products on The Trail of Bits Blog

iVerify is now an independent company!

Mon, 28 Aug 2023 07:00:45 -0400

We’re proud to announce that iVerify is now an independent company following its four-year incubation at Trail of Bits. Originally developed in-house to ensure that our personal phones, which store data essential to our work and private lives, were secured to the standards of security professionals, iVerify quickly showed that it could be valuable to […]

Circomspect has more passes!

Tue, 21 Mar 2023 08:00:24 -0400

TL;DR: We have released version 0.8.0 of Circomspect, our static analyzer and linter for Circom. Since our initial release of Circomspect in September 2022, we have added five new analysis passes, support for tags, tuples, and anonymous components, links to in-depth descriptions of each identified issue, and squashed a […]

Introducing iVerify, the security toolkit for iPhone users

Thu, 14 Nov 2019 09:38:48 -0500

“If privacy matters, it should matter to the phone your life is on.” So says Apple in their recent ads about Privacy on the iPhone and controlling the data you share—but many of the security features they highlight are opt-in, and users often don’t know when or how to activate them. But hey… we got […]

Crytic: Continuous Assurance for Smart Contracts

Fri, 02 Aug 2019 06:50:36 -0400

Note: This blog has been reposted from Truffle Suite’s blog. We are proud to announce our new smart contract security product: https://crytic.io/. Crytic provides continuous assurance for smart contracts. The platform reports build status on every commit and runs a suite of security analyses for immediate feedback. The beta will be open soon. Follow us […]

Start using the Secure Enclave Crypto API

Tue, 28 Jun 2016 07:50:42 -0400

tl;dr – Tidas is now open source. Let us know if your company wants help trying it out. When Apple quietly released the Secure Enclave Crypto API in iOS 9 (kSecAttrTokenIDSecureEnclave), it allowed developers to liberate their users from the annoyance of strong passwords or OAuth. That is, if the developers could make do without […]

Tidas: a new service for building password-less apps

Tue, 09 Feb 2016 06:50:54 -0500

For most mobile app developers, password management has as much appeal as a visit to the dentist. You do it because you have to, but it is annoying and easy to screw up, even when using standard libraries or protocols like OAUTH. Your users feel the same way. Even if they know to use strong […]

ReMASTering Applications by Obfuscating during Compilation

Wed, 20 Aug 2014 08:50:45 -0400

In this post, we discuss the creation of a novel software obfuscation toolkit, MAST, implemented in the LLVM compiler and suitable for denying program understanding to even the most well-resourced adversary. Our implementation is inspired by effective obfuscation techniques used by nation-state malware and techniques discussed in academic literature. MAST enables software developers to protect […]

Introducing Javelin

Mon, 24 Feb 2014 08:44:38 -0500

Javelin shows you how modern attackers would approach and exploit your enterprise. By simulating real-time, real-world attack techniques, Javelin identifies which employees are most likely to be targets of spearphishing campaigns, uncovers security infrastructure weaknesses, and compares overall vulnerability against industry competitors. Javelin benchmarks the efficacy of defensive strategies, and provides customized recommendations for improving […]