Alexis Challande

Alexis Challande

Security Engineer

Quarkslab

Ecole Polytechnique

Biography

Alexis Challande obtained his PhD at Quarkslab in October 2022, a French middle-size security company. His research interests include 1 day detection applied to embedded systems, AOSP usage through with a security mindset and usage of graph theories applied to binary analysis. His PhD was conducted in the GRACE team at the Laboratoire d’Informatique de l’Ecole Polytechnique (LiX).

Warning: Alexis will be out for a sabbatical starting in December 2022.

Download my resumé (last updated in December 2022).

Interests
  • Binary Analysis and Reverse Engineering
  • Android Open Source Project
  • IDA scripting
Education

  • PhD in Binary Analysis, 2022

    Ecole Polytechnique

  • Master in Digital Security, 2018

    Eurecom

  • BSc in Computer Science, 2015

    University Pierre & Marie Curie

Work Experience

 
 
 
 
 
Quarkslab
Security Engineer
Quarkslab
Sep 2019 – Dec 2022 Paris

I am part of the Automated Analysis team where I mostly work on the following topics:

  • Detection of 1 day vulnerabilities in Android phones (for my PhD)
  • Android Application Analysis
  • Tooling development
  • IDA Plugin development
 
 
 
 
 
Anssi
Master Internship
Anssi
Mar 2018 – Aug 2018 Paris
I worked on the identification of cryptographic code in binary code.
 
 
 
 
 
AXA CS
Apprentice in Cyber Security
AXA CS
Sep 2015 – Aug 2016 Paris
I worked in the Cybersecurity Team on the implementation of ISO 2700X norms.

Projects

Quokka
Quokka is a Fast and Accurate Binary Exporter
Code Documentation Blogpost
Quokka
AOSP Dataset
Large vulnerability dataset based on CVE affecting AOSP and precise at a commit level
Code Blogpost
Bgraph
BGraph is a tool designed to generate dependencies graphs from Android.bp soong files.
Code

Talks & Presentations

Towards 1-day Vulnerability Detection using Semantic Patch Signatures
This presentation was the Defense of my Ph.D. work
Oct 11, 2022 2:00 PM — 2:30 PM Cyber Campus
Slides
Automation of 1-day vulnerability discovery in firmwares
De la caractérisation de la vulnérabilité à sa détection automatique, nous allons vous présenter les pistes explorées et les expérimentations menées pour retrouver des vulnérabilités connues dans des firmware.
Mar 25, 2021 2:00 PM — Mar 25, 2022 2:30 PM Online

Publications

Alexis Challande, Robin David, Guénael Renault (2022). Quokka: A Fast and Accurate Binary Exporter. GreHack'22.

PDF Cite Code Project Slides

Alexis Challande, Robin David, Guénael Renault (2022). Towards Patch Detection using Binary Only Semantic Signatures. HAL.

PDF Cite Code

Alexis Challande, Robin David, Guénael Renault (2022). Building a commit-level dataset of real-world vulnerabilities. CODASPY'22.

PDF Cite Code Dataset DOI

Alexis Challande, Robin David, Guénael Renault (2021). Exploitation du graphe de dépendance d'AOSP à des fins de sécurité . SSTIC'21.

PDF Cite Code Project Slides Video

Contact