HackDig : Dig high-quality web security articles for hackers

Announcing the 1st International Workshop on Smart Contract Analysis

At Trail of Bits we do more than just security audits: We also push the boundaries of research in vulnerability detection tools, regularly present our work in academic conferences, and review interesting papers from other researchers (see our recent Real World Crypto and Financial Crypto recaps). In this spirit, we and Northern Arizona University are
Publish At:2020-05-03 17:57 | Read:677 | Comments:0 | Tags:Blockchain Conferences Research Practice

Financial Cryptography 2020 Recap

A few weeks ago, we went to the 24th Financial Cryptography (FC) conference and the Workshop on Trusted Smart Contracts (WTSC) workshop, where we presented our work on smart contract bug categorization (see our executive summary), and a poster on Echidna. Although FC is not a blockchain conference, it featured several blockchain-oriented presentations this y
Publish At:2020-03-18 11:19 | Read:326 | Comments:0 | Tags:Blockchain Conferences Paper Review

Coronavirus impacts security conferences and events: check your schedule

With coronavirus starting to take hold globally, international travel restrictions are kicking in and more workplaces are advising to work from home whenever possible. When self-isolation is a potential solution, public gatherings are increasingly looking like a terrible idea. Events are becoming a bit of a hotspot for cases, leading to inevitably bizarre sc
Publish At:2020-03-12 15:31 | Read:549 | Comments:0 | Tags:Security world black hat bsides cancellations conferences co

BSidesSF CTF: Hard reversing challenge: Chameleon

For my third and final blog post about the BSidesSF CTF, I wanted to cover the solution to Chameleon. Chameleon is loosely based on a KringleCon challenge I wrote (video guide), which is loosely based on a real-world penetration test from a long time ago. Except that Chameleon is much, much harder than either. Chameleon (source), at its core, is a file encr
Publish At:2020-02-26 15:35 | Read:501 | Comments:0 | Tags:Conferences Crypto CTFs Reverse Engineering

BSidesSF CTF: Difficult reverse engineering challenge: Gman

Once again, it was my distinct privilege to be a BSidesSF CTF organizer! As somebody who played CTFs for years, it really means a lot to me to organize one, and watch folks struggle through our challenges. And more importantly, each person that comes up to us and either thanks us or tells us they learned something is a huge bonus! But this week, I want to po
Publish At:2020-02-26 14:05 | Read:324 | Comments:0 | Tags:Conferences CTFs

BSidesSF CTF: Easy to hard Rust reversing challenges

As mentioned in a previous post, I was honoured to once again help run BSidesSF CTF! This is going to be a quick writeup for three challenges: config-me, rusty1, and rusty2. All three are reversing challenges written in Rust, although the actual amount of reversing required is low for the first two. config-me config-me (source) was actually modeled after tw
Publish At:2020-02-26 14:05 | Read:430 | Comments:0 | Tags:Conferences CTFs Reverse Engineering

Themes from Real World Crypto 2020

Over 642 brilliant cryptographic minds gathered for Real World Crypto 2020, an annual conference that brings together cryptographic researchers with developers implementing cryptography in the wild. Overall, RWC 2020 was an impressive conference that demonstrated some amazing work. Here we explore three major themes that emerged: Crypto bugs are eve
Publish At:2020-01-23 08:25 | Read:583 | Comments:0 | Tags:Conferences Cryptography

Grace Hopper Celebration (GHC) 2019 Recap

by Rachel Cipkins, Stevens Institute of Technology, Hoboken, NJ A few weeks ago I had the inspiring experience of attending the annual Grace Hopper Celebration (GHC), the world’s largest gathering of women in technology. Over four days in Orlando, Florida, GHC hosted a slew of workshops and presentations, plus a massive career fair with over 450 vendors (by
Publish At:2019-11-12 03:25 | Read:579 | Comments:0 | Tags:Conferences Internship Projects

QueryCon 2019: A Turning Point for osquery

Has it really been 3 months since Trail of Bits hosted QueryCon? We’ve had such a busy and productive summer that we nearly forgot to go back and reflect on the success of this event! On June 20-21, Trail of Bits partnered with Kolide and Carbon Back to host the 2nd annual QueryCon, at the Convene Old Slip Convention Center in downtown New York. We beat last
Publish At:2019-09-20 09:30 | Read:1072 | Comments:0 | Tags:Conferences Engineering Practice osquery

BSidesSF CTF author writeup: genius

Hey all, This is going to be an author's writeup of the BSidesSF 2019 CTF challenge: genius! genius is probably my favourite challenge from the year, and I'm thrilled that it was solved by 6 teams! It was inspired by a few other challenges I wrote in the past, including Nibbler. You can grab the sourcecode, solution, and everything needed to run it yourself
Publish At:2019-09-19 17:55 | Read:1205 | Comments:0 | Tags:Conferences CTFs Hacking Reverse Engineering

Some crypto challenges: Author writeup from BSidesSF CTF

Hey everybody, This is yet another author's writeup for BSidesSF CTF challenges! This one will focus on three crypto challenges I wrote: mainframe, mixer, and decrypto! mainframe - bad password reset .block1 { color: red; background-color: #3b3d37; border: 2px solid #17242b; margin: 2px; } .block2 { color: orange; background-color:
Publish At:2019-09-19 17:55 | Read:661 | Comments:0 | Tags:Conferences Crypto Passwords Tools

In BSidesSF CTF, calc.exe exploits you! (Author writeup of launchcode)

Hey everybody, In addition to genius, whose writeup I already posted, my other favourite challenge I wrote for BSidesSF CTF was called launchcode. This will be my third and final writeup for BSidesSF CTF for 2019, but you can see all the challenges and solutions on our Github releases page. This post will be more about how I developed this, since the solutio
Publish At:2019-09-19 17:55 | Read:1006 | Comments:0 | Tags:Conferences Crypto Forensics Reverse Engineering exploit

Black Hat US 2019 / Some Talks

I’ve been at Black Hat Vegas last week and in the following I’ll shortly discuss some talks I’ve attended and which I found interesting. Gabriele Fisher & Luke Valenta: Monsters in the Middleboxes. Building Tools for Detecting HTTPS Interception This talk was about identifying if inbound HTTPS traffic reaching a server had been interce
Publish At:2019-09-19 17:15 | Read:797 | Comments:0 | Tags:Events Black Hat Conferences

Crypto 2019 Takeaways

This year’s IACR Crypto conference was an excellent blend of far-out theory and down-to-earth pragmatism. A major theme throughout the conference was the huge importance of getting basic cryptographic primitives right. Systems ranging from TLS servers and bitcoin wallets to state-of-the-art secure multiparty computation protocols were broken when one small s
Publish At:2019-09-19 16:00 | Read:678 | Comments:0 | Tags:Conferences Cryptography Paper Review

BSidesSF CTF wrap-up

Welcome! While this is technically a CTF writeup, like I frequently do, this one is going to be a bit backwards: this is for a CTF I ran, instead of one I played! I've gotta say, it's been a little while since I played in a CTF, but I had a really good time running the BSidesSF CTF! I just wanted to thank the other organizers - in alphabetical order - @bmenr
Publish At:2017-02-23 00:15 | Read:5040 | Comments:0 | Tags:Conferences CTFs


Share high-quality web security related articles with you:)


Tag Cloud