Research Practice
Provisioning cloud infrastructure the wrong way, but faster
By Artem Dinaburg Today we’re going to provision some cloud infrastructure the Max Power way: by combining automation with unchecked AI output. Unfortunately, this method produces cloud infrastructure code that 1) works ...
Our audit of Homebrew
By William Woodruff This is a joint post with the Homebrew maintainers; read their announcement here! Last summer, we performed an audit of Homebrew. Our audit’s scope included Homebrew/brew itself (home of ...
A peek into build provenance for Homebrew
By Joe Sweeney and William Woodruff Last November, we announced our collaboration with Alpha-Omega and OpenSSF to add build provenance to Homebrew. Today, we are pleased to announce that the core of ...
The life and times of an Abstract Syntax Tree
By Francesco Bertolaccini You’ve reached computer programming nirvana. Your journey has led you down many paths, including believing that God wrote the universe in LISP, but now the truth is clear in ...
Binary type inference in Ghidra
By Ian Smith Trail of Bits is releasing BTIGhidra, a Ghidra extension that helps reverse engineers by inferring type information from binaries. The analysis is inter-procedural, propagating and resolving type constraints between ...
Finding bugs in C code with Multi-Level IR and VAST
Intermediate languages (IRs) are what reverse engineers and vulnerability researchers use to see the forest for the trees. IRs are used to view programs at different abstraction layers, so that analysis can ...
Introducing Windows Notification Facility’s (WNF) Code Integrity
By Yarden Shafir, Senior Security Engineer WNF (Windows Notification Facility) is an undocumented notification mechanism that allows communication inside processes, between processes, or between user mode processes and kernel drivers. Similar to ...
Introducing RPC Investigator
A new tool for Windows RPC research By Aaron LeMasters Trail of Bits is releasing a new tool for exploring RPC clients and servers on Windows. RPC Investigator is a .NET application ...
Look out! Divergent representations are everywhere!
By Andreas Kellas Trail of Bits recently published a blog post about a signed integer overflow in certain versions of SQLite that can enable arbitrary code execution and result in a denial ...
We do Windows now
At Trail of Bits, we pride ourselves on building tools that everyone can use to help improve the security ecosystem. Given how ingrained Microsoft is with a large portion of our work ...
