Trusted publishing: a new benchmark for packaging security Read the official announcement on the PyPI blog as well!For the past year, we’ve... 2023-5-23 19:0:20 | 阅读: 28 | 收藏 | Trail of Bits Blog - blog.trailofbits.com pypi publishing oidc github security

Real World Crypto 2023 Recap Last month, hundreds of cryptographers descended upon Tokyo for the first Real Wo... 2023-5-16 21:54:43 | 阅读: 25 | 收藏 | Trail of Bits Blog - blog.trailofbits.com pqc primitives rwc security slides

Introducing Windows Notification Facility’s (WNF) Code Integrity By Yarden Shafir, Senior Security EngineerWNF (Windows Notification Facility) is... 2023-5-15 19:0:45 | 阅读: 28 | 收藏 | Trail of Bits Blog - blog.trailofbits.com wnf signals windows security

Loose code, sinks nodes: What should governments consider when getting involved with blockchain? Last September, Principal Security Engineer Dr. Evan Sultanik was on a panel host... 2023-4-25 19:0:57 | 阅读: 18 | 收藏 | Trail of Bits Blog - blog.trailofbits.com blockchain web3 security development blockchains

Typos that omit security features and how to test for them By Dominik ‘disconnect3d’ CzarnotaDuring a security audit, I discovered an easy-... 2023-4-20 19:0:8 | 阅读: 31 | 收藏 | Trail of Bits Blog - blog.trailofbits.com checksec typo security chk

A Winter’s Tale: Improving messages and types in GDB’s Python API By Matheus Branco Borella, University of São PauloAs a winter associate at Trail... 2023-4-18 19:0:43 | 阅读: 27 | 收藏 | Trail of Bits Blog - blog.trailofbits.com objfile python loader obstack memory

How to avoid the aCropalypse By Henrik Brodin, Lead Security Engineer, ResearchThe aCropalypse is upon us!La... 2023-3-30 20:0:22 | 阅读: 24 | 收藏 | Trail of Bits Blog - blog.trailofbits.com polytracker re3eot spots acropalypse cropped

Can you pass The Rekt Test? Audits from Trail of Bits give organizations ways to fix their current issues and... 2023-3-22 19:30:59 | 阅读: 32 | 收藏 | Trail of Bits Blog - blog.trailofbits.com security blockchain posture funds hardware

Codex (and GPT-4) can’t beat humans on smart contract audits By Artem Dinaburg, Chief Technology Officer; Josselin Feist, Principal Engineer;... 2023-3-22 19:0:49 | 阅读: 25 | 收藏 | Trail of Bits Blog - blog.trailofbits.com codex toucan analysis tooling ownership

Circomspect has more passes! By Fredrik Dahlgren, Principal Security EngineerTL;DR: We have released version... 2023-3-21 20:0:24 | 阅读: 25 | 收藏 | Trail of Bits Blog - blog.trailofbits.com lessthan signals num2bits circomspect constrain

We need a new way to measure AI security Tl;dr: Trail of Bits has launched a practice focused on machine learning and arti... 2023-3-14 20:0:47 | 阅读: 14 | 收藏 | Trail of Bits Blog - blog.trailofbits.com security machine assurance trail adapted

Reusable properties for Ethereum contracts As smart contract security constantly evolves, property-based fuzzing has become... 2023-2-27 21:0:54 | 阅读: 28 | 收藏 | Trail of Bits Blog - blog.trailofbits.com echidna erc20 crytic security mint

Escaping well-configured VSCode extensions (for profit) By Vasco FrancoIn part one of this two-part series, we escaped Webviews in real-... 2023-2-23 21:0:42 | 阅读: 36 | 收藏 | Trail of Bits Blog - blog.trailofbits.com vscode microsoft postmessage

Escaping misconfigured VSCode extensions TL;DR: This two-part blog series will cover how I found and disclosed three vulne... 2023-2-21 21:0:50 | 阅读: 33 | 收藏 | Trail of Bits Blog - blog.trailofbits.com vscode attacker sarif webviews subdomain

Readline crime: exploiting a SUID logic bug By roddux // Rory MI discovered a logic bug in the readline dependency partiall... 2023-2-16 21:0:0 | 阅读: 36 | 收藏 | Trail of Bits Blog - blog.trailofbits.com readline chfn rl getenv inputrc

cURL audit: How a joke led to significant findings By Maciej DomanskiIn fall 2022, Trail of Bits audited cURL, a widely-used comman... 2023-2-14 21:0:14 | 阅读: 27 | 收藏 | Trail of Bits Blog - blog.trailofbits.com memory fuzzer proxy aflplusplus specifies

Harnessing the eBPF Verifier By Laura BaumanDuring my internship at Trail of Bits, I prototyped a harness tha... 2023-1-19 21:0:42 | 阅读: 31 | 收藏 | Trail of Bits Blog - blog.trailofbits.com ebpf verifier harness libbpf bounded

Introducing RPC Investigator A new tool for Windows RPC researchBy Aaron LeMastersTrail of Bits is releasing... 2023-1-17 21:0:6 | 阅读: 44 | 收藏 | Trail of Bits Blog - blog.trailofbits.com client rpci library windows etw

Announcing a stable release of sigstore-python By William WoodruffRead the official announcement on the Sigstore blog as well!... 2023-1-13 23:0:58 | 阅读: 24 | 收藏 | Trail of Bits Blog - blog.trailofbits.com sigstore python github verifier rekor

Keeping the wolves out of wolfSSL By Max AmmannTrail of Bits is publicly disclosing four vulnerabilities that affe... 2023-1-12 21:0:17 | 阅读: 67 | 收藏 | Trail of Bits Blog - blog.trailofbits.com wolfssl suites tlspuffin yao dolev