https://miscreants.github.io/blog.trailofbits.com/categories/conferences/Recent content in conferences on The Trail of Bits BlogHugoen-usFri, 25 Jul 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/07/25/exploiting-zero-days-in-abandoned-hardware/Fri, 25 Jul 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/07/25/exploiting-zero-days-in-abandoned-hardware/We successfully exploited two discontinued network devices at DistrictCon’s inaugural Junkyard competition in February, winning runner-up for Most Innovative Exploitation Technique. Our exploit chains demonstrate why end-of-life hardware poses persistent security risks.https://miscreants.github.io/blog.trailofbits.com/2025/07/23/inside-ethcc8-becoming-a-smart-contract-auditor/Wed, 23 Jul 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/07/23/inside-ethcc8-becoming-a-smart-contract-auditor/At EthCC[8], Trail of Bits blockchain security engineer Nicolas Donboly laid out a clear, actionable path for aspiring smart contract auditors, drawing from his own experience transitioning from a non-technical background into a leading security role.https://miscreants.github.io/blog.trailofbits.com/2024/06/21/eurollvm-2024-trip-report/Fri, 21 Jun 2024 09:00:22 -0400https://miscreants.github.io/blog.trailofbits.com/2024/06/21/eurollvm-2024-trip-report/EuroLLVM is a developer meeting focused on projects under the LLVM Foundation umbrella that live in the LLVM GitHub monorepo, like Clang and—more recently, thanks to machine learning research—the MLIR framework. Trail of Bits, which has a history in compiler engineering and all things LLVM, sent a bunch of […]https://miscreants.github.io/blog.trailofbits.com/2024/06/18/themes-from-real-world-crypto-2024/Tue, 18 Jun 2024 09:00:27 -0400https://miscreants.github.io/blog.trailofbits.com/2024/06/18/themes-from-real-world-crypto-2024/In March, Trail of Bits engineers traveled to the vibrant (and only slightly chilly) city of Toronto to attend Real World Crypto 2024, a three-day event that hosted hundreds of brilliant minds in the field of cryptography. We also attended three associated events: the Real World Post-Quantum Cryptography (RWPQC) workshop, the Fully Homomorphic Encryption (FHE) […]https://miscreants.github.io/blog.trailofbits.com/2024/02/02/chaos-communication-congress-37c3-recap/Fri, 02 Feb 2024 09:00:01 -0500https://miscreants.github.io/blog.trailofbits.com/2024/02/02/chaos-communication-congress-37c3-recap/Last month, two of our engineers attended the 37th Chaos Communication Congress (37C3) in Hamburg, joining thousands of hackers who gather each year to exchange the latest research and achievements in technology and security. Unlike other tech conferences, this annual gathering focuses on the interaction of technology and society, covering such topics as politics, entertainment, […]https://miscreants.github.io/blog.trailofbits.com/2023/08/14/can-you-pass-the-rekt-test/Mon, 14 Aug 2023 04:00:50 -0400https://miscreants.github.io/blog.trailofbits.com/2023/08/14/can-you-pass-the-rekt-test/One of the biggest challenges for blockchain developers is objectively assessing their security posture and measuring how it progresses. To address this issue, a working group of Web3 security experts, led by Trail of Bits CEO Dan Guido, met earlier this year to create a simple test for profiling the security of blockchain teams. We […]https://miscreants.github.io/blog.trailofbits.com/2023/05/16/real-world-crypto-2023-recap/Tue, 16 May 2023 09:54:43 -0400https://miscreants.github.io/blog.trailofbits.com/2023/05/16/real-world-crypto-2023-recap/Last month, hundreds of cryptographers descended upon Tokyo for the first Real World Crypto Conference in Asia. As in previous years, we dispatched a handful of our researchers and engineers to present and attend the conference. What sets RWC apart from other conferences is that it strongly emphasizes research, collaborations, and advancements in cryptography that […]https://miscreants.github.io/blog.trailofbits.com/2022/06/09/themes-from-pycon-us-2022/Thu, 09 Jun 2022 07:00:19 -0400https://miscreants.github.io/blog.trailofbits.com/2022/06/09/themes-from-pycon-us-2022/After two long years of lockdowns, virtual meetups, quarantines, and general chaos, the Python community gathered en masse to Salt Lake City for PyCon 2022. Two of our engineers attended the conference, and we are happy to report that the Python community is not only alive and well but also thriving, with […]https://miscreants.github.io/blog.trailofbits.com/2020/04/23/announcing-the-1st-international-workshop-on-smart-contract-analysis/Thu, 23 Apr 2020 07:50:29 -0400https://miscreants.github.io/blog.trailofbits.com/2020/04/23/announcing-the-1st-international-workshop-on-smart-contract-analysis/At Trail of Bits we do more than just security audits: We also push the boundaries of research in vulnerability detection tools, regularly present our work in academic conferences, and review interesting papers from other researchers (see our recent Real World Crypto and Financial Crypto recaps). In this spirit, we and Northern Arizona University are […]https://miscreants.github.io/blog.trailofbits.com/2020/03/18/financial-cryptography-2020-recap/Wed, 18 Mar 2020 07:50:32 -0400https://miscreants.github.io/blog.trailofbits.com/2020/03/18/financial-cryptography-2020-recap/A few weeks ago, we went to the 24th Financial Cryptography (FC) conference and the Workshop on Trusted Smart Contracts (WTSC), where we presented our work on smart contract bug categorization (see our executive summary) and a poster on Echidna. Although FC is not a blockchain conference, it featured several blockchain-oriented presentations this year and […]https://miscreants.github.io/blog.trailofbits.com/2020/01/23/themes-from-real-world-crypto-2020/Thu, 23 Jan 2020 07:00:07 -0500https://miscreants.github.io/blog.trailofbits.com/2020/01/23/themes-from-real-world-crypto-2020/Over 642 brilliant cryptographic minds gathered for Real World Crypto 2020, an annual conference that brings together cryptographic researchers with developers implementing cryptography in the wild. Overall, RWC 2020 was an impressive conference that demonstrated some amazing work. Here we explore three major themes that emerged: Crypto bugs are everywhere…Whether it’s a somewhat unsurprising Bleichenbacher […]https://miscreants.github.io/blog.trailofbits.com/2019/10/29/grace-hopper-celebration-2019/Tue, 29 Oct 2019 11:30:14 -0400https://miscreants.github.io/blog.trailofbits.com/2019/10/29/grace-hopper-celebration-2019/A few weeks ago I had the inspiring experience of attending the annual Grace Hopper Celebration (GHC), the world’s largest gathering of women in technology. Over four days in Orlando, Florida, GHC hosted a slew of workshops and presentations, plus a massive career fair with over […]https://miscreants.github.io/blog.trailofbits.com/2019/09/20/querycon-2019-a-turning-point-for-osquery/Fri, 20 Sep 2019 07:00:58 -0400https://miscreants.github.io/blog.trailofbits.com/2019/09/20/querycon-2019-a-turning-point-for-osquery/Has it really been 3 months since Trail of Bits hosted QueryCon? We’ve had such a busy and productive summer that we nearly forgot to go back and reflect on the success of this event! On June 20-21, Trail of Bits partnered with Kolide and Carbon Back to host the 2nd annual QueryCon, at the […]https://miscreants.github.io/blog.trailofbits.com/2019/09/11/crypto-2019-takeaways/Wed, 11 Sep 2019 06:50:16 -0400https://miscreants.github.io/blog.trailofbits.com/2019/09/11/crypto-2019-takeaways/This year’s IACR Crypto conference was an excellent blend of far-out theory and down-to-earth pragmatism. A major theme throughout the conference was the huge importance of getting basic cryptographic primitives right. Systems ranging from TLS servers and bitcoin wallets to state-of-the-art secure multiparty computation protocols were broken when one small sub-component was either chosen poorly […]https://miscreants.github.io/blog.trailofbits.com/2019/06/19/trail-of-bits-icse-2019-recap/Wed, 19 Jun 2019 10:35:13 -0400https://miscreants.github.io/blog.trailofbits.com/2019/06/19/trail-of-bits-icse-2019-recap/Three weeks ago, we presented our work on Slither at WETSEB, an ICSE workshop. ICSE is a top-tier academic conference, focused on software engineering. This edition of the event went very well. The organizers do their best to attract and engage industrials to the discussions. The conference had many talks in parallel. We wish we […]https://miscreants.github.io/blog.trailofbits.com/2019/06/18/why-you-should-go-to-querycon-this-week/Tue, 18 Jun 2019 06:50:09 -0400https://miscreants.github.io/blog.trailofbits.com/2019/06/18/why-you-should-go-to-querycon-this-week/QueryCon takes place this week at the Convene Conference Center in Downtown Manhattan, Thursday June 20th- Friday June 21st. If you don’t have a ticket yet, get one while you can. QueryCon is an annual conference about osquery, the open source project that’s helping many top tech companies manage their endpoints. We’ve been big fans […]https://miscreants.github.io/blog.trailofbits.com/2019/05/27/slither-the-leading-static-analyzer-for-smart-contracts/Mon, 27 May 2019 06:30:58 -0400https://miscreants.github.io/blog.trailofbits.com/2019/05/27/slither-the-leading-static-analyzer-for-smart-contracts/We have published an academic paper on Slither, our static analysis framework for smart contracts, in the International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), colocated with ICSE. Our paper shows that Slither’s bug detection outperforms other static analysis tools for finding issues in smart contracts in terms of speed, robustness, and […]https://miscreants.github.io/blog.trailofbits.com/2019/04/09/announcing-querycon-2019/Tue, 09 Apr 2019 07:50:47 -0400https://miscreants.github.io/blog.trailofbits.com/2019/04/09/announcing-querycon-2019/Exciting news: We’re hosting the second annual QueryCon on June 20th-21st in New York City, co-sponsored by Kolide and Carbon Black! Register here QueryCon has become the foremost event for the osquery and osql open-source community. QueryCon brings together core maintainers, developers, and end-users to teach, discuss, and collaborate on Facebook’s award-winning open-source endpoint detection […]https://miscreants.github.io/blog.trailofbits.com/2018/12/20/10000-research-fellowships-for-underrepresented-talent/Thu, 20 Dec 2018 10:00:32 -0500https://miscreants.github.io/blog.trailofbits.com/2018/12/20/10000-research-fellowships-for-underrepresented-talent/The Trail of Bits SummerCon Fellowship program is now accepting applications from emerging security researchers with excellent project ideas. Fellows will explore their research topics with our guidance and then present their findings at SummerCon 2019. We will be reserving at least 50% of our funding for marginalized, female-identifying, transgender, and non-binary candidates. If you’re […]https://miscreants.github.io/blog.trailofbits.com/2018/11/19/return-of-the-blockchain-security-empire-hacking/Mon, 19 Nov 2018 11:20:10 -0500https://miscreants.github.io/blog.trailofbits.com/2018/11/19/return-of-the-blockchain-security-empire-hacking/Remember last December’s Empire Hacking? The one where we dedicated the event to sharing the best information about blockchain and smart contract security? Let’s do that again, and let’s make it a tradition; a half-day mini conference focused exclusively on a single topic every December. On December 12, please join us at Buzzfeed’s NYC offices […]https://miscreants.github.io/blog.trailofbits.com/2018/11/16/trail-of-bits-devcon-iv-recap/Fri, 16 Nov 2018 06:50:22 -0500https://miscreants.github.io/blog.trailofbits.com/2018/11/16/trail-of-bits-devcon-iv-recap/We wanted to make up for missing the first three Devcons, so we participated in this year’s event through a number of talks, a panel, and two trainings. For those of you who couldn’t join us, we’ve summarized our contributions below. We hope to see you there next year. Using Manticore and Symbolic Execution to […]https://miscreants.github.io/blog.trailofbits.com/2018/06/29/trail-of-bits-donates-100000-to-support-young-researchers-through-summercon/Fri, 29 Jun 2018 07:50:15 -0400https://miscreants.github.io/blog.trailofbits.com/2018/06/29/trail-of-bits-donates-100000-to-support-young-researchers-through-summercon/We have a soft spot in our hearts for SummerCon. This event, the longest-running hacker conference in the US, is a great chance to host hacker friends from around the world in NYC, catch up in person, and learn about delightfully weird security topics. It draws a great crowd, ranging from “hackers to feds to […]https://miscreants.github.io/blog.trailofbits.com/2018/06/08/querycon-2018-our-talks-and-takeaways/Fri, 08 Jun 2018 07:50:05 -0400https://miscreants.github.io/blog.trailofbits.com/2018/06/08/querycon-2018-our-talks-and-takeaways/Sometimes a conference just gets it right. Good talks, single track, select engaged attendees, and no sales talks. It’s a recipe for success that Kolide got right on its very first try with QueryCon, the first-ever osquery conference. It’s no secret that we are huge fans of osquery, Facebook’s award-winning open source endpoint detection tool. […]https://miscreants.github.io/blog.trailofbits.com/2017/03/23/april-means-infiltrate/Thu, 23 Mar 2017 06:50:49 -0400https://miscreants.github.io/blog.trailofbits.com/2017/03/23/april-means-infiltrate/Break out your guayabera, it’s time for Infiltrate. Trail of Bits has attended every Infiltrate and has been a sponsor since 2015. The majority of the company will be in attendance this year (18 people!) and we’ll be swapping shirts and swag again. We’re looking forward to catching up with the latest research presented there […]https://miscreants.github.io/blog.trailofbits.com/2017/02/16/the-smart-fuzzer-revolution/Thu, 16 Feb 2017 06:50:08 -0500https://miscreants.github.io/blog.trailofbits.com/2017/02/16/the-smart-fuzzer-revolution/I recently had the privilege of giving a keynote at BSidesLisbon. I had a great time at the conference, and I’d like to thank Bruno Morisson for inviting me. If you’re into port, this is the conference for you! I recommend that anyone in the area consider attending next year. I felt there was a […]https://miscreants.github.io/blog.trailofbits.com/2016/10/26/come-find-us-at-oreilly-security/Wed, 26 Oct 2016 07:50:09 -0400https://miscreants.github.io/blog.trailofbits.com/2016/10/26/come-find-us-at-oreilly-security/We’re putting our money where our mouth is again. In continued support for New York’s growing infosec community we’re excited to sponsor the upcoming O’Reilly Security Conference. We expect to be an outlier there: we’re the only sponsor that offers consulting and custom engineering rather than just off-the-shelf products. We see this conference as an […]https://miscreants.github.io/blog.trailofbits.com/2016/09/12/plug-into-new-yorks-infosec-community/Mon, 12 Sep 2016 07:00:35 -0400https://miscreants.github.io/blog.trailofbits.com/2016/09/12/plug-into-new-yorks-infosec-community/Between the city’s size and the wide spectrum of the security industry, it’s easy to feel lost. Where are ‘your people?’ How can you find talks that interest you? You want to spend your time meeting and networking, not researching your options. So, we put together a directory of all of the infosec gatherings, companies, and […]https://miscreants.github.io/blog.trailofbits.com/2015/10/30/why-we-give-so-much-to-csaw/Fri, 30 Oct 2015 07:50:52 -0400https://miscreants.github.io/blog.trailofbits.com/2015/10/30/why-we-give-so-much-to-csaw/In just a couple of weeks, tens of thousands of students and professionals from all over the world will tune in to cheer on their favorite teams in six competitions. If you’ve been following our blog for some time, you’ll know just what we’re referring to: Cyber Security Awareness Week (CSAW), the nation’s largest student-run cyber security event.https://miscreants.github.io/blog.trailofbits.com/2015/07/21/hardware-side-channels-in-the-cloud/Tue, 21 Jul 2015 07:50:01 -0400https://miscreants.github.io/blog.trailofbits.com/2015/07/21/hardware-side-channels-in-the-cloud/At REcon 2015, I demonstrated a new hardware side channel which targets co-located virtual machines in the cloud. This attack exploits the CPU’s pipeline as opposed to cache tiers which are often used in side channel attacks. When designing or looking for hardware based side channels – specifically in the cloud – I analyzed a […]https://miscreants.github.io/blog.trailofbits.com/2014/10/02/threads-14-scaling-security/Thu, 02 Oct 2014 08:00:20 -0400https://miscreants.github.io/blog.trailofbits.com/2014/10/02/threads-14-scaling-security/For every security engineer you train, there are 20 or more developers writing code with potential vulnerabilities. There’s no human way to keep up. We need to be more effective with less resources. It’s time to make security a fully integrated part of modern software development and operations. It’s time to automate. This year’s THREADS […]https://miscreants.github.io/blog.trailofbits.com/2014/09/29/nyu-womens-cybersecurity-symposium/Mon, 29 Sep 2014 08:50:11 -0400https://miscreants.github.io/blog.trailofbits.com/2014/09/29/nyu-womens-cybersecurity-symposium/Cyber security is an increasingly complex and vibrant field that requires brilliant and driven people to work on diverse teams. Unfortunately, women are severely underrepresented and we want to change that. Career Discovery in Cyber Security is an NYU-Poly event, created in a collaboration with influential men and women in the industry. This annual symposium […]https://miscreants.github.io/blog.trailofbits.com/2014/08/07/mcsema-is-officially-open-source/Thu, 07 Aug 2014 08:50:47 -0400https://miscreants.github.io/blog.trailofbits.com/2014/08/07/mcsema-is-officially-open-source/We are proud to announce that McSema is now open source! McSema is a framework for analyzing and transforming machine-code programs to LLVM bitcode. It supports translation of x86 machine code, including integer, floating point, and SSE instructions. We previously covered some features of McSema in an earlier blog post and in our talk at ReCON 2014. Our […]https://miscreants.github.io/blog.trailofbits.com/2014/08/01/education-initiative-spotlight-threads-call-for-papers/Fri, 01 Aug 2014 08:50:49 -0400https://miscreants.github.io/blog.trailofbits.com/2014/08/01/education-initiative-spotlight-threads-call-for-papers/A 2-day conference exploring state-of-the-art advances in security automation. We would like to share the call for papers for THREADS 2014, a research and development conference that is part of NYU-Poly’s Cyber Security Awareness Week (CSAW). Trail of Bits is a founding sponsor of THREADS. The final deadline for submissions is October 6th, but you […]https://miscreants.github.io/blog.trailofbits.com/2014/06/23/a-preview-of-mcsema/Mon, 23 Jun 2014 09:00:21 -0400https://miscreants.github.io/blog.trailofbits.com/2014/06/23/a-preview-of-mcsema/On June 28th Artem Dinaburg and Andrew Ruef will be speaking at REcon 2014 about a project named McSema. McSema is a framework for translating x86 binaries into LLVM bitcode. This translation is the opposite of what happens inside a compiler. A compiler translates LLVM bitcode to x86 machine code. McSema translates x86 machine code into LLVM […]https://miscreants.github.io/blog.trailofbits.com/2012/06/11/analyzing-the-md5-collision-in-flame/Mon, 11 Jun 2012 15:59:47 -0400https://miscreants.github.io/blog.trailofbits.com/2012/06/11/analyzing-the-md5-collision-in-flame/One of the more interesting aspects of the Flame malware was the MD5 collision attack that was used to infect new machines through Windows Update. MD5 collisions are not new, but this is the first attack discovered in the wild and deserves a more in-depth look. Trail of Bits is uniquely qualified to perform this […]