about us title

Impalabs is a research-oriented security company based in France.

Our extensive experience in vulnerability research and exploit development enables us to provide various consulting services to our clients.

Sharing our knowledge being one of our core values, we offer trainings tailored to your needs and try to give back to the community by publishing our latest research.

impalabs labs graphics
wave graphics
our services title

Our purpose is to deliver fully customizable services meeting the needs and requirements of our clients. To this end, we provide multiple offensive security assessments that we categorized below. Whether you would like to know if your project is in scope or just want more information about our company, feel free to reach out, we're always ready to help you. In any case, if we are not the best suited for the job, we won't hesitate to refer you to someone who is.

pentest icon

Penetration Test

Description

Penetration testing is a process designed to assess the security of a system by trying to bypass the existing defenses. They are usually performed as "black box" tests, meaning that the client only provides a minimal amount of information about the target. By having the same access as an attacker and using the same toolset, we are able to identify the weaknesses and vulnerabilities that could be used to compromise the system.
Once assessments are finished, we deliver a complete report detailing the techniques used, the vulnerabilities discovered, and that also suggests remediation steps to fix them.


Examples of Targets

  • Web Applications & APIs
  • Mobile Applications (Android, iOS, etc.)
  • Internet of Things (IoT)
  • Infrastructure (Cloud, VPN, etc.)
audit icon

Security Audit

Description

Security audits provide a thorough security assessment of a system by performing an in-depth analysis of its inner-workings. They differ from penetration tests by their "white box" approach that requires any information that could help identifying vulnerabilities (e.g. source code, configuration files, etc.). This approach enables an easier and more efficient use of both static and dynamic analysis.
After completing the audit, you will receive a report highlighting the flaws identified as well as some recommendations on how to correct them.


Types of Audits

  • Code Audit: we manually and carefully review the source code provided (mobile application, driver, operating system, etc.).
  • Configuration Audit: we inspect the configuration and architecture of a system as well as its components (firewall, VPN, SELinux, etc.).
rnd icon

Research & Development

Research and development projects are the mainspring of our company. They usually have a longer time span and require very specific technical expertise.
The following domains are the ones we are the most proficient in:

  • Reverse Engineering: analyzing and understanding a binary of a given architecture (x86, x64, ARM, etc.) without having access to the source code or the documentation.
  • Vulnerability Research: identifying vulnerabilities in a complex code base or a component requiring reverse engineering.
  • Exploitation: developing an exploit for a given vulnerability, and improving its speed and stability.
  • Tools Development: writing highly-specialized tools to facilitate reverse engineering or vulnerability research (harnesses, fuzzers, emulators, IDA/Ghidra/Binary Ninja, etc.).
training icon

Trainings

We have given several trainings in the past on different topics related to offensive security, sometimes during international conferences such as TROOPERS, hardwear.io and Zer0Con. In the same spirit, we provide tailored trainings to our customers and strive to share our knowledge the best we can.

Examples of Possible Trainings

  • Android Apps & Kernel Internals
  • Reverse-Engineering and Exploitation on ARM
  • Using and Developing Scripts for IDA, Ghidra, etc.
  • Vulnerability Research using Static and Dynamic Analysis
our team title

We are a team of two security researchers who have worked with companies from various sectors (banking, transportation, energy, defense, etc.). Our clients range from small businesses to big corporations, meaning we can adapt easily to your organization's structure and cater to your specific needs. We love complex engineering challenges and we are more than ready to tackle yours.

Maxime Peterlin profile image

Maxime Peterlin

Co-founder

Twitter icon LinkedIn icon GitHub icon

Alexandre Adamski profile image

Alexandre Adamski

Co-founder

Twitter icon LinkedIn icon GitHub icon

our publications title

Over the past few years, we have had the opportunity to share the results of some of the projects we have worked on. We did so by publishing articles and giving talks at international conferences like Black Hat USA, Zer0Con, SSTIC, etc.

2021
presentation icon

Getting Root on Android with CVE-2020-0423 - Zer0Con

Funded by Longterm Security

article icon

Reversing and Exploiting Samsung's Neural Processing Unit

Funded by Longterm Security ARTICLE

article icon

RKP Compendium

Funded by Longterm Security ARTICLE

2020
article icon

Exploiting a Single Instruction Race Condition in Binder

Funded by Longterm Security ARTICLE

2019
article icon

A Deep Dive Into Samsung's TrustZone

Funded by Quarkslab PART 1 PART 2 PART 3

presentation icon

Breaking Samsung's ARM TrustZone - BlackHat USA

Funded by Quarkslab SLIDES VIDEO

article icon

Security Audit of Particl Bulletproof and MLSAG

Funded by Quarkslab and Particl ARTICLE REPORT

presentation icon

IDArling: Collaborative Reverse Engineering - SSTIC

Funded by Quarkslab SLIDES VIDEO

2018
article icon

Developing a Secure App using Intel SGX - MISC-099

Funded by Quarkslab ARTICLE

article icon

Overview of Intel SGX

Funded by Quarkslab PART 1 PART 2

2017
article icon

CVE-2017-6862: How I Rooted Your Router - MISC-092

Funded by ON-X ARTICLE

impalabs contact graphics

Copyright © Impalabs 2021