Engineering Practice
Sinter: New user-mode security enforcement for macOS
TL;DR: Sinter is the first available open-source endpoint protection agent written entirely in Swift, with support for Apple’s new EndpointSecurity API from first principles. Sinter demonstrates how to build a successful event-authorization ...
Announcing the Zeek Agent
(This posting is cross-posted between the Zeek blog and the Trail of Bits blog). The Zeek Network Security Monitor provides a powerful open-source platform for network traffic analysis. However, from its network ...
QueryCon 2019: A Turning Point for osquery
Has it really been 3 months since Trail of Bits hosted QueryCon? We’ve had such a busy and productive summer that we nearly forgot to go back and reflect on the success ...
Wrapper’s Delight
During my summer at Trail of Bits, I took full advantage of the latest C++ language features to build a new SQLite wrapper from scratch that is easy to use, lightweight, high ...
A Day in the Life of Alessandro Gario, Senior Security Engineer
People interested in joining Trail of Bits often ask us what it’s like to work on the Engineering Services team. We felt that the best answer would be a profile of some ...
Getting 2FA Right in 2019
Since March, Trail of Bits has been working with the Python Software Foundation to add two-factor authentication (2FA) to Warehouse, the codebase that powers PyPI. As of today, PyPI members can enable ...
Announcing the community-oriented osquery fork, osql
For months, Facebook has been heavily refactoring the entire osquery codebase, migrating osquery away from standard development tools like CMake and integrating it with Facebook’s internal tooling. Their intention was to improve ...
How to write a rootkit without really trying
We open-sourced a fault injection tool, KRF, that uses kernel-space syscall interception. You can use it today to find faulty assumptions (and resultant bugs) in your programs. Check it out! This post ...
Effortless security feature detection with Winchecksec
We’re proud to announce the release of Winchecksec, a new open-source tool that detects security features in Windows binaries. Developed to satisfy our analysis and research needs, Winchecksec aims to surpass current ...
Introducing windows-acl: working with ACLs in Rust
Access Control Lists (ACLs) are an integral part of the Microsoft Windows security model. In addition to controlling access to secured resources, they are also used in sandboxing, event auditing, and specifying ...
