https://miscreants.github.io/blog.trailofbits.com/categories/exploits/Recent content in exploits on The Trail of Bits BlogHugoen-usTue, 13 Jan 2026 00:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2026/01/13/lack-of-isolation-in-agentic-browsers-resurfaces-old-vulnerabilities/Tue, 13 Jan 2026 07:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2026/01/13/lack-of-isolation-in-agentic-browsers-resurfaces-old-vulnerabilities/We exploited a lack of isolation mechanisms in multiple agentic browsers to perform attacks ranging from the dissemination of false information to cross-site data leaks. These attacks resurface decades-old patterns of vulnerabilities that the web security community spent years building effective defenses against.https://miscreants.github.io/blog.trailofbits.com/2025/11/07/balancer-hack-analysis-and-guidance-for-the-defi-ecosystem/Fri, 07 Nov 2025 18:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/11/07/balancer-hack-analysis-and-guidance-for-the-defi-ecosystem/A retrospective on the $100M Balancer hack that occurred in November 2025, including long-term, strategic guidance on how to avoid similar bugs.https://miscreants.github.io/blog.trailofbits.com/2025/10/30/vulnerabilities-in-luks2-disk-encryption-for-confidential-vms/Thu, 30 Oct 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/10/30/vulnerabilities-in-luks2-disk-encryption-for-confidential-vms/Trail of Bits is disclosing vulnerabilities in confidential computing systems that use LUKS2 for disk encryption. These vulnerabilities allow attackers with access to storage disks to extract confidential data and modify contents.https://miscreants.github.io/blog.trailofbits.com/2025/09/03/subverting-code-integrity-checks-to-locally-backdoor-signal-1password-slack-and-more/Thu, 04 Sep 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/09/03/subverting-code-integrity-checks-to-locally-backdoor-signal-1password-slack-and-more/A vulnerability in Electron applications allows attackers to bypass code integrity checks by tampering with V8 heap snapshot files, enabling local backdoors in applications like Signal, 1Password, and Slack.https://miscreants.github.io/blog.trailofbits.com/2025/08/21/weaponizing-image-scaling-against-production-ai-systems/Thu, 21 Aug 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/08/21/weaponizing-image-scaling-against-production-ai-systems/In this blog post, we’ll detail how attackers can exploit image scaling on Gemini CLI, Vertex AI Studio, Gemini’s web and API interfaces, Google Assistant, Genspark, and other production AI systems. We’ll also explain how to mitigate and defend against these attacks, and we’ll introduce Anamorpher, our open-source tool that lets you explore and generate these crafted images.https://miscreants.github.io/blog.trailofbits.com/2025/08/20/marshal-madness-a-brief-history-of-ruby-deserialization-exploits/Tue, 19 Aug 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/08/20/marshal-madness-a-brief-history-of-ruby-deserialization-exploits/This post traces the decade-long evolution of Ruby Marshal deserialization exploits, demonstrating how security researchers have repeatedly bypassed patches and why fundamental changes to the Ruby ecosystem are needed rather than continued patch-and-hope approaches.https://miscreants.github.io/blog.trailofbits.com/2025/08/06/prompt-injection-engineering-for-attackers-exploiting-github-copilot/Wed, 06 Aug 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/08/06/prompt-injection-engineering-for-attackers-exploiting-github-copilot/Prompt injection pervades discussions about security for LLMs and AI agents. But there is little public information on how to write powerful, discreet, and reliable prompt injection exploits. In this post, we will design and implement a prompt injection exploit targeting GitHub’s Copilot Agent, with a focus on maximizing reliability and minimizing the odds of detection.https://miscreants.github.io/blog.trailofbits.com/2025/07/25/exploiting-zero-days-in-abandoned-hardware/Fri, 25 Jul 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/07/25/exploiting-zero-days-in-abandoned-hardware/We successfully exploited two discontinued network devices at DistrictCon’s inaugural Junkyard competition in February, winning runner-up for Most Innovative Exploitation Technique. Our exploit chains demonstrate why end-of-life hardware poses persistent security risks.https://miscreants.github.io/blog.trailofbits.com/2025/04/17/mitigating-elusive-comet-zoom-remote-control-attacks/Thu, 17 Apr 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/04/17/mitigating-elusive-comet-zoom-remote-control-attacks/This post describes a sophisticated social engineering campaign using Zoom’s remote control feature and provides technical solutions to protect organizations against this attack vector.https://miscreants.github.io/blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/Mon, 18 Sep 2023 08:00:42 -0400https://miscreants.github.io/blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/We identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web applications, including client-side code execution, OAuth replay attacks, and unauthorized access to resources. During our evaluation, Caddy was deployed as a reverse proxy […]https://miscreants.github.io/blog.trailofbits.com/2023/02/21/vscode-extension-escape-vulnerability/Tue, 21 Feb 2023 08:00:50 -0500https://miscreants.github.io/blog.trailofbits.com/2023/02/21/vscode-extension-escape-vulnerability/TL;DR: This two-part blog series will cover how I found and disclosed three vulnerabilities in VSCode extensions and one vulnerability in VSCode itself (a security mitigation bypass assigned CVE-2022-41042 and awarded a $7,500 bounty). We will identify the underlying cause of each vulnerability and create fully working exploits to demonstrate how an […]https://miscreants.github.io/blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/Thu, 16 Feb 2023 08:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/I discovered a logic bug in the readline dependency that partially reveals file information when parsing the file specified in the INPUTRC environment variable. This could allow attackers to move laterally on a box where sshd is running, a given user is able to login, and the user’s private key […]https://miscreants.github.io/blog.trailofbits.com/2022/03/25/towards-practical-security-optimizations-for-binaries/Fri, 25 Mar 2022 08:58:54 -0400https://miscreants.github.io/blog.trailofbits.com/2022/03/25/towards-practical-security-optimizations-for-binaries/To be thus is nothing, but to be safely thus. (Macbeth: 3.1) It’s not enough that compilers generate efficient code, they must also generate safe code. Despite the extensive testing and correctness certification that goes into developing compilers and their optimization passes, they may inadvertently introduce information leaks […]https://miscreants.github.io/blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/Mon, 15 Mar 2021 11:06:18 -0400https://miscreants.github.io/blog.trailofbits.com/2021/03/15/never-a-dill-moment-exploiting-machine-learning-pickle-files/Many machine learning (ML) models are Python pickle files under the hood, and it makes sense. The use of pickling conserves memory, enables start-and-stop model training, and makes trained models portable (and, thereby, shareable). Pickling is easy to implement, is built into Python without requiring additional dependencies, and supports serialization of custom […]https://miscreants.github.io/blog.trailofbits.com/2020/12/16/breaking-aave-upgradeability/Wed, 16 Dec 2020 11:01:55 -0500https://miscreants.github.io/blog.trailofbits.com/2020/12/16/breaking-aave-upgradeability/On December 3rd, Aave deployed version 2 of their codebase. While we were not hired to look at the code, we briefly reviewed it the following day. We quickly discovered a vulnerability that affected versions 1 and 2 of the live contracts and reported the issue. Within an hour of sending our analysis to Aave, […]https://miscreants.github.io/blog.trailofbits.com/2020/11/24/smart-and-simple-ways-to-prevent-symlink-attacks-in-go/Tue, 24 Nov 2020 08:00:04 -0500https://miscreants.github.io/blog.trailofbits.com/2020/11/24/smart-and-simple-ways-to-prevent-symlink-attacks-in-go/After writing Go for years, many of us have learned the error-checking pattern down to our bones: “Does this function return an error? Ope, better make sure it’s nil before moving on.” And that’s great! This should be our default behavior when writing Go. However, rote error checking can sometimes prevent critical thinking about what […]https://miscreants.github.io/blog.trailofbits.com/2020/08/05/accidentally-stepping-on-a-defi-lego/Wed, 05 Aug 2020 07:00:03 -0400https://miscreants.github.io/blog.trailofbits.com/2020/08/05/accidentally-stepping-on-a-defi-lego/The initial release of yVault contained logic for computing the price of yUSDC that could be manipulated by an attacker to drain most (if not all) of the pool’s assets. Fortunately, Andre, the developer, reacted incredibly quickly and disabled the faulty code, securing the approximately 400,000 USD held at the time. However, this bug still […]https://miscreants.github.io/blog.trailofbits.com/2020/04/17/revisiting-2000-cuts-using-binary-ninjas-new-decompiler/Fri, 17 Apr 2020 15:53:10 -0400https://miscreants.github.io/blog.trailofbits.com/2020/04/17/revisiting-2000-cuts-using-binary-ninjas-new-decompiler/It’s been four years since my blog post “2000 cuts with Binary Ninja.” Back then, Binary Ninja was in a private beta and the blog post response surprised its developers at Vector35. Over the past few years I’ve largely preferred to use IDA and HexRays for reversing, and then use Binary Ninja for any scripting. […]https://miscreants.github.io/blog.trailofbits.com/2020/03/03/manticore-discovers-the-ens-bug/Tue, 03 Mar 2020 14:21:52 -0500https://miscreants.github.io/blog.trailofbits.com/2020/03/03/manticore-discovers-the-ens-bug/The Ethereum Name Service (ENS) contract recently suffered from a critical bug that prompted a security advisory and a migration to a new contract (CVE-2020-5232). ENS allows users to associate online resources with human-readable names. As you might expect, it allows you to transfer and sell domain names. Specific details about the bug were in […]https://miscreants.github.io/blog.trailofbits.com/2020/01/16/exploiting-the-windows-cryptoapi-vulnerability/Thu, 16 Jan 2020 11:28:34 -0500https://miscreants.github.io/blog.trailofbits.com/2020/01/16/exploiting-the-windows-cryptoapi-vulnerability/On Tuesday, the NSA announced they had found a critical vulnerability in the certificate validation functionality on Windows 10 and Windows Server 2016/2019. This bug allows attackers to break the validation of trust in a wide variety of contexts, such as HTTPS and code signing. Concerned? Get the important details and see if you’re vulnerable […]https://miscreants.github.io/blog.trailofbits.com/2019/09/27/tethered-jailbreaks-are-back/Fri, 27 Sep 2019 15:09:08 -0400https://miscreants.github.io/blog.trailofbits.com/2019/09/27/tethered-jailbreaks-are-back/Earlier today, a new iPhone Boot ROM exploit, checkm8 (or Apollo or Moonshine), was published on GitHub by axi0mX, affecting the iPhone 4S through the iPhone X. The vulnerability was patched in devices with A12 and A13 CPUs. As of this writing, the iPhone XS, XS Max, XR, 11, 11 Pro and 11 Pro Max […]https://miscreants.github.io/blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/Fri, 19 Jul 2019 21:01:09 -0400https://miscreants.github.io/blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/Trail of Bits recently completed a security assessment of Kubernetes, including its interaction with Docker. Felix Wilhelm’s recent tweet of a Proof of Concept (PoC) “container escape” sparked our interest, since we performed similar research and were curious how this PoC could impact Kubernetes. Quick and dirty way to get out of a privileged k8s […]https://miscreants.github.io/blog.trailofbits.com/2019/07/03/avoiding-smart-contract-gridlock-with-slither/Wed, 03 Jul 2019 14:42:53 -0400https://miscreants.github.io/blog.trailofbits.com/2019/07/03/avoiding-smart-contract-gridlock-with-slither/A denial-of-service (DoS) vulnerability, dubbed ‘Gridlock,’ was publicly reported on July 1st in one of Edgeware’s smart contracts deployed on Ethereum. As much as $900 million worth of Ether may have been processed by this contract. Edgeware has since acknowledged and fixed the “fatal bug.” When we heard about Gridlock, we ran Slither on the […]https://miscreants.github.io/blog.trailofbits.com/2018/10/26/the-good-the-bad-and-the-weird/Fri, 26 Oct 2018 06:50:13 -0400https://miscreants.github.io/blog.trailofbits.com/2018/10/26/the-good-the-bad-and-the-weird/Let’s automatically identify weird machines in software. Combating software exploitation has been a cat-and-mouse game ever since the Morris worm in 1988. Attackers use specific exploitation primitives to achieve unintended code execution. Major software vendors introduce exploit mitigation to break those primitives. Back and forth, back and forth. The mitigations have certainly raised the bar […]https://miscreants.github.io/blog.trailofbits.com/2018/03/22/an-accessible-overview-of-meltdown-and-spectre-part-2/Thu, 22 Mar 2018 06:50:19 -0400https://miscreants.github.io/blog.trailofbits.com/2018/03/22/an-accessible-overview-of-meltdown-and-spectre-part-2/This is the second half of our blog post on the Meltdown an Spectre vulnerabilities, describing Spectre Variant 1 (V1) and Spectre Variant 2 (V2). If you have not done so already, please review the first blog post for an accessible review of computer architecture fundamentals. This blog post will start by covering the technical […]https://miscreants.github.io/blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/Thu, 15 Mar 2018 13:58:03 -0400https://miscreants.github.io/blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/Two weeks ago, we were engaged by CTS Labs as independent consultants at our standard consulting rates to review and confirm the technical accuracy of their preliminary findings. We participated neither in their research nor in their subsequent disclosure process. Our recommendation to CTS was to disclose the vulnerabilities through a CERT. Our review of […]https://miscreants.github.io/blog.trailofbits.com/2018/01/30/an-accessible-overview-of-meltdown-and-spectre-part-1/Tue, 30 Jan 2018 07:50:39 -0500https://miscreants.github.io/blog.trailofbits.com/2018/01/30/an-accessible-overview-of-meltdown-and-spectre-part-1/In the past few weeks the details of two critical design flaws in modern processors were finally revealed to the public. Much has been written about the impact of Meltdown and Spectre, but there is scant detail about what these attacks are and how they work. We are going to try our best to fix […]https://miscreants.github.io/blog.trailofbits.com/2016/12/27/lets-talk-about-cfi-microsoft-edition/Tue, 27 Dec 2016 06:00:29 -0500https://miscreants.github.io/blog.trailofbits.com/2016/12/27/lets-talk-about-cfi-microsoft-edition/We’re back with our promised second installment discussing control flow integrity. This time, we will talk about Microsoft’s implementation of control flow integrity. As a reminder, control flow integrity, or CFI, is an exploit mitigation technique that prevents bugs from turning into exploits. For a more detailed explanation, please read the first post in this […]https://miscreants.github.io/blog.trailofbits.com/2016/10/17/lets-talk-about-cfi-clang-edition/Mon, 17 Oct 2016 07:50:15 -0400https://miscreants.github.io/blog.trailofbits.com/2016/10/17/lets-talk-about-cfi-clang-edition/Our previous blog posts often mentioned control flow integrity, or CFI, but we have never explained what CFI is, how to use it, or why you should care. It’s time to remedy the situation! In this blog post, we’ll explain, at a high level, what CFI is, what it does, what it doesn’t do, and […]https://miscreants.github.io/blog.trailofbits.com/2016/06/03/2000-cuts-with-binary-ninja/Fri, 03 Jun 2016 12:14:34 -0400https://miscreants.github.io/blog.trailofbits.com/2016/06/03/2000-cuts-with-binary-ninja/Using Vector35’s Binary Ninja, a promising new interactive static analysis and reverse engineering platform, I wrote a script that generated “exploits” for 2,000 unique binaries in this year’s DEFCON CTF qualifying round. If you’re wondering how to remain competitive in a post-DARPA DEFCON CTF, I highly recommend you take a look at Binary Ninja.https://miscreants.github.io/blog.trailofbits.com/2016/05/05/the-dbirs-forest-of-exploit-signatures/Thu, 05 May 2016 16:56:12 -0400https://miscreants.github.io/blog.trailofbits.com/2016/05/05/the-dbirs-forest-of-exploit-signatures/If you follow the recommendations in the 2016 Verizon Data Breach Investigations Report (DBIR), you will expose your organization to more risk, not less. The report’s most glaring flaw is the assertion that the TLS FREAK vulnerability is among the ‘Top 10’ most exploited on the Internet. No experienced security practitioner believes that FREAK is […]https://miscreants.github.io/blog.trailofbits.com/2016/02/02/software-security-ideas-ahead-of-their-time/Tue, 02 Feb 2016 07:50:18 -0500https://miscreants.github.io/blog.trailofbits.com/2016/02/02/software-security-ideas-ahead-of-their-time/Every good security researcher has a well-curated list of blogs they subscribe to. At Trail of Bits, given our interest in software security and its intersections with programming languages, one of our favorites is The Programming Language Enthusiast by Michael Hicks. Our primary activity is to describe and discuss research about — and the practical […]https://miscreants.github.io/blog.trailofbits.com/2015/07/21/hardware-side-channels-in-the-cloud/Tue, 21 Jul 2015 07:50:01 -0400https://miscreants.github.io/blog.trailofbits.com/2015/07/21/hardware-side-channels-in-the-cloud/At REcon 2015, I demonstrated a new hardware side channel which targets co-located virtual machines in the cloud. This attack exploits the CPU’s pipeline as opposed to cache tiers which are often used in side channel attacks. When designing or looking for hardware based side channels – specifically in the cloud – I analyzed a […]https://miscreants.github.io/blog.trailofbits.com/2015/06/08/introducing-the-rubysec-field-guide/Mon, 08 Jun 2015 07:50:54 -0400https://miscreants.github.io/blog.trailofbits.com/2015/06/08/introducing-the-rubysec-field-guide/Vulnerabilities have been discovered in Ruby applications with the potential to affect vast swathes of the Internet and attract attackers to lucrative targets online. These vulnerabilities take advantage of features and common idioms such as serialization and deserialization of data in the YAML format. Nearly all large, tested and trusted open-source Ruby projects contain some of […]https://miscreants.github.io/blog.trailofbits.com/2015/05/13/closing-the-windows-gap/Wed, 13 May 2015 17:26:29 -0400https://miscreants.github.io/blog.trailofbits.com/2015/05/13/closing-the-windows-gap/The security research community is full of grey beards that earned their stripes writing exploits against mail servers, domain controllers, and TCP/IP stacks. These researchers started writing exploits on platforms like Solaris, IRIX, and BSDi before moving on to Windows exploitation. Now they run companies, write policy, rant on twitter, and testify in front of […]https://miscreants.github.io/blog.trailofbits.com/2013/05/20/writing-exploits-with-the-elderwood-kit-part-2/Mon, 20 May 2013 11:34:05 -0400https://miscreants.github.io/blog.trailofbits.com/2013/05/20/writing-exploits-with-the-elderwood-kit-part-2/In the final part of our three-part series, we investigate the how the toolkit user gained control of program flow and what their strategy means for the reliability of their exploit. Elderwood and the Department of Labor Hack Writing Exploits with the Elderwood Kit (Part 1) Writing Exploits with the Elderwood Kit (Part 2) Last time, […]https://miscreants.github.io/blog.trailofbits.com/2013/05/14/writing-exploits-with-the-elderwood-kit-part-1/Tue, 14 May 2013 12:00:57 -0400https://miscreants.github.io/blog.trailofbits.com/2013/05/14/writing-exploits-with-the-elderwood-kit-part-1/In the second part of our three-part series, we investigate the tools provided by the Elderwood kit for developing exploits from discovered vulnerabilities. Elderwood and the Department of Labor Hack Writing Exploits with the Elderwood Kit (Part 1) Writing Exploits with the Elderwood Kit (Part 2) Several mitigations must be avoided or bypassed in order […]https://miscreants.github.io/blog.trailofbits.com/2013/05/13/elderwood-and-the-department-of-labor-hack/Mon, 13 May 2013 12:00:10 -0400https://miscreants.github.io/blog.trailofbits.com/2013/05/13/elderwood-and-the-department-of-labor-hack/Recently, the Department of Labor (DoL) and several other websites were compromised to host a new zero-day exploit in Internet Explorer 8 (CVE-2013-1347). Researchers noted similarities between this attack and earlier ones attributed to Elderwood, a distinct set of tools used to develop several past strategic website compromises. We have not, however, identified any evidence […]