Graphtage: A New Semantic Diffing Tool

Evan Sultanik | August 28, 2020 | darpa, Research Practice, SafeDocs

Graphtage is a command line utility and underlying library for semantically comparing and merging tree-like structures such as JSON, JSON5, XML, HTML, YAML, and TOML files. Its name is a portmanteau of “graph” and “graftage” (i.e., the horticultural practice of joining two trees together so they grow as one). Read ... Read More

Trail of Bits Blog

BSidesPhilly cg09 File Polyglottery or This Proof of Concept is Also a Picture of Cats Evan Sultanik

Two New Tools that Tame the Treachery of Files

Evan Sultanik | November 1, 2019 | darpa, Dynamic Analysis, Program Analysis, Research Practice

Parsing is hard, even when a file format is well specified. But when the specification is ambiguous, it leads to unintended and strange parser and interpreter behaviors that make file formats susceptible to security vulnerabilities. What if we could automatically generate a “safe” subset of any file format, along with ... Read More

Trail of Bits Blog

Anatomy of an Unsafe Smart Contract Programming Language

Empire Hacking: Ethereum Edition 2

Evan Sultanik | January 18, 2019 | blockchain, Empire Hacking, events

On December 12, over 150 attendees joined a special, half-day Empire Hacking to learn about pitfalls in smart contract security and how to avoid them. Thank you to everyone who came, to our superb speakers, and to BuzzFeed for hosting this meetup at their office. Watch the presentations again It’s ... Read More

Trail of Bits Blog

Evan Sultanik
Trail of Bits Blog

Graphtage: A New Semantic Diffing Tool

Two New Tools that Tame the Treachery of Files

Empire Hacking: Ethereum Edition 2

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Prevent Catastrophic Data Loss in the Cloud

CISO Roundtable: What We’ve Heard, and What We’re Looking Forward To