Attestations: A new generation of signatures on PyPI
Read the official announcement on the PyPI blog as well! For the past year, we’ve worked with the Python Package Index (PyPI) on a new security feature for the Python ecosystem: index-hosted digital attestations, as specified in PEP 740. These attestations improve on traditional PGP signatures (which have been disabled ... Read More
Trusted publishing: a new benchmark for packaging security
Read the official announcement on the PyPI blog as well! For the past year, we’ve worked with the Python Package Index to add a new, more secure authentication method called “trusted publishing.” Trusted publishing eliminates the need for long-lived API tokens and passwords, reducing the risk of supply chain attacks ... Read More
Themes from Real World Crypto 2022
By William Woodruff Last week, over 500 cryptographers from around the world gathered in Amsterdam for Real World Crypto 2022, meeting in person for the first time in over two years. As in previous years, we dispatched a handful of our researchers and engineers to attend the conference, listen to ... Read More
High-fidelity build instrumentation with blight
TL;DR: We’re open-sourcing a new framework, blight, for painlessly wrapping and instrumenting C and C++ build tools. We’re already using it on our research projects, and have included a set of useful actions. You can use it today for your own measurement and instrumentation needs: Why would you ever want ... Read More
Verifying Windows binaries, without Windows
TL;DR: We’ve open-sourced a new library, μthenticode, for verifying Authenticode signatures on Windows PE binaries without a Windows machine. We’ve also integrated it into recent builds of Winchecksec, so that you can use it today to verify signatures on your Windows executables! As a library, μthenticode aims to be a ... Read More
Real-time file monitoring on Windows with osquery
TL;DR: Trail of Bits has developed ntfs_journal_events, a new event-based osquery table for Windows that enables real-time file change monitoring. You can use this table today to performantly monitor changes to specific files, directories, and entire patterns on your Windows endpoints. Read the schema documentation here! File monitoring for fleet ... Read More
Destroying x86_64 instruction decoders with differential fuzzing
TL;DR: x86_64 decoding is hard, and the number and variety of implementations available for it makes it uniquely suited to differential fuzzing. We’re open sourcing mishegos, a differential fuzzer for instruction decoders. You can use it to discover discrepancies in your own decoders and analysis tools! In the beginning, there ... Read More
Getting 2FA Right in 2019
Since March, Trail of Bits has been working with the Python Software Foundation to add two-factor authentication (2FA) to Warehouse, the codebase that powers PyPI. As of today, PyPI members can enable time-based OTP (TOTP) and WebAuthn (currently in beta). If you have an account on PyPI, go enable your ... Read More
How to write a rootkit without really trying
We open-sourced a fault injection tool, KRF, that uses kernel-space syscall interception. You can use it today to find faulty assumptions (and resultant bugs) in your programs. Check it out! This post covers intercepting system calls from within the Linux kernel, via a plain old kernel module. We’ll go through ... Read More
Effortless security feature detection with Winchecksec
We’re proud to announce the release of Winchecksec, a new open-source tool that detects security features in Windows binaries. Developed to satisfy our analysis and research needs, Winchecksec aims to surpass current open-source security feature detection tools in depth, accuracy, and performance without sacrificing simplicity. Feature detection, made simple Winchecksec ... Read More