https://miscreants.github.io/blog.trailofbits.com/2021/Recent content in 2021 on The Trail of Bits BlogHugoen-usFri, 31 Dec 2021 07:00:56 -0500https://miscreants.github.io/blog.trailofbits.com/2021/12/31/celebrating-our-2021-open-source-contributions/Fri, 31 Dec 2021 07:00:56 -0500https://miscreants.github.io/blog.trailofbits.com/2021/12/31/celebrating-our-2021-open-source-contributions/At Trail of Bits, we pride ourselves on making our best tools open source, such as algo, manticore, and graphtage. But while this post is about open source, it’s not about our tools… In 2021, Trail of Bits employees submitted over 190 pull requests (PRs) that were merged into non-Trail of Bits repositories. This demonstrates […]https://miscreants.github.io/blog.trailofbits.com/2021/12/21/disclosing-shamirs-secret-sharing-vulnerabilities-and-announcing-zkdocs/Tue, 21 Dec 2021 07:00:04 -0500https://miscreants.github.io/blog.trailofbits.com/2021/12/21/disclosing-shamirs-secret-sharing-vulnerabilities-and-announcing-zkdocs/Trail of Bits is publicly disclosing two bugs that affect Shamir’s Secret Sharing implementation of Binance’s threshold signature scheme library (tss-lib) and most of its active forks. Here is the full list of affected repositories: Binance’s tss-lib Clover Network’s threshold-crypto Keep Network’s keep-ecdsa Swingby’s tss-lib THORchain’s tss-lib ZenGo X’s […]https://miscreants.github.io/blog.trailofbits.com/2021/12/16/detecting-miso-and-opyns-msg-value-reuse-vulnerability-with-slither/Thu, 16 Dec 2021 13:00:49 -0500https://miscreants.github.io/blog.trailofbits.com/2021/12/16/detecting-miso-and-opyns-msg-value-reuse-vulnerability-with-slither/On August 18, 2021, samczsun reported a critical vulnerability in SushiSwap’s MISO smart contracts, which put ~350 million USD (109 thousand ETH) at risk. This issue is similar to an attack that was conducted on the Opyn codebase in August of 2020. At the time of the report, I was finishing my […]https://miscreants.github.io/blog.trailofbits.com/2021/12/16/it-depends/Thu, 16 Dec 2021 08:00:14 -0500https://miscreants.github.io/blog.trailofbits.com/2021/12/16/it-depends/You just cloned a fresh source code repository and want to get a quick sense of its dependencies. Our tool, it-depends, can get you there. We are proud to announce the release of it-depends, an open-source tool for automatic enumeration of dependencies. You simply point it to a source code repository, and it will build […]https://miscreants.github.io/blog.trailofbits.com/2021/11/17/mui-visualizing-symbolic-execution-with-manticore-and-binary-ninja/Wed, 17 Nov 2021 07:00:55 -0500https://miscreants.github.io/blog.trailofbits.com/2021/11/17/mui-visualizing-symbolic-execution-with-manticore-and-binary-ninja/During my summer internship, I had the wonderful opportunity to work on the Manticore User Interface (MUI). The MUI project aims to combine the strength of both Manticore, a powerful symbolic execution library, and Binary Ninja, a popular binary analysis tool, to provide a more intuitive and visual interface […]https://miscreants.github.io/blog.trailofbits.com/2021/11/12/how-to-choose-an-interesting-project/Fri, 12 Nov 2021 00:09:53 -0500https://miscreants.github.io/blog.trailofbits.com/2021/11/12/how-to-choose-an-interesting-project/Trent Brunson, Head of Research & Engineering Originally published on October 15, 2021 Come join our team today! Trail of Bits is hiring full-time Senior Software Engineers and Software Security Research Engineers. Over the last nine years, I’ve interviewed hundreds of applicants for research and engineering positions. One of my favorite icebreakers is, What […]https://miscreants.github.io/blog.trailofbits.com/2021/11/11/motivating-global-stabilization/Thu, 11 Nov 2021 10:39:56 -0500https://miscreants.github.io/blog.trailofbits.com/2021/11/11/motivating-global-stabilization/Originally published on October 12, 2021 Consensus protocols have come to play a critical role in many applications. Fischer, Lynch, and Paterson’s classic impossibility result showed that under reasonable assumptions, it can be impossible for a protocol to reach consensus. In Dwork, Lynch, and Stockmeyer’s paper “Consensus in the Presence […]https://miscreants.github.io/blog.trailofbits.com/2021/11/10/announcing-osquery-5-now-with-endpointsecurity-on-macos/Wed, 10 Nov 2021 01:05:55 -0500https://miscreants.github.io/blog.trailofbits.com/2021/11/10/announcing-osquery-5-now-with-endpointsecurity-on-macos/Originally published on October 6, 2021 TL;DR: Version 5.0.1 of osquery, a cross-platform, open-source endpoint visibility agent, is now available. This release is an exciting milestone for the project, as it introduces an EndpointSecurity-based process events table for macOS. Read on to learn how we integrated EndpointSecurity into osquery […]https://miscreants.github.io/blog.trailofbits.com/2021/11/09/privacyraven-implementing-a-proof-of-concept-for-model-inversion/Tue, 09 Nov 2021 00:45:55 -0500https://miscreants.github.io/blog.trailofbits.com/2021/11/09/privacyraven-implementing-a-proof-of-concept-for-model-inversion/Originally published August 3, 2021 During my Trail of Bits winternship and springternship, I had the pleasure of working with Suha Hussain and Jim Miller on PrivacyRaven, a Python-based tool for testing deep-learning frameworks against a plethora of privacy attacks. I worked on improving PrivacyRaven’s versatility by adding compatibility for services […]https://miscreants.github.io/blog.trailofbits.com/2021/11/09/write-rust-lints-without-forking-clippy/Tue, 09 Nov 2021 00:30:40 -0500https://miscreants.github.io/blog.trailofbits.com/2021/11/09/write-rust-lints-without-forking-clippy/Originally published May 20, 2021 This blog post introduces Dylint, a tool for loading Rust linting rules (or “lints”) from dynamic libraries. Dylint makes it easy for developers to maintain their own personal lint collections. Previously, the simplest way to write a new Rust lint was to fork Clippy, Rust’s […]https://miscreants.github.io/blog.trailofbits.com/2021/11/09/all-your-tracing-are-belong-to-bpf/Tue, 09 Nov 2021 11:26:37 -0500https://miscreants.github.io/blog.trailofbits.com/2021/11/09/all-your-tracing-are-belong-to-bpf/Originally published August 11, 2021 TL;DR: These simpler, step-by-step methods equip you to apply BPF tracing technology to real-word problems—no specialized tools or libraries required. BPF, a tracing technology in the Linux kernel for network stack tracing, has become popular recently thanks to new extensions that enable novel use-cases […]https://miscreants.github.io/blog.trailofbits.com/2021/11/08/discovering-goroutine-leaks-with-semgrep/Mon, 08 Nov 2021 23:28:45 -0500https://miscreants.github.io/blog.trailofbits.com/2021/11/08/discovering-goroutine-leaks-with-semgrep/Originally published May 10, 2021 While learning how to write multithreaded code in Java or C++ can make computer science students reconsider their career choices, calling a function asynchronously in Go is just a matter of prefixing a function call with the go keyword. However, writing concurrent Go code can […]https://miscreants.github.io/blog.trailofbits.com/2021/04/02/solar-context-free-interactive-analysis-for-solidity/Fri, 02 Apr 2021 00:52:39 -0400https://miscreants.github.io/blog.trailofbits.com/2021/04/02/solar-context-free-interactive-analysis-for-solidity/We’re hiring for our Research + Engineering team!  By Aaron Yoo, University of California, Los Angeles As an intern at Trail of Bits, I worked on Solar, a proof-of-concept static analysis framework. Solar is unique because it enables context-free interactive analysis of Solidity smart contracts. A user can direct Solar to explore program paths (e.g., […]https://miscreants.github.io/blog.trailofbits.com/2021/03/23/a-year-in-the-life-of-a-compiler-fuzzing-campaign/Tue, 23 Mar 2021 11:00:37 -0400https://miscreants.github.io/blog.trailofbits.com/2021/03/23/a-year-in-the-life-of-a-compiler-fuzzing-campaign/In the summer of 2020, we described our work fuzzing the Solidity compiler, solc. So now we’d like to revisit this project, since fuzzing campaigns tend to “saturate,” finding fewer new results over time. Did Solidity fuzzing run out of gas? Is fuzzing a high-stakes project worthwhile, especially if […]https://miscreants.github.io/blog.trailofbits.com/2021/03/19/un-bee-lievable-performance-fast-coverage-guided-fuzzing-with-honeybee-and-intel-processor-trace/Fri, 19 Mar 2021 10:00:15 -0400https://miscreants.github.io/blog.trailofbits.com/2021/03/19/un-bee-lievable-performance-fast-coverage-guided-fuzzing-with-honeybee-and-intel-processor-trace/Today, we are releasing an experimental coverage-guided fuzzer called Honeybee that records program control flow using Intel Processor Trace (IPT) technology. Previously, IPT has been scrutinized for severe underperformance due to issues with capture systems and inefficient trace analyses. My winter internship focused on working through these challenges to make […]https://miscreants.github.io/blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/Mon, 15 Mar 2021 11:06:18 -0400https://miscreants.github.io/blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/Many machine learning (ML) models are Python pickle files under the hood, and it makes sense. The use of pickling conserves memory, enables start-and-stop model training, and makes trained models portable (and, thereby, shareable). Pickling is easy to implement, is built into Python without requiring additional dependencies, and supports serialization of custom […]https://miscreants.github.io/blog.trailofbits.com/2021/02/26/the-tao-of-continuous-integration/Fri, 26 Feb 2021 10:31:47 -0500https://miscreants.github.io/blog.trailofbits.com/2021/02/26/the-tao-of-continuous-integration/It is a truism in modern software development that a robust continuous integration (CI) system is necessary. But many projects suffer from CI that feels brittle, frustrates developers, and actively impedes development velocity. Why is this? What can you do to avoid the common CI pitfalls? Continuous Integration Needs a Purpose CI […]https://miscreants.github.io/blog.trailofbits.com/2021/02/19/serving-up-zero-knowledge-proofs/Fri, 19 Feb 2021 06:59:31 -0500https://miscreants.github.io/blog.trailofbits.com/2021/02/19/serving-up-zero-knowledge-proofs/Zero-knowledge (ZK) proofs are gaining popularity, and exciting new applications for this technology are emerging, particularly in the blockchain space. So we’d like to shine a spotlight on an interesting source of implementation bugs that we’ve seen—the Fiat Shamir transformation. A ZK proof can be either interactive, where the […]https://miscreants.github.io/blog.trailofbits.com/2021/02/05/confessions-of-a-smart-contract-paper-reviewer/Fri, 05 Feb 2021 06:59:10 -0500https://miscreants.github.io/blog.trailofbits.com/2021/02/05/confessions-of-a-smart-contract-paper-reviewer/If you’re thinking of writing a paper describing an exciting novel approach to smart contract analysis and want to know what reviewers will be looking for, you’ve come to the right place. Deadlines for many big conferences (ISSTA tool papers, ASE, FSE, etc.) are approaching, as is our own Workshop on Smart Contract Analysis, so […]https://miscreants.github.io/blog.trailofbits.com/2021/02/02/pdf-is-broken-a-justctf-challenge/Tue, 02 Feb 2021 07:50:28 -0500https://miscreants.github.io/blog.trailofbits.com/2021/02/02/pdf-is-broken-a-justctf-challenge/Trail of Bits sponsored the recent justCTF competition, and our engineers helped craft several of the challenges, including D0cker, Go-fs, Pinata, Oracles, and 25519. In this post we’re going to cover another of our challenges, titled PDF is broken, and so is this file. It demonstrates some of the PDF file format’s idiosyncrasies in a […]