Trail of Bits

*Accidental* cryptographic nonce reuse can compromise even otherwise-robust systems. Our blog uncovers subtle vulnerabilities in bidirectional encrypted channels and threshold signature schemes. What we found: - Global nonce counters may not prevent reuse across multiple parties - Bidirectional channels require careful key and nonce management - If two parties can send messages with the same nonce, this can leak authentication keys, allowing an eavesdropper to tamper with later messages We recommend using separate keys for each communication direction and leveraging established protocols like the Noise Framework. Cryptosystem security often hinges on seemingly minor implementation details. Robust nonce management is crucial for maintaining the integrity of encrypted communications. As the complexity of cryptographic systems grows, so does the importance of thorough security reviews. https://lnkd.in/gcCVhHvk

We're pleased to share the results of our recent comparative security assessment on authorization and access management policy languages: Cedar, Rego, and the OpenFGA modeling language. Our comparative language security analysis focused on: * Creating a threat model that broadly applies to deployments of access management policy languages * Determining the features of the evaluated languages that mitigate or worsen these threats * Assessing the mitigation maturity of the evaluated languages with respect to the threat scenarios identified in our threat model * Exploring these threat scenarios and language features within the context of common policy language deployment scenarios This AWS-sponsored assessment provides security recommendations for policy language design and offers insights for language designers and software developers using these languages for applications running in the cloud and all other environments.

It's back!! We are excited to launch our Winternship program again, which offers students a unique opportunity to contribute to cutting-edge cybersecurity projects during their academic breaks. 𝐇𝐨𝐰 𝐢𝐭 𝐰𝐨𝐫𝐤𝐬: - Propose a project or choose to work with one of our teams - Spend 3-6 weeks working on it - Publish it - Get paid $2,500! Trail of Bits is one of only a few security companies that offers this kind of opportunity for entry into real-world work! This is an awesome opportunity to work with the leader in software security with the most well-respected security researchers in the industry. Explore our past internship projects and our Winternship episode on our podcast at the links below to get a glimpse of the cool work past winterns have done! Apply at the link below and if you would like to learn more about the opportunity, feel free to DM me! Podcast: https://lnkd.in/dDVjbSk4 Blog: https://lnkd.in/dZn3jb8Z https://lnkd.in/dmkmwiPK

It's back!! We are excited to launch our Winternship program again, which offers students a unique opportunity to contribute to cutting-edge cybersecurity projects during their academic breaks. 𝐇𝐨𝐰 𝐢𝐭 𝐰𝐨𝐫𝐤𝐬: - Propose a project or choose to work with one of our teams - Spend 3-6 weeks working on it - Publish it - Get paid $2,500! Trail of Bits is one of only a few security companies that offers this kind of opportunity for entry into real-world work! This is an awesome opportunity to work with the leader in software security with the most well-respected security researchers in the industry. Explore our past internship projects and our Winternship episode on our podcast at the links below to get a glimpse of the cool work past winterns have done! Apply at the link below and if you would like to learn more about the opportunity, feel free to DM me! Podcast: https://lnkd.in/dDVjbSk4 Blog: https://lnkd.in/dZn3jb8Z https://lnkd.in/dmkmwiPK

AddressSanitizer (ASan) is a key tool for detecting memory issues like buffer overflows and use-after-free errors in C++ code. Learn how to integrate ASan annotations to uncover more bugs and improve software stability. We contributed to LLVM by enhancing std::string and std::deque, supporting custom allocators for container annotations, and fixing bugs in libc++. https://buff.ly/4glRVkw

This summer has been full of exciting updates! ☀️ We dropped a new Burp Suite chapter in our Testing Handbook, giving you the tools to enhance your security testing game. (++ We have another chapter to announce in a few days!) And that's not all – this month’s newsletter is packed with insights, including: 🔍 Our AskAstro AI audit 🎓 An advanced Burp Suite webinar featuring James Kettle 💡 Updates on post-quantum cryptography (PQC) Don’t miss out! Dive in here:

Thanks to the NVIDIA Security Team for inviting Suha S. Hussain to present on a new class of ML exploits.  Her talk, titled "Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs," explored how attackers can inject model backdoors into ML pipelines by exploiting input-handling bugs in ML tools. Suha demonstrated how these vulnerabilities can be systematically exploited using a language-theoretic security (LangSec) framework, revealing the risks posed by malicious artifacts like polyglot and ambiguous files. Her insights underscore the need for a holistic approach to ML security that combines system security and model security. This NVIDIA presentation closely followed Suha's DEFCON, Hope, and BSidesLV presentations. Learn more here: https://lnkd.in/gM6wRGvk>

Trail of Bits summer intern Jason An has significantly enhanced Pwndbg, a popular GDB plugin for reverse engineering. An's contributions bring two major improvements to stripped binary analysis: 🥷 Binary Ninja Integration: Pwndbg now seamlessly integrates with Binary Ninja, providing rich debugging information and syncing decompilation, breakpoints, symbols, and function signatures. 🟢 Go Structure Dumping: A new 'go-dump' command allows for improved debugging of Go binaries by enabling the dumping of Go values. These enhancements bring an IDE-like experience to GDB with Pwndbg, particularly beneficial for analyzing stripped binaries. The new features are available in the latest Pwndbg release, marking a significant step forward in reverse engineering capabilities.

Trail of Bits summer intern Jason An has significantly enhanced Pwndbg, a popular GDB plugin for reverse engineering. An's contributions bring two major improvements to stripped binary analysis: 🥷 Binary Ninja Integration: Pwndbg now seamlessly integrates with Binary Ninja, providing rich debugging information and syncing decompilation, breakpoints, symbols, and function signatures. 🟢 Go Structure Dumping: A new 'go-dump' command allows for improved debugging of Go binaries by enabling the dumping of Go values. These enhancements bring an IDE-like experience to GDB with Pwndbg, particularly beneficial for analyzing stripped binaries. The new features are available in the latest Pwndbg release, marking a significant step forward in reverse engineering capabilities.

We're seeking old GPUs that were destined to become e-waste for our research in computer security and program analysis. 🔗 Read the blog: https://buff.ly/3XsbdgJ Our team is developing innovative approaches to harness these older GPUs for: - GPU-accelerated fuzzing of embedded platforms - Enhancing stochastic optimization processes - Accelerating SMT solving, particularly for floating-point operations - Improving reachability queries in large-scale program analysis - Boosting datalog operations for more efficient static analysis Help us save old GPUs! We're interested in older GPUs, even those nearing end-of-life—let's collaborate to repurpose this hardware for cutting-edge research. If you’d like to help, let us know! ✉️ Contact us: https://buff.ly/3wJtefq