Program Analysis – WindowsTechs.com

Detecting Bad OpenSSL Usage

Posted on May 29, 2020 by Trail of Bits

by William Wang, UCLA OpenSSL is one of the most popular cryptographic libraries out there; even if you aren’t using C/C++, chances are your programming language’s biggest libraries use OpenSSL bindings as well. It’s also notoriously … Continue reading Detecting Bad OpenSSL Usage→

Two New Tools that Tame the Treachery of Files

Posted on November 1, 2019 by Evan Sultanik

Parsing is hard, even when a file format is well specified. But when the specification is ambiguous, it leads to unintended and strange parser and interpreter behaviors that make file formats susceptible to security vulnerabilities. What if we could au… Continue reading Two New Tools that Tame the Treachery of Files→

Siderophile: Expose your Crate’s Unsafety

Posted on July 1, 2019 by JP Smith

Today we released a tool, siderophile, that helps Rust developers find fuzzing targets in their codebases. Siderophile trawls your crate’s dependencies and attempts to finds every unsafe function, expression, trait method, etc. It then traces the… Continue reading Siderophile: Expose your Crate’s Unsafety→

Performing Concolic Execution on Cryptographic Primitives

Posted on April 1, 2019 by JP Smith

Alan Cao For my winternship and springternship at Trail of Bits, I researched novel techniques for symbolic execution on cryptographic protocols. I analyzed various implementation-level bugs in cryptographic libraries, and built a prototype Manticore-b… Continue reading Performing Concolic Execution on Cryptographic Primitives→

The Good, the Bad, and the Weird

Posted on October 26, 2018 by Sophia D'Antoine

Let’s automatically identify weird machines in software. Combating software exploitation has been a cat-and-mouse game ever since the Morris worm in 1988. Attackers use specific exploitation primitives to achieve unintended code execution. Major … Continue reading The Good, the Bad, and the Weird→

Protecting Software Against Exploitation with DARPA’s CFAR

Posted on September 10, 2018 by Artem Dinaburg

Today, we’re going to talk about a hard problem that we are working on as part of DARPA’s Cyber Fault-Tolerant Attack Recovery (CFAR) program: automatically protecting software from 0-day exploits, memory corruption, and many currently undi… Continue reading Protecting Software Against Exploitation with DARPA’s CFAR→

Rattle – an Ethereum EVM binary analysis framework

Posted on September 6, 2018 by Ryan Stortz

Most smart contracts have no verified source code, but people still trust them to protect their cryptocurrency. What’s more, several large custodial smart contracts have had security incidents. The security of contracts that exist on the blockcha… Continue reading Rattle – an Ethereum EVM binary analysis framework→

Optimizing Lifted Bitcode with Dead Store Elimination

Posted on July 6, 2018 by Peter Goodman

Tim Alberdingk Thijm As part of my Springternship at Trail of Bits, I created a series of data-flow-based optimizations that eliminate most “dead” stores that emulate writes to machine code registers in McSema-lifted programs. For example, … Continue reading Optimizing Lifted Bitcode with Dead Store Elimination→

State Machine Testing with Echidna

Posted on May 3, 2018 by JP Smith

Property-based testing is a powerful technique for verifying arbitrary properties of a program via execution on a large set of inputs, typically generated stochastically. Echidna is a library and executable I’ve been working on for applying prope… Continue reading State Machine Testing with Echidna→

Vulnerability Modeling with Binary Ninja

Posted on April 4, 2018 by Josh Watson

Plenty of static analyzers can perform vulnerability discovery on source code, but what if you only have the binary? How can we model a vulnerability and then check a binary to see if it is vulnerable? The short answer: use Binary Ninja’s MLIL an… Continue reading Vulnerability Modeling with Binary Ninja→