We build X.509 chains so you don’t have to By William WoodruffFor the past eight months, Trail of Bits has worked with the... 2024-1-25 22:0:22 | 阅读: 19 | 收藏 | Trail of Bits Blog - blog.trailofbits.com x509 limbo client python leaf

Celebrating our 2023 open-source contributions At Trail of Bits, we pride ourselves on making our best tools open source, such a... 2024-1-24 22:0:22 | 阅读: 12 | 收藏 | Trail of Bits Blog - blog.trailofbits.com github osquery sigstore pyca woodruffw

Our thoughts on AIxCC’s competition format By Michael BrownLate last month, DARPA officially opened registration for their... 2024-1-18 22:0:38 | 阅读: 14 | 收藏 | Trail of Bits Blog - blog.trailofbits.com competition crss aixcc scoring

30 new Semgrep rules: Ansible, Java, Kotlin, shell scripts, and more By Matt Schwager and Sam AlwsWe are publishing a set of 30 custom Semgrep rules... 2024-1-17 21:30:32 | 阅读: 17 | 收藏 | Trail of Bits Blog - blog.trailofbits.com semgrep unencrypted download python security

LeftoverLocals: Listening to LLM responses through leaked GPU local memory By Tyler Sorensen and Heidy KhlaafWe are disclosing LeftoverLocals: a vulnerabil... 2024-1-17 01:0:39 | 阅读: 26 | 收藏 | Trail of Bits Blog - blog.trailofbits.com memory gpus attacker llm

Internet freedom with the Open Technology Fund By Spencer Michaels, William Woodruff, Jeff Braswell, and Cliff SmithTrail of Bi... 2024-1-15 21:30:54 | 阅读: 12 | 收藏 | Trail of Bits Blog - blog.trailofbits.com pypi security software maintainers otf

How to introduce Semgrep to your organization By Maciej Domanski, Application Security EngineerSemgrep, a static analysis tool... 2024-1-12 22:0:26 | 阅读: 23 | 收藏 | Trail of Bits Blog - blog.trailofbits.com semgrep security rulesets repository trail

Securing open-source infrastructure with OSTIF The Open Source Technology Improvement Fund (OSTIF) counters an often overlooked... 2024-1-9 22:0:8 | 阅读: 13 | 收藏 | Trail of Bits Blog - blog.trailofbits.com ostif modeling security jkube codebase

Tag, you’re it: Signal tagging in Circom By Tjaden HessWe at Trail of Bits perform security reviews for a seemingly endle... 2024-1-2 22:0:1 | 阅读: 11 | 收藏 | Trail of Bits Blog - blog.trailofbits.com circom maxbits signals valueb

Billion times emptiness By Max AmmannBehind Ethereum’s powerful blockchain technology lies a lesser-know... 2023-12-29 22:0:51 | 阅读: 12 | 收藏 | Trail of Bits Blog - blog.trailofbits.com payload library ethabi github zst

AI In Windows: Investigating Windows Copilot By Yarden ShafirAI is becoming ubiquitous, as developers of widely used tools li... 2023-12-27 22:0:22 | 阅读: 10 | 收藏 | Trail of Bits Blog - blog.trailofbits.com copilot microsoft windows mute answers

We’ve added more content to ZKDocs By Jim MillerWe’ve updated ZKDocs with four new sections and additions to existi... 2023-12-26 22:0:59 | 阅读: 15 | 收藏 | Trail of Bits Blog - blog.trailofbits.com zkdocs commitment ipa polynomial

Catching OpenSSL misuse using CodeQL By Damien SantiagoI’ve created five CodeQL queries that catch potentially potent... 2023-12-22 22:0:35 | 阅读: 19 | 收藏 | Trail of Bits Blog - blog.trailofbits.com evp encryptinit initialized predicate database

Summer associates 2023 recap This past summer at Trail of Bits was a season of inspiration, innovation, and gr... 2023-12-20 22:0:13 | 阅读: 14 | 收藏 | Trail of Bits Blog - blog.trailofbits.com circuits pytorch security summer

A trail of flipping bits By Joop van de PolTrusted execution environments (TEE) such as secure enclaves... 2023-12-18 21:30:16 | 阅读: 13 | 收藏 | Trail of Bits Blog - blog.trailofbits.com enclave gcm flip ecdsa attacker

DARPA’s AI Cyber Challenge: We’re In! We’re thrilled to announce that Trail of Bits will be competing in DARPA’s upcom... 2023-12-14 22:0:45 | 阅读: 9 | 收藏 | Trail of Bits Blog - blog.trailofbits.com darpa competition software trail scoring

Say hello to the next chapter of the Testing Handbook! By Fredrik DahlgrenToday we are announcing the latest addition to the Trail of B... 2023-12-11 21:30:16 | 阅读: 8 | 收藏 | Trail of Bits Blog - blog.trailofbits.com handbook integrating analysis trail versatile

Publishing Trail of Bits’ CodeQL queries By Paweł PłatekWe are publishing a set of custom CodeQL queries for Go and C. We... 2023-12-6 21:30:25 | 阅读: 11 | 收藏 | Trail of Bits Blog - blog.trailofbits.com tob ecdsa minversion cutset trim

ETW internals for security research and forensics By Yarden ShafirWhy has Event Tracing for Windows (ETW) become so pivotal for en... 2023-11-22 20:0:12 | 阅读: 15 | 收藏 | Trail of Bits Blog - blog.trailofbits.com etw processes loggerid dbgoutput consumers

How CISA can improve OSS security By Jim MillerThe US government recently issued a request for information (RFI) a... 2023-11-20 22:35:59 | 阅读: 12 | 收藏 | Trail of Bits Blog - blog.trailofbits.com security memory software rfi