https://miscreants.github.io/blog.trailofbits.com/authors/henrik-brodin/Recent content in Henrik Brodin on The Trail of Bits BlogHugoen-usThu, 30 Mar 2023 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2023/03/30/acropalypse-polytracker-blind-spots/Thu, 30 Mar 2023 08:00:22 -0400https://miscreants.github.io/blog.trailofbits.com/2023/03/30/acropalypse-polytracker-blind-spots/The aCropalypse is upon us! Last week, news about CVE-2023-21036, nicknamed the “aCropalypse,” spread across Twitter and other media, and I quickly realized that the underlying flaw could be detected by our tool, PolyTracker. I’ll explain how PolyTracker can detect files affected by the vulnerability even without specific file format knowledge.https://miscreants.github.io/blog.trailofbits.com/2022/02/01/part-2-rusty-crypto/Tue, 01 Feb 2022 07:00:25 -0500https://miscreants.github.io/blog.trailofbits.com/2022/02/01/part-2-rusty-crypto/Let’s implement crypto! Welcome to the second part of our posts on the challenges of implementing constant-time Rust code. Part 1 discussed challenges with constant-time implementations in Rust and WebAssembly and how optimization barriers can mitigate risk. The Rust crypto community has responded with several approaches, and in this post, we will […]