https://miscreants.github.io/blog.trailofbits.com/authors/alan-cao/Recent content in Alan Cao on The Trail of Bits BlogHugoen-usFri, 25 Jul 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/07/25/exploiting-zero-days-in-abandoned-hardware/Fri, 25 Jul 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/07/25/exploiting-zero-days-in-abandoned-hardware/We successfully exploited two discontinued network devices at DistrictCon’s inaugural Junkyard competition in February, winning runner-up for Most Innovative Exploitation Technique. Our exploit chains demonstrate why end-of-life hardware poses persistent security risks.https://miscreants.github.io/blog.trailofbits.com/2024/10/25/a-deep-dive-into-linuxs-new-mseal-syscall/Fri, 25 Oct 2024 09:00:18 -0400https://miscreants.github.io/blog.trailofbits.com/2024/10/25/a-deep-dive-into-linuxs-new-mseal-syscall/If you love exploit mitigations, you may have heard of a new system call named mseal landing into the Linux kernel’s 6.10 release, providing a protection called “memory sealing.” Beyond notes from the authors, very little information about this mitigation exists. In this blog post, we’ll explain what this syscall is, including […]https://miscreants.github.io/blog.trailofbits.com/2019/09/03/deepstate-now-supports-ensemble-fuzzing/Tue, 03 Sep 2019 06:50:44 -0400https://miscreants.github.io/blog.trailofbits.com/2019/09/03/deepstate-now-supports-ensemble-fuzzing/We are proud to announce the integration of ensemble fuzzing into DeepState, our unit-testing framework powered by fuzzing and symbolic execution. Ensemble fuzzing allows testers to execute multiple fuzzers with varying heuristics in a single campaign, while maintaining an architecture for synchronizing generated input seeds across […]https://miscreants.github.io/blog.trailofbits.com/2019/04/01/performing-concolic-execution-on-cryptographic-primitives/Mon, 01 Apr 2019 07:50:55 -0400https://miscreants.github.io/blog.trailofbits.com/2019/04/01/performing-concolic-execution-on-cryptographic-primitives/For my winternship and springternship at Trail of Bits, I researched novel techniques for symbolic execution on cryptographic protocols. I analyzed various implementation-level bugs in cryptographic libraries, and built a prototype Manticore-based concolic unit testing tool, Sandshrew, that analyzed C cryptographic primitives under a symbolic and concrete environment. Sandshrew is a first step […]