Efficient auditing with machine learning and Slither-simil

Efficient audits with machine learning and Slither-simil

by Sina Pilehchiha, Concordia University Trail of Bits has manually curated a wealth of data—years of security assessment reports—and now we’re exploring how to use this data to make the smart contract auditing process more efficient with Slither-simil. Based on accumulated knowledge embedded in previous audits, we set out to ... Read More
Let's Build a High-Performance Fuzzer with GPUs!

Let’s build a high-performance fuzzer with GPUs!

by Ryan Eberhart, Stanford University TL;DR: Can we use GPUs to get 10x performance/dollar when fuzzing embedded software in the cloud? Based on our preliminary work, we think the answer is yes! Fuzzing is a software testing technique that supplies programs with many randomized inputs in an attempt to cause ... Read More
Using D-Bus to query systemd data

Osquery: Using D-Bus to query systemd data

by Rachel Cipkins, Stevens Institute of Technology During my summer internship at Trail of Bits I worked on osquery, the massively popular open-source endpoint monitoring agent used for intrusion detection, threat hunting, operational monitoring, and many other functions. Available for Windows, macOS, Linux, and FreeBSD, osquery exposes an operating system ... Read More
Detecting Iterator Invalidation with CodeQL

Detecting Iterator Invalidation with CodeQL

by Kevin Higgs, Montgomery Blair High School Iterator invalidation is a common and subtle class of C++ bugs that often leads to exploitable vulnerabilities. During my Trail of Bits internship this summer, I developed Itergator, a set of CodeQL classes and queries for analyzing and discovering iterator invalidation. Results are ... Read More
OpenMined Privacy Conference - Day 1 - Part 2 Livestream

PrivacyRaven Has Left the Nest

By Suha S. Hussain, Georgia Tech If you work on deep learning systems, check out our new tool, PrivacyRaven—it’s a Python library that equips engineers and researchers with a comprehensive testing suite for simulating privacy attacks on deep learning systems. Because deep learning enables software to perform tasks without explicit ... Read More