HackDig : Dig high-quality web security articles for hackers

Detecting Bad OpenSSL Usage

by William Wang, UCLA OpenSSL is one of the most popular cryptographic libraries out there; even if you aren’t using C/C++, chances are your programming language’s biggest libraries use OpenSSL bindings as well. It’s also notoriously easy to mess up due to the design of its low-level API. Yet many of these mistakes fall into easily identifi
Publish At:2020-05-29 15:31 | Read:236 | Comments:0 | Tags:Cryptography Internship Projects Program Analysis

Emerging Talent: Winternship 2020 Highlights

The Trail of Bits Winternship is our winter internship program where we invite 10-15 students to join us over the winter break for a short project that has a meaningful impact on information security. They work remotely with a mentor to create or improve tools that solve a single impactful problem. These paid internships give student InfoSec engineers real i
Publish At:2020-05-24 08:07 | Read:114 | Comments:0 | Tags:Internship Projects

Grace Hopper Celebration (GHC) 2019 Recap

by Rachel Cipkins, Stevens Institute of Technology, Hoboken, NJ A few weeks ago I had the inspiring experience of attending the annual Grace Hopper Celebration (GHC), the world’s largest gathering of women in technology. Over four days in Orlando, Florida, GHC hosted a slew of workshops and presentations, plus a massive career fair with over 450 vendors (by
Publish At:2019-11-12 03:25 | Read:579 | Comments:0 | Tags:Conferences Internship Projects

Formal Analysis of the CBC Casper Consensus Algorithm with TLA+

by Anne Ouyang, Piedmont Hills High School, San Jose, CA As a summer intern at Trail of Bits, I used the PlusCal and TLA+ formal specification languages to explore Ethereum’s CBC Casper consensus protocol and its Byzantine fault tolerance. This work was motivated by the Medium.com article Peer Review: CBC Casper by Muneeb Ali, Jude Nelson, and Aaron Blankste
Publish At:2019-10-25 08:25 | Read:797 | Comments:0 | Tags:Blockchain Internship Projects

Multi-Party Computation on Machine Learning

During my internship this summer, I built a multi-party computation (MPC) tool that implements a 3-party computation protocol for perceptron and support vector machine (SVM) algorithms. MPC enables multiple parties to perform analyses on private datasets without sharing them with each other. I developed a technique that lets three parties obtain the resul
Publish At:2019-10-04 11:40 | Read:2044 | Comments:0 | Tags:Cryptography Internship Projects

Better Encrypted Group Chat

Broadly, an end-to-end encrypted messaging protocol is one that ensures that only the participants in a conversation, and no intermediate servers, routers, or relay systems, can read and write messages. An end-to-end encrypted group messaging protocol is one that ensures this for all participants in a conversation of three or more people. End-to-end encrypte
Publish At:2019-09-19 16:00 | Read:681 | Comments:0 | Tags:Cryptography Internship Projects

Wrapper’s Delight

by Patrick Palka, University of Illinois at Chicago During my summer at Trail of Bits, I took full advantage of the latest C++ language features to build a new SQLite wrapper from scratch that is easy to use, lightweight, high performance, and concurrency friendly—all in under 750 lines of code. The wrapper is available at https://github.com/trailofbits/sqli
Publish At:2019-09-19 16:00 | Read:548 | Comments:0 | Tags:Engineering Practice Internship Projects c++ databases sqlit

Reverse Taint Analysis Using Binary Ninja

by Henry Wildermuth, Horace Mann High School We open-sourced a set of static analysis tools, KRFAnalysis, that analyze and triage output from our system call (syscall) fault injection tool KRF. Now you can easily figure out where and why, KRF crashes your programs. During my summer internship at Trail of Bits, I worked on KRF, a fuzzer that directly faults s
Publish At:2019-09-19 16:00 | Read:734 | Comments:0 | Tags:Binary Ninja Internship Projects Reversing Static Analysis k

Binary symbolic execution with KLEE-Native

by Sai Vegasena, New York University, and Peter Goodman, Senior Security Engineer KLEE is a symbolic execution tool that intelligently produces high-coverage test cases by emulating LLVM bitcode in a custom runtime environment. Yet, unlike simpler fuzzers, it’s not a go-to tool for automated bug discovery. Despite constant improvements by the academic commun
Publish At:2019-09-19 16:00 | Read:712 | Comments:0 | Tags:Internship Projects Symbolic Execution klee

Rewriting Functions in Compiled Binaries

by Aditi Gupta, Carnegie Mellon University As a summer intern at Trail of Bits, I’ve been working on building Fennec, a tool to automatically replace function calls in compiled binaries that’s built on top of McSema, a binary lifter developed by Trail of Bits. The Problem Let’s say you have a compiled binary, but you don’t have access to the original source
Publish At:2019-09-19 16:00 | Read:806 | Comments:0 | Tags:Cryptography Internship Projects McSema binary patching

DeepState Now Supports Ensemble Fuzzing

by Alan Cao, Francis Lewis High School, Queens, NY We are proud to announce the integration of ensemble fuzzing into DeepState, our unit-testing framework powered by fuzzing and symbolic execution. Ensemble fuzzing allows testers to execute multiple fuzzers with varying heuristics in a single campaign, while maintaining an architecture for synchronizing gene
Publish At:2019-09-19 16:00 | Read:1083 | Comments:0 | Tags:Fuzzing Internship Projects


Share high-quality web security related articles with you:)


Tag Cloud