Hot Topics

Mitigations

Security flaws in an SSO plugin for Caddy

| | attacks, audits, Dynamic Analysis, Exploits, Go, Mitigations, Program Analysis, Semgrep, Static Analysis
By Maciej Domanski, Travis Peters, and David Pokora We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web ...
Trail of Bits Blog
Typos that omit security features and how to test for them

Typos that omit security features and how to test for them

| | audits, Mitigations
By Dominik ‘disconnect3d’ Czarnota During a security audit, I discovered an easy-to-miss typo that unintentionally failed to enable _FORTIFY_SOURCE, which helps detect memory corruption bugs in incorrectly used C functions. We searched, ...
Trail of Bits Blog

Use constexpr for faster, smaller, and safer code

| | Compilers, Mitigations, Static Analysis
With the release of C++14, the standards committee strengthened one of the coolest modern features of C++: constexpr. Now, C++ developers can write constant expressions and force their evaluation at compile-time, rather ...
Trail of Bits Blog
unnamed

Effortless security feature detection with Winchecksec

| | Engineering Practice, Mitigations
We’re proud to announce the release of Winchecksec, a new open-source tool that detects security features in Windows binaries. Developed to satisfy our analysis and research needs, Winchecksec aims to surpass current ...
Trail of Bits Blog
Binary view of the sum_of_squares function

Protecting Software Against Exploitation with DARPA’s CFAR

| | Compilers, McSema, Mitigations, Program Analysis
Today, we’re going to talk about a hard problem that we are working on as part of DARPA’s Cyber Fault-Tolerant Attack Recovery (CFAR) program: automatically protecting software from 0-day exploits, memory corruption, ...
Trail of Bits Blog