Efficient audits with machine learning and Slither-simil
by Sina Pilehchiha, Concordia University Trail of Bits has manually curated a wealth of data—years of security assessment reports—and now we’re exploring how to use this data to make the smart contract auditing process more efficient with Slither-simil. Based on accumulated knowledge embedded in previous audits, we set out to ... Read More
Let’s build a high-performance fuzzer with GPUs!
by Ryan Eberhart, Stanford University TL;DR: Can we use GPUs to get 10x performance/dollar when fuzzing embedded software in the cloud? Based on our preliminary work, we think the answer is yes! Fuzzing is a software testing technique that supplies programs with many randomized inputs in an attempt to cause ... Read More
Osquery: Using D-Bus to query systemd data
by Rachel Cipkins, Stevens Institute of Technology During my summer internship at Trail of Bits I worked on osquery, the massively popular open-source endpoint monitoring agent used for intrusion detection, threat hunting, operational monitoring, and many other functions. Available for Windows, macOS, Linux, and FreeBSD, osquery exposes an operating system ... Read More
Detecting Iterator Invalidation with CodeQL
by Kevin Higgs, Montgomery Blair High School Iterator invalidation is a common and subtle class of C++ bugs that often leads to exploitable vulnerabilities. During my Trail of Bits internship this summer, I developed Itergator, a set of CodeQL classes and queries for analyzing and discovering iterator invalidation. Results are ... Read More
PrivacyRaven Has Left the Nest
By Suha S. Hussain, Georgia Tech If you work on deep learning systems, check out our new tool, PrivacyRaven—it’s a Python library that equips engineers and researchers with a comprehensive testing suite for simulating privacy attacks on deep learning systems. Because deep learning enables software to perform tasks without explicit ... Read More
