https://miscreants.github.io/blog.trailofbits.com/categories/guides/Recent content in guides on The Trail of Bits BlogHugoen-usWed, 22 Nov 2023 07:00:12 -0500https://miscreants.github.io/blog.trailofbits.com/2023/11/22/etw-internals-for-security-research-and-forensics/Wed, 22 Nov 2023 07:00:12 -0500https://miscreants.github.io/blog.trailofbits.com/2023/11/22/etw-internals-for-security-research-and-forensics/Why has Event Tracing for Windows (ETW) become so pivotal for endpoint detection and response (EDR) solutions in Windows 10 and 11? The answer lies in the value of the intelligence it provides to security tools through secure ETW channels, which are now also a target for offensive researchers looking to bypass […]https://miscreants.github.io/blog.trailofbits.com/2023/09/25/pitfalls-of-relying-on-ebpf-for-security-monitoring-and-some-solutions/Mon, 25 Sep 2023 07:00:47 -0400https://miscreants.github.io/blog.trailofbits.com/2023/09/25/pitfalls-of-relying-on-ebpf-for-security-monitoring-and-some-solutions/eBPF (extended Berkeley Packet Filter) has emerged as the de facto Linux standard for security monitoring and endpoint observability. It is used by technologies such as BPFTrace, Cilium, Pixie, Sysdig, and Falco due to its low overhead and its versatility. There is, however, a dark (but open) secret: eBPF was never intended […]https://miscreants.github.io/blog.trailofbits.com/2023/08/14/can-you-pass-the-rekt-test/Mon, 14 Aug 2023 04:00:50 -0400https://miscreants.github.io/blog.trailofbits.com/2023/08/14/can-you-pass-the-rekt-test/One of the biggest challenges for blockchain developers is objectively assessing their security posture and measuring how it progresses. To address this issue, a working group of Web3 security experts, led by Trail of Bits CEO Dan Guido, met earlier this year to create a simple test for profiling the security of blockchain teams. We […]https://miscreants.github.io/blog.trailofbits.com/2023/02/27/reusable-properties-ethereum-contracts-echidna/Mon, 27 Feb 2023 08:00:54 -0500https://miscreants.github.io/blog.trailofbits.com/2023/02/27/reusable-properties-ethereum-contracts-echidna/As smart contract security constantly evolves, property-based fuzzing has become a go-to technique for developers and security engineers. This technique relies on the creation of code properties – often called invariants – which describe what the code is supposed to do. To help the community define properties, we are releasing a set of 168 pre-built […]https://miscreants.github.io/blog.trailofbits.com/2022/12/22/curl-security-audit-threat-model/Thu, 22 Dec 2022 15:10:39 -0500https://miscreants.github.io/blog.trailofbits.com/2022/12/22/curl-security-audit-threat-model/Trail of Bits recently completed a security review of cURL, which is an amazing and ubiquitous tool for transferring data. We were really thrilled to see cURL founder and lead developer Daniel Stenberg write a blog post about the engagement and the report, and wanted to highlight some important things he pointed […]https://miscreants.github.io/blog.trailofbits.com/2022/11/14/livestream-workshop-fuzzing-echidna-slither/Mon, 14 Nov 2022 08:30:23 -0500https://miscreants.github.io/blog.trailofbits.com/2022/11/14/livestream-workshop-fuzzing-echidna-slither/Over the years, we’ve built many high-impact tools that we use for security reviews. You might know some of them, like Slither, Echidna, Amarna, Tealer, and test-fuzz. All of our tools are open source, and we love seeing the community benefit from them. But mastering our tools takes time and practice, and it’s easier if […]https://miscreants.github.io/blog.trailofbits.com/2021/02/26/the-tao-of-continuous-integration/Fri, 26 Feb 2021 10:31:47 -0500https://miscreants.github.io/blog.trailofbits.com/2021/02/26/the-tao-of-continuous-integration/It is a truism in modern software development that a robust continuous integration (CI) system is necessary. But many projects suffer from CI that feels brittle, frustrates developers, and actively impedes development velocity. Why is this? What can you do to avoid the common CI pitfalls? Continuous Integration Needs a Purpose CI […]https://miscreants.github.io/blog.trailofbits.com/2019/11/14/introducing-iverify-the-security-toolkit-for-iphone-users/Thu, 14 Nov 2019 09:38:48 -0500https://miscreants.github.io/blog.trailofbits.com/2019/11/14/introducing-iverify-the-security-toolkit-for-iphone-users/“If privacy matters, it should matter to the phone your life is on.” So says Apple in their recent ads about Privacy on the iPhone and controlling the data you share—but many of the security features they highlight are opt-in, and users often don’t know when or how to activate them. But hey… we got […]https://miscreants.github.io/blog.trailofbits.com/2018/11/27/10-rules-for-the-secure-use-of-cryptocurrency-hardware-wallets/Tue, 27 Nov 2018 06:50:43 -0500https://miscreants.github.io/blog.trailofbits.com/2018/11/27/10-rules-for-the-secure-use-of-cryptocurrency-hardware-wallets/Earlier this year, the Web3 Foundation (W3F) commissioned Trail of Bits for a security review and assessment of the risks in storing cryptocurrency. Everyone who owns cryptocurrency — from large institutions to individual enthusiasts — shares the W3F’s concerns. In service to the broader community, the W3F encouraged us to publish our recommendations for the […]https://miscreants.github.io/blog.trailofbits.com/2018/10/05/how-to-spot-good-fuzzing-research/Fri, 05 Oct 2018 06:50:52 -0400https://miscreants.github.io/blog.trailofbits.com/2018/10/05/how-to-spot-good-fuzzing-research/Of the nearly 200 papers on software fuzzing that have been published in the last three years, most of them—even some from high-impact conferences—are academic clamor. Fuzzing research suffers from inconsistent and subjective benchmarks, which keeps this potent field in a state of arrested development. We’d like to help explain why this has happened and […]https://miscreants.github.io/blog.trailofbits.com/2018/04/06/how-to-prepare-for-a-security-audit/Fri, 06 Apr 2018 06:50:33 -0400https://miscreants.github.io/blog.trailofbits.com/2018/04/06/how-to-prepare-for-a-security-audit/You’ve just approved a security review of your codebase. Do you: Send a copy of the repository and wait for the report, or Take the extra effort to set the project up for success? By the end of the review, the difference between these answers will lead to profoundly disparate results. In the former case, […]https://miscreants.github.io/blog.trailofbits.com/2015/07/07/how-to-harden-your-google-apps/Tue, 07 Jul 2015 14:52:12 -0400https://miscreants.github.io/blog.trailofbits.com/2015/07/07/how-to-harden-your-google-apps/Never let a good incident go to waste. Today, we’re using the OPM incident as an excuse to share with you our top recommendations for shoring up the security of your Google Apps for Work account. More than 5 million companies rely on Google Apps to run their critical business functions, like email, document storage, calendaring, and […]https://miscreants.github.io/blog.trailofbits.com/2015/06/08/introducing-the-rubysec-field-guide/Mon, 08 Jun 2015 07:50:54 -0400https://miscreants.github.io/blog.trailofbits.com/2015/06/08/introducing-the-rubysec-field-guide/Vulnerabilities have been discovered in Ruby applications with the potential to affect vast swathes of the Internet and attract attackers to lucrative targets online. These vulnerabilities take advantage of features and common idioms such as serialization and deserialization of data in the YAML format. Nearly all large, tested and trusted open-source Ruby projects contain some of […]https://miscreants.github.io/blog.trailofbits.com/2014/09/02/enabling-two-factor-authentication-2fa-for-apple-id-and-dropbox/Tue, 02 Sep 2014 17:00:37 -0400https://miscreants.github.io/blog.trailofbits.com/2014/09/02/enabling-two-factor-authentication-2fa-for-apple-id-and-dropbox/Step-by-step guide to enabling SMS-based two-factor authentication on your Apple ID and Dropbox accounts to protect against password-based attacks.https://miscreants.github.io/blog.trailofbits.com/2014/05/20/trail-of-bits-releases-capture-the-flag-field-guide/Tue, 20 May 2014 09:00:33 -0400https://miscreants.github.io/blog.trailofbits.com/2014/05/20/trail-of-bits-releases-capture-the-flag-field-guide/Free Online Coursework Allows Students, Professionals to Build Essential Offensive Security Skills New York, NY (May 20, 2014)–Security researchers at Trail of Bits today introduced the CTF Field Guide (Capture the Flag), a freely available, self-guided online course designed to help university and high school students hone the skills needed to succeed in the fast-paced, […]