Vulnerability Assessment and Exploitation of

Quarkslab is a privately held company founded in 2011 with currently more than 100 employees. The company focuses on vulnerability research, reverse engineering and design of security solutions and has developed leading software in the area of threat detection and code/data protection.
Quarkslab provides a broad set of products and services based on deep knowledge in the area of Cybersecurity.

**Job description**:
This internship project focuses on assessing and exploiting vulnerabilities in satellite communication systems, to improve their resilience against cyber threats. The intern will simulate various cyber-attacks on a selected satellite system, analyzing its communication interfaces, and attempting to identify and exploit weaknesses. The project will also involve designing and testing mitigation strategies that can defend satellite systems against these attacks. Over the six months, the intern will develop practical cybersecurity skills while working with satellite communication technology and conducting in-depth research.
- ** Cybersecurity Knowledge**: Understanding of security assessment techniques, vulnerability research, and penetration testing.

**What you will do**
- ** Satellite System Selection**: Identify and analyze a suitable satellite system (e.g., aging weather satellite, decommissioned research satellite) for vulnerability testing.
- ** Communication Interface Analysis**: Perform a detailed analysis of the satellite’s communication systems, including uplink (command) and downlink (data) channels, identifying potential security vulnerabilities in these pathways.
- ** Attack Simulations**: Conduct simulated cyber-attacks on the selected satellite.
- ** Data Retrieval and Analysis**: Attempt to retrieve valuable data from the satellite's transmissions, such as telemetry and operational commands. Analyze the data for potential security risks and sensitive information leaks.
- ** Mitigation Strategy Development**: Propose and validate cybersecurity measures to protect the satellite from future threats, based on the results of attack simulations.

**Profile**:

- ** Programming Skills**: Proficiency in Python, C++, or related languages for scripting attack simulations and data analysis.
- ** Data Analysis**: Knowledge of data analysis tools to retrieve and analyze intercepted satellite signals.
- ** Cybersecurity Knowledge**: Understanding of security assessment techniques, vulnerability research, and penetration testing.

**Assignment**
- ** Choose a Relevant CVE**:
Select a CVE from 2022 or later that impacts satellite communication systems, satellite ground stations, or related components. For example: CVE-2024-44910, CVE-2024-44912, CVE-2024-44911. There exists a detailed blogpost explaining the latter mentioned CVEs, if you choose either of them try to dig deeper.
- ** Detailed Analysis**:

- ** Root Cause Analysis**:
Describe the root cause of the vulnerability, including the affected components and how the flaw originated. Discuss any relevant design or implementation flaws that led to the vulnerability.
- ** Impact Assessment**:
Explain the potential impact of the vulnerability on satellite operations and security. Consider scenarios such as data interception, service disruption, or unauthorized control.
- ** Exploitation Path**:

- Outline a clear exploitation path for the vulnerability. Describe the steps an attacker would need to take to exploit the identified vulnerability effectively.
- Include any prerequisites or conditions required for successful exploitation.
- ** Proof of Concept (PoC)**:

- Develop a non-functional proof of concept to demonstrate the feasibility of your exploitation path. This could be a code snippet, a detailed walkthrough, or a flowchart illustrating the attack steps.
- Provide clear instructions on how the PoC can be replicated or tested.