https://miscreants.github.io/blog.trailofbits.com/categories/education/Recent content in education on The Trail of Bits BlogHugoen-usFri, 01 Aug 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/08/01/the-unconventional-innovator-scholarship/Fri, 01 Aug 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/08/01/the-unconventional-innovator-scholarship/Trail of Bits founder Dan Guido establishes a $2,500 scholarship at his alma mater, Mineola High School, to recognize students who demonstrate the hacker spirit through self-driven learning, creative problem-solving, and unconventional technological exploration. The scholarship celebrates tomorrow’s security innovators who push boundaries and think differently about technology.https://miscreants.github.io/blog.trailofbits.com/2023/11/20/how-cisa-can-improve-oss-security/Mon, 20 Nov 2023 09:35:59 -0500https://miscreants.github.io/blog.trailofbits.com/2023/11/20/how-cisa-can-improve-oss-security/The US government recently issued a request for information (RFI) about open-source software (OSS) security. In this blog post, we will present a summary of our response and proposed solutions. Some of our solutions include rewriting widely used legacy code in memory safe languages such as Rust, funding OSS solutions to improve […]https://miscreants.github.io/blog.trailofbits.com/2023/02/27/reusable-properties-ethereum-contracts-echidna/Mon, 27 Feb 2023 08:00:54 -0500https://miscreants.github.io/blog.trailofbits.com/2023/02/27/reusable-properties-ethereum-contracts-echidna/As smart contract security constantly evolves, property-based fuzzing has become a go-to technique for developers and security engineers. This technique relies on the creation of code properties – often called invariants – which describe what the code is supposed to do. To help the community define properties, we are releasing a set of 168 pre-built […]https://miscreants.github.io/blog.trailofbits.com/2022/11/14/livestream-workshop-fuzzing-echidna-slither/Mon, 14 Nov 2022 08:30:23 -0500https://miscreants.github.io/blog.trailofbits.com/2022/11/14/livestream-workshop-fuzzing-echidna-slither/Over the years, we’ve built many high-impact tools that we use for security reviews. You might know some of them, like Slither, Echidna, Amarna, Tealer, and test-fuzz. All of our tools are open source, and we love seeing the community benefit from them. But mastering our tools takes time and practice, and it’s easier if […]https://miscreants.github.io/blog.trailofbits.com/2021/02/26/the-tao-of-continuous-integration/Fri, 26 Feb 2021 10:31:47 -0500https://miscreants.github.io/blog.trailofbits.com/2021/02/26/the-tao-of-continuous-integration/It is a truism in modern software development that a robust continuous integration (CI) system is necessary. But many projects suffer from CI that feels brittle, frustrates developers, and actively impedes development velocity. Why is this? What can you do to avoid the common CI pitfalls? Continuous Integration Needs a Purpose CI […]https://miscreants.github.io/blog.trailofbits.com/2019/11/14/introducing-iverify-the-security-toolkit-for-iphone-users/Thu, 14 Nov 2019 09:38:48 -0500https://miscreants.github.io/blog.trailofbits.com/2019/11/14/introducing-iverify-the-security-toolkit-for-iphone-users/“If privacy matters, it should matter to the phone your life is on.” So says Apple in their recent ads about Privacy on the iPhone and controlling the data you share—but many of the security features they highlight are opt-in, and users often don’t know when or how to activate them. But hey… we got […]https://miscreants.github.io/blog.trailofbits.com/2019/11/07/attacking-go-vr-ttps/Thu, 07 Nov 2019 07:00:06 -0500https://miscreants.github.io/blog.trailofbits.com/2019/11/07/attacking-go-vr-ttps/The Trail of Bits Assurance practice has received an influx of Go projects, following the success of our Kubernetes assessment this summer. As a result, we’ve been adapting for Go projects some of the security assessment techniques and tactics we’ve used with other compiled languages. We started by understanding the design of the language, identifying […]https://miscreants.github.io/blog.trailofbits.com/2016/09/12/plug-into-new-yorks-infosec-community/Mon, 12 Sep 2016 07:00:35 -0400https://miscreants.github.io/blog.trailofbits.com/2016/09/12/plug-into-new-yorks-infosec-community/Between the city’s size and the wide spectrum of the security industry, it’s easy to feel lost. Where are ‘your people?’ How can you find talks that interest you? You want to spend your time meeting and networking, not researching your options. So, we put together a directory of all of the infosec gatherings, companies, and […]https://miscreants.github.io/blog.trailofbits.com/2016/02/02/software-security-ideas-ahead-of-their-time/Tue, 02 Feb 2016 07:50:18 -0500https://miscreants.github.io/blog.trailofbits.com/2016/02/02/software-security-ideas-ahead-of-their-time/Every good security researcher has a well-curated list of blogs they subscribe to. At Trail of Bits, given our interest in software security and its intersections with programming languages, one of our favorites is The Programming Language Enthusiast by Michael Hicks. Our primary activity is to describe and discuss research about — and the practical […]https://miscreants.github.io/blog.trailofbits.com/2015/10/30/why-we-give-so-much-to-csaw/Fri, 30 Oct 2015 07:50:52 -0400https://miscreants.github.io/blog.trailofbits.com/2015/10/30/why-we-give-so-much-to-csaw/In just a couple of weeks, tens of thousands of students and professionals from all over the world will tune in to cheer on their favorite teams in six competitions. If you’ve been following our blog for some time, you’ll know just what we’re referring to: Cyber Security Awareness Week (CSAW), the nation’s largest student-run cyber security event.https://miscreants.github.io/blog.trailofbits.com/2015/06/08/introducing-the-rubysec-field-guide/Mon, 08 Jun 2015 07:50:54 -0400https://miscreants.github.io/blog.trailofbits.com/2015/06/08/introducing-the-rubysec-field-guide/Vulnerabilities have been discovered in Ruby applications with the potential to affect vast swathes of the Internet and attract attackers to lucrative targets online. These vulnerabilities take advantage of features and common idioms such as serialization and deserialization of data in the YAML format. Nearly all large, tested and trusted open-source Ruby projects contain some of […]https://miscreants.github.io/blog.trailofbits.com/2015/05/13/closing-the-windows-gap/Wed, 13 May 2015 17:26:29 -0400https://miscreants.github.io/blog.trailofbits.com/2015/05/13/closing-the-windows-gap/The security research community is full of grey beards that earned their stripes writing exploits against mail servers, domain controllers, and TCP/IP stacks. These researchers started writing exploits on platforms like Solaris, IRIX, and BSDi before moving on to Windows exploitation. Now they run companies, write policy, rant on twitter, and testify in front of […]https://miscreants.github.io/blog.trailofbits.com/2014/09/29/nyu-womens-cybersecurity-symposium/Mon, 29 Sep 2014 08:50:11 -0400https://miscreants.github.io/blog.trailofbits.com/2014/09/29/nyu-womens-cybersecurity-symposium/Cyber security is an increasingly complex and vibrant field that requires brilliant and driven people to work on diverse teams. Unfortunately, women are severely underrepresented and we want to change that. Career Discovery in Cyber Security is an NYU-Poly event, created in a collaboration with influential men and women in the industry. This annual symposium […]https://miscreants.github.io/blog.trailofbits.com/2014/08/01/education-initiative-spotlight-threads-call-for-papers/Fri, 01 Aug 2014 08:50:49 -0400https://miscreants.github.io/blog.trailofbits.com/2014/08/01/education-initiative-spotlight-threads-call-for-papers/A 2-day conference exploring state-of-the-art advances in security automation. We would like to share the call for papers for THREADS 2014, a research and development conference that is part of NYU-Poly’s Cyber Security Awareness Week (CSAW). Trail of Bits is a founding sponsor of THREADS. The final deadline for submissions is October 6th, but you […]https://miscreants.github.io/blog.trailofbits.com/2014/07/30/education-initiative-spotlight-build-it-break-it/Wed, 30 Jul 2014 02:10:03 -0400https://miscreants.github.io/blog.trailofbits.com/2014/07/30/education-initiative-spotlight-build-it-break-it/We’re proud to be a sponsor of the first Build it Break it programming contest, run by the University of Maryland (UMD) and supported by one of our own employees and PhD student at the university, Andrew Ruef. Build it Break it is a “flipped CTF” where contestants both implement secure software and identify vulnerabilities in […]https://miscreants.github.io/blog.trailofbits.com/2014/07/28/education-initiative-spotlight-csaw-summer-program-for-women/Mon, 28 Jul 2014 08:50:00 -0400https://miscreants.github.io/blog.trailofbits.com/2014/07/28/education-initiative-spotlight-csaw-summer-program-for-women/At Trail of Bits we are proud of our roots in academia and research, and we believe it is important to promote cyber security education for students of every academic level. We recently sponsored a High School Capture the Flag (CTF) event, we released a CTF Field Guide, and we are a regular part of […]https://miscreants.github.io/blog.trailofbits.com/2014/05/20/trail-of-bits-releases-capture-the-flag-field-guide/Tue, 20 May 2014 09:00:33 -0400https://miscreants.github.io/blog.trailofbits.com/2014/05/20/trail-of-bits-releases-capture-the-flag-field-guide/Free Online Coursework Allows Students, Professionals to Build Essential Offensive Security Skills New York, NY (May 20, 2014)–Security researchers at Trail of Bits today introduced the CTF Field Guide (Capture the Flag), a freely available, self-guided online course designed to help university and high school students hone the skills needed to succeed in the fast-paced, […]https://miscreants.github.io/blog.trailofbits.com/2013/06/03/free-ruby-security-workshop/Mon, 03 Jun 2013 12:15:50 -0400https://miscreants.github.io/blog.trailofbits.com/2013/06/03/free-ruby-security-workshop/We interrupt our regularly scheduled programming to bring you an important announcement: On Thursday, June 6th, just in time for SummerCon, we will be hosting a free Ruby Security Workshop in NYC! Signups are first-come, first-serve and we only have space for 30 people. Sign up here and we will email the selected participants the location […]