Research Practice
Preventing account takeover on centralized cryptocurrency exchanges in 2025
By Kelly Kaoudis and Evan Sultanik This blog post highlights key points from our new white paper Preventing Account Takeovers on Centralized Cryptocurrency Exchanges, which documents ATO-related attack vectors and defenses tailored ...
PyPI now supports archiving projects
By Facundo Tuesca PyPI now supports marking projects as archived. Project owners can now archive their project to let users know that the project is not expected to receive any more updates ...
A deep dive into Linux’s new mseal syscall
By Alan Cao If you love exploit mitigations, you may have heard of a new system call named mseal landing into the Linux kernel’s 6.10 release, providing a protection called “memory sealing.” ...
A few notes on AWS Nitro Enclaves: Attack surface
By Paweł Płatek In the race to secure cloud applications, AWS Nitro Enclaves have emerged as a powerful tool for isolating sensitive workloads. But with great power comes great responsibility—and potential security ...
What would you do with that old GPU?
By Artem Dinaburg and Peter Goodman (Would you get up and throw it away?) [sing to the tune of The Beatles – With A Little Help From My Friends] Here’s a riddle: ...
Provisioning cloud infrastructure the wrong way, but faster
By Artem Dinaburg Today we’re going to provision some cloud infrastructure the Max Power way: by combining automation with unchecked AI output. Unfortunately, this method produces cloud infrastructure code that 1) works ...
Our audit of Homebrew
By William Woodruff This is a joint post with the Homebrew maintainers; read their announcement here! Last summer, we performed an audit of Homebrew. Our audit’s scope included Homebrew/brew itself (home of ...
A peek into build provenance for Homebrew
By Joe Sweeney and William Woodruff Last November, we announced our collaboration with Alpha-Omega and OpenSSF to add build provenance to Homebrew. Today, we are pleased to announce that the core of ...
The life and times of an Abstract Syntax Tree
By Francesco Bertolaccini You’ve reached computer programming nirvana. Your journey has led you down many paths, including believing that God wrote the universe in LISP, but now the truth is clear in ...
Binary type inference in Ghidra
By Ian Smith Trail of Bits is releasing BTIGhidra, a Ghidra extension that helps reverse engineers by inferring type information from binaries. The analysis is inter-procedural, propagating and resolving type constraints between ...
