We help secure the world’s most targeted organizations and products. We combine security research with an attacker mentality to reduce risk and fortify code.
Science & TechnologyNew York, NYtrailofbits.comJoined March 2010
Today, we are releasing RPC Investigator, made for exploring RPC clients and servers on Windows. This .NET application builds on the NtApiDotNet platform, adding features that offer a new way to explore RPC https://blog.trailofbits.com/2023/01/17/rpc-investigator-microsoft-windows-remote-procedure-call/…
Today, we are releasing RPC Investigator, made for exploring RPC clients and servers on Windows. This .NET application builds on the NtApiDotNet platform, adding features that offer a new way to explore RPC
Our goals with sigstore-python are two-fold: provide an extremely intuitive CLI and API and be one of the most authoritative clients in terms of succinctly and correctly implementing the intricacies of Sigstore’s security model. Read how we're doing it!
We are thrilled to announce the first stable release of sigstore-python, a client implementation of Sigstore that we’ve been developing for nearly a year!
The use of the codex detector is not turned on by default, as it can provide false positives/negatives. However, we are excited about the possibilities this new feature brings to Slither
A new release of Slither is available, which now uses OpenAI's Codex to auto-generate solidity documentation and leverages GPT-3 to find vulnerabilities.
Trail of Bits is publicly disclosing four vulnerabilities that affect wolfSSL. Last year, an intern found these automatically using the novel protocol fuzzer tlspuffin. Read more about our intern's work:
While we take great pride in the tools we develop, we also benefit from tools maintained outside of the company. In 2022, we had more than 400 pull requests merged into non-ToB repos. We thank the maintainers for innumerable hours spent on this work!
1/ The DeFi Security Summit (DSS) is an annual event that brings together experts in blockchain security to discuss the latest developments and best practices for protecting your code.
Now up, an explanation of "end-to-end" voting, which is designed to provide security and privacy for remote voting.
https://educatedguesswork.org/posts/voting-crypto/…
This is a simplified (minimal math) explanation of the pioneering work of Josh Benaloh,
's lead if they choose to publish their security reviews. It's a great example of how engineering teams can work with us -- we are proud of the compliments and cognizant of our responsibility to consider his critiques.
gives us high praise, but also highlights findings he disagrees with, provides context on why, and provides links to the responses cURL made to each of the audit points
This is cool: the grammar for queries is derived from the indexed code. A query that can't parse can't be matched. Unifying synthetic query ASTs against compiler ASTs makes matched variables a stepping off point for further analysis. There is more to searching than finding!
The naive approach to searching for patterns in source code is to use regular expressions, but that has limitations. Our intern prototyped an internal tool that does searching on Clang ASTs to avoid these limitations https://blog.trailofbits.com/2022/12/22/syntax-searching-c-c-clang-ast/…
The naive approach to searching for patterns in source code is to use regular expressions, but that has limitations. Our intern prototyped an internal tool that does searching on Clang ASTs to avoid these limitations
Tomorrow will be the last episode of our smart contract fuzzing livestream workshop. Join us at 12 ET on Twitch/YouTube (http://twitch.tv/trailofbits)(http://youtube.com/trailofbits) and catch up on what you've missed with this YouTube playlist https://youtube.com/playlist?list=PLciHOL_J7Iwqdja9UH4ZzE8dP1IxtsBXI…
Tomorrow will be the last episode of our smart contract fuzzing livestream workshop. Join us at 12 ET on Twitch/YouTube (http://twitch.tv/trailofbits)(http://youtube.com/trailofbits) and catch up on what you've missed with this YouTube playlist
24 hours from now, we'll be hosting another livestream tool workshop. If you want to join us, make sure you subscribe to our Twitch and YouTube channels for a notification on when we go live! https://twitch.tv/trailofbitshttps://youtube.com/trailofbits