Typos that omit security features and how to test for them By Dominik ‘disconnect3d’ CzarnotaDuring a security audit, I discovered an easy-... 2023-4-20 19:0:8 | 阅读: 25 | 收藏 | Trail of Bits Blog - blog.trailofbits.com checksec typo security chk

A Winter’s Tale: Improving messages and types in GDB’s Python API By Matheus Branco Borella, University of São PauloAs a winter associate at Trail... 2023-4-18 19:0:43 | 阅读: 22 | 收藏 | Trail of Bits Blog - blog.trailofbits.com objfile python loader obstack memory

How to avoid the aCropalypse By Henrik Brodin, Lead Security Engineer, ResearchThe aCropalypse is upon us!La... 2023-3-30 20:0:22 | 阅读: 20 | 收藏 | Trail of Bits Blog - blog.trailofbits.com polytracker re3eot spots acropalypse cropped

Can you pass The Rekt Test? Audits from Trail of Bits give organizations ways to fix their current issues and... 2023-3-22 19:30:59 | 阅读: 27 | 收藏 | Trail of Bits Blog - blog.trailofbits.com security blockchain posture funds hardware

Codex (and GPT-4) can’t beat humans on smart contract audits By Artem Dinaburg, Chief Technology Officer; Josselin Feist, Principal Engineer;... 2023-3-22 19:0:49 | 阅读: 18 | 收藏 | Trail of Bits Blog - blog.trailofbits.com codex toucan analysis tooling ownership

Circomspect has more passes! By Fredrik Dahlgren, Principal Security EngineerTL;DR: We have released version... 2023-3-21 20:0:24 | 阅读: 16 | 收藏 | Trail of Bits Blog - blog.trailofbits.com lessthan signals num2bits circomspect constrain

We need a new way to measure AI security Tl;dr: Trail of Bits has launched a practice focused on machine learning and arti... 2023-3-14 20:0:47 | 阅读: 10 | 收藏 | Trail of Bits Blog - blog.trailofbits.com security machine assurance trail adapted

Reusable properties for Ethereum contracts As smart contract security constantly evolves, property-based fuzzing has become... 2023-2-27 21:0:54 | 阅读: 22 | 收藏 | Trail of Bits Blog - blog.trailofbits.com echidna erc20 crytic security mint

Escaping well-configured VSCode extensions (for profit) By Vasco FrancoIn part one of this two-part series, we escaped Webviews in real-... 2023-2-23 21:0:42 | 阅读: 30 | 收藏 | Trail of Bits Blog - blog.trailofbits.com vscode microsoft postmessage

Escaping misconfigured VSCode extensions TL;DR: This two-part blog series will cover how I found and disclosed three vulne... 2023-2-21 21:0:50 | 阅读: 28 | 收藏 | Trail of Bits Blog - blog.trailofbits.com vscode attacker sarif webviews subdomain

Readline crime: exploiting a SUID logic bug By roddux // Rory MI discovered a logic bug in the readline dependency partiall... 2023-2-16 21:0:0 | 阅读: 30 | 收藏 | Trail of Bits Blog - blog.trailofbits.com readline chfn rl getenv inputrc

cURL audit: How a joke led to significant findings By Maciej DomanskiIn fall 2022, Trail of Bits audited cURL, a widely-used comman... 2023-2-14 21:0:14 | 阅读: 21 | 收藏 | Trail of Bits Blog - blog.trailofbits.com memory fuzzer proxy aflplusplus specifies

Harnessing the eBPF Verifier By Laura BaumanDuring my internship at Trail of Bits, I prototyped a harness tha... 2023-1-19 21:0:42 | 阅读: 25 | 收藏 | Trail of Bits Blog - blog.trailofbits.com ebpf verifier harness libbpf bounded

Introducing RPC Investigator A new tool for Windows RPC researchBy Aaron LeMastersTrail of Bits is releasing... 2023-1-17 21:0:6 | 阅读: 36 | 收藏 | Trail of Bits Blog - blog.trailofbits.com client rpci library windows etw

Announcing a stable release of sigstore-python By William WoodruffRead the official announcement on the Sigstore blog as well!... 2023-1-13 23:0:58 | 阅读: 18 | 收藏 | Trail of Bits Blog - blog.trailofbits.com sigstore python github verifier rekor

Keeping the wolves out of wolfSSL By Max AmmannTrail of Bits is publicly disclosing four vulnerabilities that affe... 2023-1-12 21:0:17 | 阅读: 33 | 收藏 | Trail of Bits Blog - blog.trailofbits.com wolfssl suites tlspuffin yao dolev

Another prolific year of open-source contributions By Samuel MoeliusThis time last year, we wrote about the more than 190 Trail of... 2023-1-10 21:0:32 | 阅读: 15 | 收藏 | Trail of Bits Blog - blog.trailofbits.com windows libs unnecessary memory osquery

How to share what you’ve learned from our audits By Nick SelbyTrail of Bits recently completed a security review of cURL, which i... 2022-12-23 04:10:39 | 阅读: 17 | 收藏 | Trail of Bits Blog - blog.trailofbits.com daniel security software developers trail

Fast and accurate syntax searching for C and C++ By Mate KukriThe naive approach to searching for patterns in source code is to u... 2022-12-22 21:0:52 | 阅读: 24 | 收藏 | Trail of Bits Blog - blog.trailofbits.com syntex grammar decl analysis asts

What child is this? A Primer on Process Reparenting in WindowsBy Yarden ShafirProcess reparenting i... 2022-12-20 21:0:25 | 阅读: 23 | 收藏 | Trail of Bits Blog - blog.trailofbits.com 0000005a 00007ff8 createinfo procmon debugger