HackDig : Dig high-quality web security articles for hackers

Announcing the 1st International Workshop on Smart Contract Analysis

At Trail of Bits we do more than just security audits: We also push the boundaries of research in vulnerability detection tools, regularly present our work in academic conferences, and review interesting papers from other researchers (see our recent Real World Crypto and Financial Crypto recaps). In this spirit, we and Northern Arizona University are
Publish At:2020-05-03 17:57 | Read:807 | Comments:0 | Tags:Blockchain Conferences Research Practice

64 Bits ought to be enough for anybody!

How quickly can we use brute force to guess a 64-bit number? The short answer is, it all depends on what resources are available. So we’re going to examine this problem starting with the most naive approach and then expand to other techniques involving parallelization. We’ll discuss parallelization at the CPU level with SIMD instructions, then via multiple c
Publish At:2019-11-30 08:25 | Read:897 | Comments:0 | Tags:Research Practice

Announcing the Crytic $10k Research Prize

At Trail of Bits, we make a significant effort to stay up to date with the academic world. We frequently evaluate our work through peer-reviewed conferences, and we love to attend academic events (see our recent ICSE and Crypto recaps). However, we consistently see one recurring issue at these academic events: a lack of reliable tools and experiments. Resear
Publish At:2019-11-13 08:25 | Read:1238 | Comments:0 | Tags:Blockchain Paper Review Press Release Research Practice

Two New Tools that Tame the Treachery of Files

Parsing is hard, even when a file format is well specified. But when the specification is ambiguous, it leads to unintended and strange parser and interpreter behaviors that make file formats susceptible to security vulnerabilities. What if we could automatically generate a “safe” subset of any file format, along with an associated, verified parser? That’s o
Publish At:2019-11-12 03:25 | Read:652 | Comments:0 | Tags:DARPA Dynamic Analysis Program Analysis Research Practice

Everything You Ever Wanted To Know About Test-Case Reduction, But Didn’t Know to Ask

Imagine reducing the amount of code and time needed to test software, while at the same time increasing the efficacy of your tests and making your debugging tasks easier—all with minimal human effort. It seems too good to be true, but we’re going to explain how test-case reduction can do all this (and maybe more). Understanding how reduction works can help w
Publish At:2019-11-12 03:25 | Read:889 | Comments:0 | Tags:Dynamic Analysis Fuzzing Research Practice

TSC Frequency For All: Better Profiling and Benchmarking

Have you ever tried using LLVM’s X-Ray profiling tools to make some flame graphs, but gotten obscure errors like: ==65892==Unable to determine CPU frequency for TSC accounting. ==65892==Unable to determine CPU frequency. Or worse, have you profiled every function in an application, only to find the sum of all function runtimes accounted for ~15 minutes of a
Publish At:2019-10-03 09:30 | Read:897 | Comments:0 | Tags:Containers Linux Research Practice


Share high-quality web security related articles with you:)