss it with our experts!
Our goal is to publish most of the results of our internships. Here are some examples of publications from previous internships:
Quarkslab's team is always pleased to welcome new talents who want to work on complex security research subjects. If you want to face new challenges and work in a dynamic environment where curiosity and teamwork are at the heart of our way to do R&D, please apply!
In particular, we would be more than happy to welcome more applications from female candidates, and under-represented minorities.
Quarkslab is dedicated to making the cybersecurity world more welcoming and inclusive for all, and that starts with our internships.
With that in mind, and because we know impostor syndrome is a big obstacle for women in particular -- we've been there -- don't hesitate to reach out to us at icandoit-AT-quarkslab-DOT-com
to discuss your skills, and we will help you navigate our offers.
To apply for an internship position, you must be a student, able to efficiently communicate on technical matters in written and spoken English, and willing to present the results of your internship to a large group of curious Quarkslab colleagues. Beforehand, you need to prepare the following elements:
Package these elements and send them via email to internship-AT-quarkslab-DOT-com
, with the subject field containing the internship name mentioned in the respective offer.
Do not forget that the key aspect of a good application is being curious and motivated, not meeting all requirements listed in the offers below should not prevent you from sending us your application, and we can discuss your skills. Keep in mind that internships are meant for learning. Let's go!
Each internship offer comes with a little assignment that should not require too much time to be completed. The result will show us not only the type of skills and knowledge you already possess, but also how ingenious you are and how well you can present your reasoning. It will serve as the basis for the interview you will have in the selection process. The assignment works both ways and is also intended to make sure that you like the topic as well as the technical aspects of the internship. If unsure about a specific aspect of a challenge, do not hesitate to drop us an email. We are open to discussion!
The first applications usually reach us a few days after publication, and we start reviewing them right away. Some internships are filled before the end of the year, while others remain open until March.
Did you notice the colored circles next to the title of the offers at the top of this blogpost? They reflect the state of internships:
Training and helping people grow in the security industry is part of the company's DNA. That is why we provide in-depth blogposts, tools, trainings, weekly internal conferences (called Fridaycon, guess when they are), we teach in universities and schools and write articles in tech magazines. Sharing is caring, but sharing is also learning. We provide the environment for that and the rest relies on you.
Intern package in France:
Return-Oriented Programming consists in chaining pieces of codes that already reside in the executable memory to perform what the attackers want. The aim of this internship is to explore the use of Deep Reinforcement Learning techniques guided by a dataflow graph to generate a program of equivalent semantics.
You will create a prototype on x86_64 to evaluate the feasibility of using Reinforcement Learning techniques to automatically build a ROP chain from a reduced set of gadgets:
You will be aided by Machine Learning and Cyber-security experts.
Supposing you want to create a RL environment for the μRTS AI competition using a GNN approach:
No code will be asked, but coding skills will be evaluated during the interview.
As more enterprises transition their network perimeters to home offices, ensuring the security of SOHO (Small Office/Home Office) network devices becomes critically important. These consumer-grade devices are frequently plagued by vulnerabilities because they lack advanced security features and receive less rigorous updates. The goal of the proposed internship is to study this ecosystem.
Reverse engineer selected firmwares and associated network protocols. Study the attack surface, identify existing vulnerabilities through CVE/firmware updates analysis, and/or perform vulnerability research. Assess feasibility of possible exploitation of identified/found vulnerabilities. The findings might not lead to publication (blog post, conf submission), depending on their criticality.
Pick up a recent CVE of your choice impacting a SOHO network device such as CVE-2024-1179, CVE-2022-27643, or CVE-2024-5243. Describe the root cause and an exploitation path (a PoC, even nonfunctional, will be appreciated).
This internship project focuses on assessing and exploiting vulnerabilities in satellite communication systems, to improve their resilience against cyber threats. The intern will simulate various cyber-attacks on a selected satellite system, analyzing its communication interfaces, and attempting to identify and exploit weaknesses. The project will also involve designing and testing mitigation strategies that can defend satellite systems against these attacks. Over the six months, the intern will develop practical cybersecurity skills while working with satellite communication technology and conducting in-depth research.
Choose a Relevant CVE:
Select a CVE from 2022 or later that impacts satellite communication systems, satellite ground stations, or related components. For example:
CVE-2024-44910, CVE-2024-44911, CVE-2024-44912. There exists a detailed blogpost explaining the latter mentioned CVEs, if you choose either of them try to dig deeper.
Detailed Analysis:
Exploitation Path:
Proof of Concept (PoC):
If you would like to learn more about our security audits and explore how we can help you, get in touch with us!