Resources | Trail of Bits

RESOURCE HUB

RECENT WORK

September 2025

x03

Trail of Bits named a leader in Cybersecurity Consulting Services

Trail of Bits Testing Handbook

The Testing Handbook is a resource that guides developers and security professionals in configuring, optimizing, and automating many of the static and dynamic analysis tools we use.

Scroll zstd Compression

Effort Level: 9

MLSecOps March 20: Supply chain security

William Woodruff

MLIR is the future of program analysis

Peter Goodman

IN THE NEWS

SEPTEMBER 2025

BLOOMBERG NEWS

How Bloomberg News Vetted the Jeffrey Epstein Emails

SEPTEMBER 2025

CYBER INSIDER

New Electron Flaw Allows Backdooring Signal, 1Password, and Slack

AUGUST 2025

INFOSECURITY MAGAZINE

In Conversation: Learnings for CISOs Post Black Hat and DEF CON

AUGUST 2025

TECHRADAR

AI Chatbot Users Beware: Hackers Hide Malware in LLM Images

AUGUST 2025

PC WORLD

Hackers can hide AI prompt injection attacks in resized images

SECURITY REVIEWS

VIEW MORE PUBLIC REPORTS

October 2023

EFFORT LEVEL 4

YOLOv7 Threat Model and Code Review

Mar 2023

EFFORT LEVEL 2

EleutherAI, Hugging Face, & Stability AI SafeTensors Library

June 2024

EFFORT LEVEL 12

Scroll zstd Compression

April 2024

EFFORT LEVEL 1

Iron Fish FishHash

April 2024

EFFORT LEVEL 6

Scroll ZkEVM 4844 Blob

Nov 2023

EFFORT LEVEL 11

Ockam

Oct 2023

EFFORT LEVEL 18

Aleo snarkVM, snarkOS, BullsharkBFT

Sept 2023

EFFORT LEVEL 9

Scroll ZkEVM Wave 3

ACADEMIC PAPERS

VIEW ALL OF OUR PAPERS

2024

EuroLLVM Devs' Meeting 2024

VAST: MLIR compiler for C/C++

2024

EuroLLVM Devs' Meeting 2024

PoTATo: Points-to analysis via domain specific MLIR dialect

2023

Euro S&P 2023

Careful with MAc-then-SIGn: A Computational Analysis of the EDHOC Lightweight Authenticated Key Exchange Protocol

2023

IEEE S&P 2023

Weak Fiat-Shamir Attacks on Modern Proof Systems

2023

OSP [KISV 2023

CIVSCOPE: Analyzing Potential Memory Corruption Bugs in Compartment Interfaces

2023

LangSec 2023

Detecting variability bugs through hybrid control and data flow analysis

2023

PETS 2023

Efficient Proofs of Software Exploitability for Real-world Processors

2023

rXiv

Toward Comprehensive Risk Assessments and Assurance of AI Systems

CONFERENCE PRESENTATIONS

WATCH MORE RECORDED TALKS

2023

Kelly Kaoudis, Henrik Brodin, Evan Sultanik

Detecting variability bugs with hybrid control and data flow

2023

Peter Goodman

MLIR is the future of program analysis

2021

Evan Sultanik

A Sermon on the Indulgences of Computational Sacrifice; or, The Superabundant Benedictions of Programming an Absurd NES Game

2021

William Woodruff, Niki Carroll, Sebastiaan Peters

Differential analysis of x86-64 instruction decoders

2020

William Woodruff

How to find bugs when (ground) truth isn't real

2019

Evan Sultanik

The Treachery of Files and Two New Tools that Tame It

2019

Stefan Edwards

Symbolically Executing a Fuzzy Tyrant

2019

William Woodruff

Kernel space fault injection with KRF

PODCASTS

LISTEN TO ALL OF OUR PODCAST FEATURES

March 2024

William Woodruff

MLSecOps March 20

May 2023

Dan Guido

Risky Biz 707

Feb 2023

Nick Selby

ASW 229

Jan 2023

Dan Guido

Risky Biz 690

Jul 2022

Dan Guido

Risky Biz 672

Jun 2022

Nick Selby

Cloud Security Reinvented

Mar 2022

Dan Guido

Skiff Office Hours

Jan 2022

Dan Guido

Risky Biz 652

GUIDES AND HANDBOOKS

SEE OUR COMPLETE LIST OF HANDBOOKS

Learn about Trail of Bits' commitment to vulnerability disclosure, including our 90+30 day disclosure timeline and coordination process with vendors.

Vulnerability Disclosure Policy

The automated testing handbook is a resource that guides developers and security professionals in configuring, optimizing, and automating many of the static and dynamic analysis tools we use.