https://miscreants.github.io/blog.trailofbits.com/2017/Recent content in 2017 on The Trail of Bits BlogHugoen-usFri, 22 Dec 2017 07:50:57 -0500https://miscreants.github.io/blog.trailofbits.com/2017/12/22/videos-from-ethereum-focused-empire-hacking/Fri, 22 Dec 2017 07:50:57 -0500https://miscreants.github.io/blog.trailofbits.com/2017/12/22/videos-from-ethereum-focused-empire-hacking/On December 12, over 150 attendees learned how to write and hack secure smart contracts at the final Empire Hacking meetup of 2017. Thank you to everyone who came, to our superb speakers, and to Datadog for hosting this meetup at their office. Watch the presentations again We believe strongly that the community should share […]https://miscreants.github.io/blog.trailofbits.com/2017/12/21/osquery-pain-points/Thu, 21 Dec 2017 07:50:08 -0500https://miscreants.github.io/blog.trailofbits.com/2017/12/21/osquery-pain-points/You’re reading the second post in our four-part series about osquery. Read post number one for a snapshot of the tool’s current use, the reasons for its growing popularity among enterprise security teams, and how it stacks up against commercial alternatives. osquery shows considerable potential to revolutionize the endpoint monitoring market. (For example, it greatly […]https://miscreants.github.io/blog.trailofbits.com/2017/12/14/announcing-the-trail-of-bits-osquery-extension-repository/Thu, 14 Dec 2017 08:51:41 -0500https://miscreants.github.io/blog.trailofbits.com/2017/12/14/announcing-the-trail-of-bits-osquery-extension-repository/Today, we are releasing access to our maintained repository of osquery extensions. Our first extension takes advantage of the Duo Labs EFIgy API to determine if the EFI firmware on your Mac fleet is up to date. There are very few examples of publicly released osquery extensions. Very little documentation exists on the topic. This […]https://miscreants.github.io/blog.trailofbits.com/2017/11/22/securing-ethereum-at-empire-hacking/Wed, 22 Nov 2017 07:50:31 -0500https://miscreants.github.io/blog.trailofbits.com/2017/11/22/securing-ethereum-at-empire-hacking/If you’re building real applications with blockchain technology and are worried about security, consider this meetup essential. Join us on December 12th for a special edition of Empire Hacking focused entirely on the security of Ethereum. Why attend? Four blockchain security experts will be sharing how to write secure smart contracts, and hack them. Two […]https://miscreants.github.io/blog.trailofbits.com/2017/11/09/how-are-teams-currently-using-osquery/Thu, 09 Nov 2017 08:10:26 -0500https://miscreants.github.io/blog.trailofbits.com/2017/11/09/how-are-teams-currently-using-osquery/In the year since we ported osquery to Windows, the operating system instrumentation and endpoint monitoring agent has attracted a great deal of attention in the open-source community and beyond. In fact, it recently received the 2017 O’Reilly Defender Award for best project. Many large and leading tech firms have deployed osquery to do totally […]https://miscreants.github.io/blog.trailofbits.com/2017/11/06/hands-on-the-ethernaut-ctf/Mon, 06 Nov 2017 14:32:19 -0500https://miscreants.github.io/blog.trailofbits.com/2017/11/06/hands-on-the-ethernaut-ctf/Last week Zeppelin released their Ethereum CTF, Ethernaut. This CTF is a good introduction to discover how to interact with a blockchain and learn the basics of the smart contract vulnerabilities. The CTF is hosted on the ropsten blockchain, and you can receive free ethers for it. The browser developer console is used to interact […]https://miscreants.github.io/blog.trailofbits.com/2017/10/19/trail-of-bits-joins-the-enterprise-ethereum-alliance/Thu, 19 Oct 2017 07:50:38 -0400https://miscreants.github.io/blog.trailofbits.com/2017/10/19/trail-of-bits-joins-the-enterprise-ethereum-alliance/We’re proud to announce that Trail of Bits has joined the Enterprise Ethereum Alliance (EEA), the world’s largest open source blockchain initiative. As the first information security company to join, and currently one of the industry’s top smart contract auditors, we’re excited to contribute our unparalleled expertise to the EEA. As companies begin to re-architect […]https://miscreants.github.io/blog.trailofbits.com/2017/10/16/our-team-is-growing/Mon, 16 Oct 2017 07:50:25 -0400https://miscreants.github.io/blog.trailofbits.com/2017/10/16/our-team-is-growing/We’ve added five more to our ranks in the last two months, bringing our total size to 32 employees. Their resumes feature words and acronyms like ‘CTO,’ ‘Co-founder’ and ‘Editor.’ You might recognize their names from publications and presentations that advance the field. We’re excited to offer them a place where they can dig deeper […]https://miscreants.github.io/blog.trailofbits.com/2017/10/12/ios-jailbreak-detection-toolkit-now-available/Thu, 12 Oct 2017 07:50:22 -0400https://miscreants.github.io/blog.trailofbits.com/2017/10/12/ios-jailbreak-detection-toolkit-now-available/We now offer a library for developers to check if their apps are running on jailbroken phones. It includes the most comprehensive checks in the industry and it is App Store compatible. Contact us now to license the iVerify security library for your app. Jailbreaks threaten your work Users like to install jailbreaks on their […]https://miscreants.github.io/blog.trailofbits.com/2017/10/10/tracking-a-stolen-code-signing-certificate-with-osquery/Tue, 10 Oct 2017 08:53:35 -0400https://miscreants.github.io/blog.trailofbits.com/2017/10/10/tracking-a-stolen-code-signing-certificate-with-osquery/Recently, 2.27 million computers running Windows were infected with malware signed with a stolen certificate from the creators of a popular app called CCleaner, and inserted into its software update mechanism. Fortunately, signed malware is now simple to detect with osquery thanks to a pull request submitted by our colleague Alessandro Gario that adds Windows […]https://miscreants.github.io/blog.trailofbits.com/2017/08/02/microsoft-didnt-sandbox-windows-defender-so-i-did/Wed, 02 Aug 2017 06:50:55 -0400https://miscreants.github.io/blog.trailofbits.com/2017/08/02/microsoft-didnt-sandbox-windows-defender-so-i-did/Microsoft exposed their users to a lot of risks when they released Windows Defender without a sandbox. This surprised me. Sandboxing is one of the most effective security-hardening techniques. Why did Microsoft sandbox other high-value attack surfaces such as the JIT code in Microsoft Edge, but leave Windows Defender undefended? As a proof of concept, […]https://miscreants.github.io/blog.trailofbits.com/2017/07/30/an-extra-bit-of-analysis-for-clemency/Sun, 30 Jul 2017 18:41:30 -0400https://miscreants.github.io/blog.trailofbits.com/2017/07/30/an-extra-bit-of-analysis-for-clemency/This year’s DEF CON CTF used a unique hardware architecture, cLEMENCy, and only released a specification and reference tooling for it 24 hours before the final event began. cLEMENCy was purposefully designed to break existing tools and make writing new ones harder. This presented a formidable challenge given the timeboxed competition occurs over a single […]https://miscreants.github.io/blog.trailofbits.com/2017/05/15/magic-with-manticore/Mon, 15 May 2017 07:50:05 -0400https://miscreants.github.io/blog.trailofbits.com/2017/05/15/magic-with-manticore/Manticore is a next-generation binary analysis tool with a simple yet powerful API for symbolic execution, taint analysis, and instrumentation. Using Manticore one can identify ‘interesting’ code locations and deduce inputs that reach them. This can generate inputs for improved test coverage, or quickly lead execution to a vulnerability. I used Manticore’s power to solve Magic, a challenge […]https://miscreants.github.io/blog.trailofbits.com/2017/04/27/manticore-symbolic-execution-for-humans/Thu, 27 Apr 2017 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2017/04/27/manticore-symbolic-execution-for-humans/Manticore helps us quickly take advantage of symbolic execution, taint analysis, and instrumentation to analyze binaries.https://miscreants.github.io/blog.trailofbits.com/2017/04/14/a-walk-down-memory-lane/Fri, 14 Apr 2017 06:50:11 -0400https://miscreants.github.io/blog.trailofbits.com/2017/04/14/a-walk-down-memory-lane/Admit it. Every now and then someone does something, and you think: “I also had that idea!” You feel validated — a kindred spirit has had the same intuitions, the same insights, and even drawn the same conclusions. I was reminded of this feeling recently when I came across a paper describing how to use […]https://miscreants.github.io/blog.trailofbits.com/2017/03/23/april-means-infiltrate/Thu, 23 Mar 2017 06:50:49 -0400https://miscreants.github.io/blog.trailofbits.com/2017/03/23/april-means-infiltrate/Break out your guayabera, it’s time for Infiltrate. Trail of Bits has attended every Infiltrate and has been a sponsor since 2015. The majority of the company will be in attendance this year (18 people!) and we’ll be swapping shirts and swag again. We’re looking forward to catching up with the latest research presented there […]https://miscreants.github.io/blog.trailofbits.com/2017/03/14/mcsema-im-liftin-it/Tue, 14 Mar 2017 06:50:41 -0400https://miscreants.github.io/blog.trailofbits.com/2017/03/14/mcsema-im-liftin-it/McSema, our x86 machine code to LLVM bitcode binary translator, just got a fresh coat of paint. Last week we held a successful hackathon that produced substantial improvements to McSema’s usability, documentation, and code quality. It’s now easier than ever to use McSema to analyze and reverse-engineer binaries. Growth stage We use McSema on a […]https://miscreants.github.io/blog.trailofbits.com/2017/02/20/the-challenges-of-deploying-security-mitigations/Mon, 20 Feb 2017 09:15:41 -0500https://miscreants.github.io/blog.trailofbits.com/2017/02/20/the-challenges-of-deploying-security-mitigations/This blog has promoted control flow integrity (CFI) as a game changing security mitigation and encouraged its use. We wanted to take our own security advice and start securing software we use. To that end, we decided to apply CFI to facebook’s osquery, a cross-platform codebase with which we are deeply familiar. Using osquery, we […]https://miscreants.github.io/blog.trailofbits.com/2017/02/16/the-smart-fuzzer-revolution/Thu, 16 Feb 2017 06:50:08 -0500https://miscreants.github.io/blog.trailofbits.com/2017/02/16/the-smart-fuzzer-revolution/I recently had the privilege of giving a keynote at BSidesLisbon. I had a great time at the conference, and I’d like to thank Bruno Morisson for inviting me. If you’re into port, this is the conference for you! I recommend that anyone in the area consider attending next year. I felt there was a […]https://miscreants.github.io/blog.trailofbits.com/2017/02/13/devirtualizing-c-with-binary-ninja/Mon, 13 Feb 2017 06:50:32 -0500https://miscreants.github.io/blog.trailofbits.com/2017/02/13/devirtualizing-c-with-binary-ninja/In my first blog post, I introduced the general structure of Binary Ninja’s Low Level IL (LLIL), as well as how to traverse and manipulate it with the Python API. Now, we’ll do something a little more interesting. Reverse engineering binaries compiled from object-oriented languages can be challenging, particularly when it comes to virtual functions. […]https://miscreants.github.io/blog.trailofbits.com/2017/01/31/breaking-down-binary-ninjas-low-level-il/Tue, 31 Jan 2017 06:50:09 -0500https://miscreants.github.io/blog.trailofbits.com/2017/01/31/breaking-down-binary-ninjas-low-level-il/Hi, I’m Josh. I recently joined the team at Trail of Bits, and I’ve been an evangelist and plugin writer for the Binary Ninja reversing platform for a while now. I’ve developed plugins that make reversing easier and extended Binary Ninja’s architecture support to assist in playing the microcorruption CTF. One of my favorite features of […]https://miscreants.github.io/blog.trailofbits.com/2017/01/09/2016-year-in-review/Mon, 09 Jan 2017 08:28:15 -0500https://miscreants.github.io/blog.trailofbits.com/2017/01/09/2016-year-in-review/John Oliver may have written off 2016, but we’re darn proud of all that we accomplished and contributed this year. We released a slew of the security tools that help us -and you- work smarter, and promoted a few more that deserved recognition. We helped the New York City InfoSec community build a foundation for […]