Escaping well-configured VSCode extensions (for profit) By Vasco FrancoIn part one of this two-part series, we escaped Webviews in real-... 2023-2-23 21:0:42 | 阅读: 33 | 收藏 | Trail of Bits Blog - blog.trailofbits.com vscode microsoft postmessage

Escaping misconfigured VSCode extensions TL;DR: This two-part blog series will cover how I found and disclosed three vulne... 2023-2-21 21:0:50 | 阅读: 31 | 收藏 | Trail of Bits Blog - blog.trailofbits.com vscode attacker sarif webviews subdomain

Readline crime: exploiting a SUID logic bug By roddux // Rory MI discovered a logic bug in the readline dependency partiall... 2023-2-16 21:0:0 | 阅读: 33 | 收藏 | Trail of Bits Blog - blog.trailofbits.com readline chfn rl getenv inputrc

cURL audit: How a joke led to significant findings By Maciej DomanskiIn fall 2022, Trail of Bits audited cURL, a widely-used comman... 2023-2-14 21:0:14 | 阅读: 24 | 收藏 | Trail of Bits Blog - blog.trailofbits.com memory fuzzer proxy aflplusplus specifies

Harnessing the eBPF Verifier By Laura BaumanDuring my internship at Trail of Bits, I prototyped a harness tha... 2023-1-19 21:0:42 | 阅读: 28 | 收藏 | Trail of Bits Blog - blog.trailofbits.com ebpf verifier harness libbpf bounded

Introducing RPC Investigator A new tool for Windows RPC researchBy Aaron LeMastersTrail of Bits is releasing... 2023-1-17 21:0:6 | 阅读: 40 | 收藏 | Trail of Bits Blog - blog.trailofbits.com client rpci library windows etw

Announcing a stable release of sigstore-python By William WoodruffRead the official announcement on the Sigstore blog as well!... 2023-1-13 23:0:58 | 阅读: 21 | 收藏 | Trail of Bits Blog - blog.trailofbits.com sigstore python github verifier rekor

Keeping the wolves out of wolfSSL By Max AmmannTrail of Bits is publicly disclosing four vulnerabilities that affe... 2023-1-12 21:0:17 | 阅读: 60 | 收藏 | Trail of Bits Blog - blog.trailofbits.com wolfssl suites tlspuffin yao dolev

Another prolific year of open-source contributions By Samuel MoeliusThis time last year, we wrote about the more than 190 Trail of... 2023-1-10 21:0:32 | 阅读: 18 | 收藏 | Trail of Bits Blog - blog.trailofbits.com windows libs unnecessary memory osquery

How to share what you’ve learned from our audits By Nick SelbyTrail of Bits recently completed a security review of cURL, which i... 2022-12-23 04:10:39 | 阅读: 20 | 收藏 | Trail of Bits Blog - blog.trailofbits.com daniel security software developers trail

Fast and accurate syntax searching for C and C++ By Mate KukriThe naive approach to searching for patterns in source code is to u... 2022-12-22 21:0:52 | 阅读: 27 | 收藏 | Trail of Bits Blog - blog.trailofbits.com syntex grammar decl analysis asts

What child is this? A Primer on Process Reparenting in WindowsBy Yarden ShafirProcess reparenting i... 2022-12-20 21:0:25 | 阅读: 26 | 收藏 | Trail of Bits Blog - blog.trailofbits.com 0000005a 00007ff8 createinfo procmon debugger

How I gave ManticoreUI a makeover By Calvin FongDuring my internship at Trail of Bits, I explored the effectivenes... 2022-12-15 21:0:23 | 阅读: 23 | 收藏 | Trail of Bits Blog - blog.trailofbits.com mui manticore symbolic library emulate

Manticore GUIs made easy By Wong Kok Rui, National University of SingaporeTrail of Bits maintains Mantico... 2022-12-13 21:0:4 | 阅读: 46 | 收藏 | Trail of Bits Blog - blog.trailofbits.com manticore mui ghidra python development

Hybrid fuzzing: Sharpening the spikes of Echidna By Tom Malcolm, University of Queensland, AustraliaSmart contract fuzzing is an... 2022-12-8 21:0:36 | 阅读: 22 | 收藏 | Trail of Bits Blog - blog.trailofbits.com echidna assertion symbolic optik

Specialized Zero-Knowledge Proof failures By Opal WrightZero-knowledge (ZK) proofs are useful cryptographic tools that hav... 2022-11-29 20:30:56 | 阅读: 25 | 收藏 | blog.trailofbits.com alice zi zk discrete n2

Are you sure your Python ABI is actually stable? TL;DR: Trail of Bits has developed abi3audit, a new Python tool for checking Pyth... 2022-11-15 20:30:0 | 阅读: 34 | 收藏 | blog.trailofbits.com python cpython abi3 wheel wheels

We’re streamers now Over the years, we’ve built many high-impact tools that we use for security revie... 2022-11-14 21:30:23 | 阅读: 15 | 收藏 | blog.trailofbits.com invariants workshops wednesday jacob anish

Look out! Divergent representations are everywhere! By Andreas KellasTrail of Bits recently published a blog post about a signed int... 2022-11-10 20:30:53 | 阅读: 15 | 收藏 | blog.trailofbits.com divergent escarg

We sign code now By William WoodruffSigstore announced the general availability of its free and e... 2022-11-8 20:30:15 | 阅读: 29 | 收藏 | blog.trailofbits.com sigstore python fulcio x509v3 rekor