DEF CON 29 Red Team Village - Panel - The future of AI, Machine Learning, and Offensive Security

Secure your machine learning with Semgrep

By Suha Hussain tl;dr: Our publicly available Semgrep ruleset now has 11 rules dedicated to the misuse of machine learning libraries. Try it out now! Picture this: You’ve spent months curating images, ...
Magnifier: An Experiment with Interactive Decompilation

Magnifier: An Experiment with Interactive Decompilation

By Alan Chang Today, we are releasing Magnifier, an experimental reverse engineering user interface I developed during my internship. Magnifier asks, “What if, as an alternative to taking handwritten notes, reverse engineering ...
Shedding smart contract storage with Slither

Shedding smart contract storage with Slither

By Troy Sargent, Blockchain Security Engineer You think you’ve found a critical bug in a Solidity smart contract that, if exploited, could drain a widely used cryptocurrency exchange’s funds. To confirm that ...
Multi-Step Attack Vectors: When Vulnerabilities Form an Attack Chain

Multi-Step Attack Vectors: When Vulnerabilities Form an Attack Chain

Praetorian’s approach to cybersecurity centers around a core belief that combining innovative technologies and the best people in the business leads to real results. In our experience, neither can fully solve cybersecurity ...
Amarna: Static analysis for Cairo programs

Amarna: Static analysis for Cairo programs

| | cryptography, Static Analysis
By Filipe Casal We are open-sourcing Amarna, our new static analyzer and linter for the Cairo programming language. Cairo is a programming language powering several trading exchanges with millions of dollars in ...
Towards Practical Security Optimizations for Binaries

Towards Practical Security Optimizations for Binaries

By Michael D. Brown, Senior Security Engineer To be thus is nothing, but to be safely thus. (Macbeth: 3.1) It’s not enough that compilers generate efficient code, they must also generate safe ...
Toward a Best-of-Both-Worlds Binary Disassembler

Toward a Best-of-Both-Worlds Binary Disassembler

By Stefan Nagy This past winter, I was fortunate to have the opportunity to work for Trail of Bits as a graduate student intern under the supervision of Peter Goodman and Artem ...
The invisible C# code

The invisible C# code

Static Analysis of (the Invisible) C# SourcesFrom https://docs.microsoft.com/Does your static analysis tool see the C# source underlying your C# source? I am a compiler engineer at ShiftLeft, the designer and (main) implementor of ...
Integrations are Key to Success in DevSecOps for Embedded Development

Integrations are Key to Success in DevSecOps for Embedded Development

The term DevSecOps is a contraction of developer, security and operations. Despite the buzzword hype, it does have positive implications for improving the quality, security and functional safety of embedded software applications ...
SAST and Unit Testing are a Perfect Match: CodeSonar and VectorCAST Integration

SAST and Unit Testing are a Perfect Match: CodeSonar and VectorCAST Integration

VectorCAST is an embedded software testing platform from Vector Informatik that supports the creation and management of test assets to help software developers validate software requirements. VectorCAST measures code coverage with automated ...