We’ve added more content to ZKDocs By Jim MillerWe’ve updated ZKDocs with four new sections and additions to existi... 2023-12-26 22:0:59 | 阅读: 12 | 收藏 | Trail of Bits Blog - blog.trailofbits.com zkdocs commitment ipa polynomial

Catching OpenSSL misuse using CodeQL By Damien SantiagoI’ve created five CodeQL queries that catch potentially potent... 2023-12-22 22:0:35 | 阅读: 16 | 收藏 | Trail of Bits Blog - blog.trailofbits.com evp encryptinit initialized predicate database

Summer associates 2023 recap This past summer at Trail of Bits was a season of inspiration, innovation, and gr... 2023-12-20 22:0:13 | 阅读: 11 | 收藏 | Trail of Bits Blog - blog.trailofbits.com circuits pytorch security summer

A trail of flipping bits By Joop van de PolTrusted execution environments (TEE) such as secure enclaves... 2023-12-18 21:30:16 | 阅读: 10 | 收藏 | Trail of Bits Blog - blog.trailofbits.com enclave gcm flip ecdsa attacker

DARPA’s AI Cyber Challenge: We’re In! We’re thrilled to announce that Trail of Bits will be competing in DARPA’s upcom... 2023-12-14 22:0:45 | 阅读: 6 | 收藏 | Trail of Bits Blog - blog.trailofbits.com darpa competition software trail scoring

Say hello to the next chapter of the Testing Handbook! By Fredrik DahlgrenToday we are announcing the latest addition to the Trail of B... 2023-12-11 21:30:16 | 阅读: 5 | 收藏 | Trail of Bits Blog - blog.trailofbits.com handbook integrating analysis trail versatile

Publishing Trail of Bits’ CodeQL queries By Paweł PłatekWe are publishing a set of custom CodeQL queries for Go and C. We... 2023-12-6 21:30:25 | 阅读: 8 | 收藏 | Trail of Bits Blog - blog.trailofbits.com tob ecdsa minversion cutset trim

ETW internals for security research and forensics By Yarden ShafirWhy has Event Tracing for Windows (ETW) become so pivotal for en... 2023-11-22 20:0:12 | 阅读: 12 | 收藏 | Trail of Bits Blog - blog.trailofbits.com etw processes loggerid dbgoutput consumers

How CISA can improve OSS security By Jim MillerThe US government recently issued a request for information (RFI) a... 2023-11-20 22:35:59 | 阅读: 9 | 收藏 | Trail of Bits Blog - blog.trailofbits.com security memory software rfi

Assessing the security posture of a widely used vision model: YOLOv7 By Alvin Crighton, Anusha Ghosh, Suha Hussain, Heidy Khlaaf, and Jim MillerTL;DR... 2023-11-15 23:15:5 | 阅读: 9 | 收藏 | Trail of Bits Blog - blog.trailofbits.com yolov7 codebase security yolo pickle

Our audit of PyPI By William WoodruffThis is a joint post with the PyPI maintainers; read their an... 2023-11-14 21:0:37 | 阅读: 10 | 收藏 | Trail of Bits Blog - blog.trailofbits.com pypi cabotage warehouse attacker wherein

Adding build provenance to Homebrew By William WoodruffThis is a joint post with Alpha-Omega—read their announcement... 2023-11-6 21:0:37 | 阅读: 4 | 收藏 | Trail of Bits Blog - blog.trailofbits.com homebrew software provenance security bottle

The issue with ATS in Apple’s macOS and iOS Trail of Bits is publicly disclosing a vulnerability (CVE-2023-38596) that affect... 2023-10-30 20:0:57 | 阅读: 12 | 收藏 | Trail of Bits Blog - blog.trailofbits.com ats network encryption security

Numbers turned weapons: DoS in Osmosis’ math library By Sam AlwsTrail of Bits is publicly disclosing a vulnerability in the Osmosis c... 2023-10-24 02:27:31 | 阅读: 8 | 收藏 | Trail of Bits Blog - blog.trailofbits.com osmosis powapprox attacker iterations tokena

Introducing Invariant Development as a Service Understanding and rigorously testing system invariants are essential aspects of d... 2023-10-5 20:0:52 | 阅读: 8 | 收藏 | Trail of Bits Blog - blog.trailofbits.com invariants development invariant identify codebase

Pitfalls of relying on eBPF for security monitoring (and some solutions) By Artem DinaburgeBPF (extended Berkeley Packet Filter) has emerged as the de fa... 2023-9-25 19:0:47 | 阅读: 10 | 收藏 | Trail of Bits Blog - blog.trailofbits.com ebpf security monitoring probes memory

Don’t overextend your Oblivious Transfer By Joop van de PolWe found a vulnerability in a threshold signature scheme that... 2023-9-20 20:0:53 | 阅读: 15 | 收藏 | Trail of Bits Blog - blog.trailofbits.com receiver threshold schemes magician ots

Security flaws in an SSO plugin for Caddy By Maciej Domanski, Travis Peters, and David PokoraWe identified 10 security vul... 2023-9-18 20:0:42 | 阅读: 11 | 收藏 | Trail of Bits Blog - blog.trailofbits.com security caddy redirection

Holy Macroni! A recipe for progressive language enhancement By Brent PappasDespite its use for refactoring and static analysis tooling, Clan... 2023-9-11 20:0:12 | 阅读: 13 | 收藏 | Trail of Bits Blog - blog.trailofbits.com macroni mlir macros typedefs sig

Secure your Apollo GraphQL server with Semgrep By Vasco Francotl;dr: Our publicly available Semgrep ruleset has nine new rules... 2023-8-29 20:0:14 | 阅读: 16 | 收藏 | Trail of Bits Blog - blog.trailofbits.com apollo semgrep attacker