Best practices for key derivation By Marc IlungaKey derivation is essential in many cryptographic applications, in... 2025-1-28 14:0:18 | 阅读: 8 | 收藏 | Trail of Bits Blog - blog.trailofbits.com randomness hkdf salt kdf security

Celebrating our 2024 open-source contributions While Trail of Bits is known for developing security tools like Slither, Medusa,... 2025-1-23 14:0:30 | 阅读: 6 | 收藏 | Trail of Bits Blog - blog.trailofbits.com github sigstore woodruffw pypi python

Auditing the Ruby ecosystem’s central package repository This is a joint post with the Ruby Central team. The full report, which includes... 2024-12-11 22:0:59 | 阅读: 9 | 收藏 | Trail of Bits Blog - blog.trailofbits.com rubygems security analysis starttls

35 more Semgrep rules: infrastructure, supply chain, and Ruby By Matt Schwager and Travis PetersWe are publishing another set of custom Semgre... 2024-12-9 22:0:43 | 阅读: 12 | 收藏 | Trail of Bits Blog - blog.trailofbits.com semgrep hcl oidc security prefer

Evaluating Solidity support in AI coding assistants By Artem DinaburgAI-enabled code assistants (like GitHub’s Copilot, Continue.dev... 2024-11-19 22:0:37 | 阅读: 6 | 收藏 | Trail of Bits Blog - blog.trailofbits.com solidity deepseek compchomper evaluation coder

Attestations: A new generation of signatures on PyPI Read the official announcement on the PyPI blog as well!For the past year, we’v... 2024-11-14 22:0:15 | 阅读: 14 | 收藏 | Trail of Bits Blog - blog.trailofbits.com pypi publishing provenance sigstore

Killing Filecoin nodes By Simone MonicaIn January, we identified and reported a vulnerability in the Lo... 2024-11-13 19:0:12 | 阅读: 11 | 收藏 | Trail of Bits Blog - blog.trailofbits.com bls blsincludes msgs tipsetidx tipsets

Fuzzing between the lines in popular barcode software By Artur CyganFuzzing—one of the most successful techniques for finding security... 2024-10-31 21:0:18 | 阅读: 9 | 收藏 | Trail of Bits Blog - blog.trailofbits.com zbar nix fuzzer drv memory

A deep dive into Linux’s new mseal syscall By Alan CaoIf you love exploit mitigations, you may have heard of a new system c... 2024-10-25 21:0:18 | 阅读: 10 | 收藏 | Trail of Bits Blog - blog.trailofbits.com vma mseal memory sealing shellcode

Auditing Gradio 5, Hugging Face’s ML GUI framework This is a joint post with the Hugging Face Gradio team; read their announcement h... 2024-10-11 00:0:29 | 阅读: 8 | 收藏 | Trail of Bits Blog - blog.trailofbits.com gradio frp security attacker tob

Securing the software supply chain with the SLSA framework By Cliff SmithSoftware supply chain security has been a hot topic since the Sola... 2024-10-1 21:0:58 | 阅读: 6 | 收藏 | Trail of Bits Blog - blog.trailofbits.com provenance slsa software artifact security

A few notes on AWS Nitro Enclaves: Attack surface By Paweł PłatekIn the race to secure cloud applications, AWS Nitro Enclaves have... 2024-9-24 21:0:36 | 阅读: 10 | 收藏 | Trail of Bits Blog - blog.trailofbits.com enclave enclaves clock security nitro

Announcing the Trail of Bits and Semgrep partnership At Trail of Bits, we aim to share and develop tools and resources used in our sec... 2024-9-19 21:0:30 | 阅读: 10 | 收藏 | Trail of Bits Blog - blog.trailofbits.com semgrep security trail handbook broader

Inside DEF CON: Michael Brown on how AI/ML is revolutionizing cybersecurity At DEF CON, Michael Brown, Principal Security Engineer at Trail of Bits, sat down... 2024-9-17 21:0:8 | 阅读: 10 | 收藏 | Trail of Bits Blog - blog.trailofbits.com security software aixcc

Friends don’t let friends reuse nonces By Joe DoyleIf you’ve encountered cryptography software, you’ve probably heard t... 2024-9-13 21:0:54 | 阅读: 11 | 收藏 | Trail of Bits Blog - blog.trailofbits.com tux alice noise reuse

Sanitize your C++ containers: ASan annotations step-by-step By Dominik Klemba and Dominik CzarnotaAddressSanitizer (ASan) is a compiler plug... 2024-9-10 21:0:42 | 阅读: 18 | 收藏 | Trail of Bits Blog - blog.trailofbits.com memory annotations asan annotate contiguous

“Unstripping” binaries: Restoring debugging information in GDB with Pwndbg By Jason AnGDB loses significant functionality when debugging binaries that lack... 2024-9-6 21:0:21 | 阅读: 15 | 收藏 | Trail of Bits Blog - blog.trailofbits.com pwndbg dumping structs stripped

What would you do with that old GPU? read file error: read notes: is a directory... 2024-9-5 21:0:11 | 阅读: 14 | 收藏 | Trail of Bits Blog - blog.trailofbits.com gpus analysis datalog

Provisioning cloud infrastructure the wrong way, but faster By Artem DinaburgToday we’re going to provision some cloud infrastructure the Ma... 2024-8-27 21:0:6 | 阅读: 10 | 收藏 | Trail of Bits Blog - blog.trailofbits.com claude cloud chatgpt passwords coded

“YOLO” is not a valid hash construction By Opal WrightAmong the cryptographic missteps we see at Trail of Bits, “let’s b... 2024-8-21 21:0:51 | 阅读: 8 | 收藏 | Trail of Bits Blog - blog.trailofbits.com alice memory yolomac k1 compute