Trail of Bits @trailofbits
We help secure the world’s most targeted organizations and products. We combine security research with an attacker mentality to reduce risk and fortify code. trailofbits.com New York, NY Joined March 2010-
Tweets3K
-
Followers32K
-
Following247
-
Likes266
.@trailofbits announces new Leighton-Micali Signatures (LMS) to support post-quantum readiness for Sigstore (sigstore.dev): blog.trailofbits.com/2024/04/26/ann…
Oh hey, I'm going to talk about Msrable chall from Kalmar CTF on Confidence in Cracow :)
🎉 Join Semgrep, @harnessio, and @trailofbits on May 8th for our @RSAConference Security Soirée at Thriller Social Club. Network with peers, discuss the latest trends, and enjoy fun games. Don't miss out—RSVP now! semgrep.dev/events/in-pers… #SecuritySoiree #RSA
Our AI/ML Safety & Security Training equips you and your team with the skills to identify and mitigate vulnerabilities in AI/ML systems. Now scheduling for Summer and Fall 2024. share.hsforms.com/1UGX8sZwbRhWeq…
Learn about our AI/Ml Safety & Security Training, participation in @DARPA's AI cyber challenge, and newly released open-source security tools with @dguido on this week's @riskybusiness episode, "Pushing back the frontiers of vulnerability research." "risky.biz/RBNEWSSI40/
How to use Atheris to fuzz Python C extensions by Matt Schwager (@trailofbits) blog.trailofbits.com/2024/02/23/con… #fuzzing #cybersecurity
Weed out unmaintained packages from your Rust project's dependency tree with cargo-unmaintained, which just reached version 1.0.0! github.com/trailofbits/ca…
Our security assessments go beyond checking boxes. We provide technical insights on vulnerability root causes, long-term recommendations, and hands-on tooling assistance. Reach out to learn more. meetings.hubspot.com/ken-trueba?uui…
Our security assessments go beyond checking boxes. We provide technical insights on vulnerability root causes, long-term recommendations, and hands-on tooling assistance. Reach out to learn more. meetings.hubspot.com/ken-trueba?uui…
A key tool for threat intelligence: the @_SEAL_Org's ISAC is launched: isac.securityalliance.org
A key tool for threat intelligence: the @_SEAL_Org's ISAC is launched: isac.securityalliance.org
❗ Security first! 👀 We are thrilled to announce that @trailofbits, a leading security firm, has completed a thorough security assessment of f(x) Protocol! This marks a significant milestone for us and underscores our unwavering commitment to security and transparency. As with…
PyPI now has three new Trusted Publishing, thanks (in part) to our work at @trailofbits! This realizes our goal of expanding Trusted Publishing to compute environments outside of GitHub Actions: blog.pypi.org/posts/2024-04-…
Joe Sweeney is presenting on our work on build provenance for @MacHomebrew at SOSS Day NA! Read more about our design on our blog: blog.trailofbits.com/2023/11/06/add…
Join us today at 11:10 PDT @openssf SOSS Community Day event to learn about our ongoing work on Homebrew's build provenance implementation, where we’re headed, and how it aligns with broader supply chain security trends and standardization efforts. events.linuxfoundation.org/soss-community…
Patrick Collins @PatrickAlphaC
84K Followers 4K Following Co-founder of 🛡️@cyfrinaudits | 🟪 @soloditofficial | 🦅 @codehawks | 🎓 @cyfrinupdraft Building the Web3 we promised.Trust @trust__90
14K Followers 454 Following Head of Trust Security, DM for booking | Master of hand-to-hand audit combat | C4/Immunefi/Sherlock VIP | Hacked Embedded, IoT, iOS in past lifeAndy Li @andyfeili
7K Followers 273 Following Finding bugs in Smart Contracts 🔎 | Podcast Host 🎙️ | Security Engineer @sigp_io σ'Immunefi @immunefi
44K Followers 638 Following The leading bug bounty platform for blockchain with the world's largest bug bounties. More than $95m paid out to whitehats and $156m in rewards available.sudo rm -rf --no-pres.. @pcaversaccio
16K Followers 374 Following 𝐖𝐨𝐫𝐤𝐢𝐧𝐠 𝐨𝐧 𝐰𝐡𝐚𝐭'𝐬 𝐧𝐞𝐱𝐭. ꟼGꟼ: 063E 966C 93AB 4356 492F E032 7C3B 4B4B 7725 111FMudit Gupta @Mudit__Gupta
64K Followers 1K Following CISO @0xPolygon labs | Tech @Deltabc_fund | Blockchain Security Researcher | Ethereum & Web3 dev | Advisor & Angel Investor | Opinions are my own 🦇🔊devtooligan @devtooligan
8K Followers 419 Following GROWTH GRINDSET blocksec🧐 buidlr💻 makr🤖 ascii artiste🎨 chief pharmacist @huff_language💊Yarden Shafir @yarden_shafir
19K Followers 270 Following A circus artist with a visual studio licenseAdrian ⛩️ Hetman .. @adrianhetman
6K Followers 2K Following Lead of Triage @immunefi 🛡️⚔️ Crypto bug swatter 🐛🔨 Web3 enthusiast 💻 Hobbies: spreading security awareness & brewing coffee ☕️ F1🏎️ | Lunarpunk 🌒 | 📸Richard Johnson @richinseattle
16K Followers 3K Following Computer Security, Reverse Engineering, and Fuzzing; Training & Publications @ https://t.co/mloVP6rPB7; hacking the planet since 1995; Undercurrents BOFHgmhacker.eth @realgmhacker
4K Followers 460 Following aerospace engineer 🚀 Head of Security @immunefi 🪲 Teaching Advanced Solidity at @RareSkills_io 😎 views are my ownJoran Honig @joranhonig
6K Followers 1K Following Security Researcher 👨💻 | Professional Bug Bounty Hunter | Resider on the @immunefi leaderboard | Building things @ConsensysAuditshigh_byte @high_byte
5K Followers 2K Following ex @ethereum foundation, @SpearbitDAO & solo researcher, gas (mana) optimizer, smart contract developer DMs openFederico Carrone @federicocarrone
7K Followers 4K Following talk is cheap, build @class_lambda C + rust + erlang + julia + λ. amateur in everything: distributed systems, ML, compilers, cryptography and investment.mdowd @mdowd
32K Followers 744 Following Internet Hacker. Founder of @vigilant_labs. Previously, co-founder of Azimuth Security (now L3Harris Trenchant)csanuragjain @csanuragjain
2K Followers 365 Following Web 3 Auditor - 15th rank - Code4rena All time Leaderboard - Within top 30 rank Immunefi - Security Researcher at @SpearbitDAO DM for Private AuditDavid Wong @cryptodavidw
13K Followers 2K Following founder @zksecurityXYZ & research @archetypeVC, author of Real-World Cryptography, prev: architect Mina, security lead Libra/Diem/Facebook, crypto NCCGroupKadinski @0Kadinski0
31 Followers 714 FollowingBrainStackOverFlow @BrainStackOver1
15 Followers 555 Followinglyftium.eth @lyftium
762 Followers 5K Following Explorer l’inconnu et pousser les limites de l’impossible. e/acc. ResearcherSHIB ARMY @ShibaArmy2020
102K Followers 37K Following Crypto currency trading and business expert . #DM for Promotion. $memes token #BSC #BSCgem #ERCgem #MetaVerse #NFT promoter #BSC #DYORIbrahim Abdurrahman @ibrahim_haxor
585 Followers 5K Following Android aficionado 🔧 | Expert in software & hardware repair for Android devices 📱 | Solving tech glitches one device at a time 💻 | Your go-to for fixingTreasure Seeker @treasuresETH
5K Followers 3K Following Blockchain Dev (NFT and Defi), Co-Founder/Dev for @RoaringLeaders, @SFTD_Art, @ToolsOfRockNFT, & more! Punks #6947 & #8669비숍 @SEVAJUN
84 Followers 833 FollowingRon Swanson @ronFNswanson
194 Followers 1K Following RHCE, Old School SysOp, MCP. ...what's your function? Hooking up two boxcars and making 'em run right.Marcus Edmondson @thecybergunny
359 Followers 1K Followingcompressionsavant @CompressLuis
1 Followers 34 FollowingVasuk🔮 @VasuK111
70 Followers 1K Following Blockchain developer at @BlocSocIITR EthIndia'23 finalist🏆. Fellow @SolanaFndn . AI-ML @dsg_iitr . Follows Finance. Member @SuperteamIN .Shipping in Web3Caesar @CaesarJulius0
5K Followers 2K Following Co-Founder @StableJack_xyz / Marketing Lead @heroesofnftXor0v0 @Xor0v0
5 Followers 75 Following이지혜 @doolgibi
0 Followers 14 FollowingamrAx @AmrMalakX
301 Followers 4K Following Appsec & Software engineer who knows a thing or two. Or maybe three. Probably two.krisgamfi.okx @KrisGamFi
173 Followers 1K Following Attention is all you need | 3 SCI AI & Healthcare | Indie Game Lover | Tg: @KrisGamFiElectronicsseeker @libertarian108
7 Followers 913 FollowingTravis R @0x616C6F6861
42 Followers 47 FollowingCzentye Levente @lordlewo
23 Followers 3K FollowingEldrid Rensburg @EldridRensburg
21 Followers 1K Following In the beginning, the Universe implemented Unix (Linux) & C (C with Classes) & said: let there = vars & saw that it was good . . ¯¯\_(ツ)_/¯¯ . . ʕつ•ᴥ•ʔつPhatfinger.eth @PhatFingerETH
2K Followers 2K Following Grammy Nominated Film Composer | @Netflix Resident Evil, "Where's The Drop?" with @deadmau5 | MAYC 4500Yiyun Shao @kumo_s_
0 Followers 2 Followingmlecchaslayer156 @mlecchasla37448
100 Followers 3K FollowingRipe @PayWithRipe
50 Followers 223 FollowingBullish | $BEYOND @bullishmasters
274 Followers 593 Following $DATA $COM $HOLD Maxi || Everything web3 @playsomo | $SOMOAssuredai @AssuredxAI
4 Followers 52 Followingケイ @mpz4h
2 Followers 38 FollowingBasement Degenerate @Basement_coder
83 Followers 234 Following Blockchain Researcher, Developer, and modern-day Degen.max rutherford @heatmovr
3 Followers 21 FollowingKAKUMEIKA.D @entropy_dao
227 Followers 1K Following Cryptocurrency researcher 2015年からバブルを2回経験 web3会員制コミュニティ運営 たまに #airdrop $BTC $ETH $ADA $XTZ $CHZ $ETH I $CHAT $DOP #TOKEN2049DUBAIB @BornToBeHighF
90 Followers 528 FollowingPatrick Collins @PatrickAlphaC
84K Followers 4K Following Co-founder of 🛡️@cyfrinaudits | 🟪 @soloditofficial | 🦅 @codehawks | 🎓 @cyfrinupdraft Building the Web3 we promised.Jackson @sjkelleyjr
7K Followers 65 Following 175k+ LoC #robinhoodwallet | 300k+ LoC @alexa99 | 30+ smart contract security reviews @securityoak & @yAuditDAO | The patron saint of junior auditorsYarden Shafir @yarden_shafir
19K Followers 270 Following A circus artist with a visual studio licenseDedaub @dedaub
7K Followers 98 Following Security audits, static analysis, formal verification https://t.co/UZhGss2vbLalpharush @0xalpharush
8K Followers 1K Following security eng. @trailofbits programming languages, static analysis, fuzzingJosselin Feist @Montyly
3K Followers 691 Following Engineering director at @trailofbits. Working on blockchain security & program analysisGuido Vranken @GuidoVranken
5K Followers 516 Following Software security and fuzzing. Contact: [email protected]Marcel Böhme👨�.. @mboehme_
5K Followers 976 Following Software Security @maxplanckpress (#MPI_SP), PhD @NUSComputing, Dipl.-Inf. @TUDresden_de Research Group: https://t.co/BRnFNNgynBoffensivecon @offensive_con
21K Followers 1 Following OffensiveCon is a highly technical international security conference focused on offensive security only. Organized by @bluefrostsec @offensivecon.bsky.socialOptimism Governance @OptimismGov
30K Followers 7 Following The official Optimism Governance account. Supported by the Optimism Grants Council: @OptimismGrantsNicole Perlroth @nicoleperlroth
92K Followers 6K Following cyber raconteur | author "This Is How They Tell Me The World Ends" | prev: digital espionage/sabotage @nytimes | now: putting all those words to workDARPA @DARPA
268K Followers 399 Following Official account of the Defense Advanced Research Projects Agency. Follows/retweets/links do not = endorsement. Breakthrough technologies for national security.Trail of Blocks @trailofblocks
553 Followers 2 Following The official off-the-chain Twitter for the @TrailofBits Blockchain team.Office of the Nationa.. @ONCD
21K Followers 116 Following ONCD’s mission is to advance national security, economic prosperity, and technological innovation through cybersecurity policy leadership.technovision99 @technovision99
600 Followers 1K Following what's blockchain || security engineer @trailofbits || views my own (obviously)Tyler Sorensen @Tyler_UCSC
985 Followers 842 Following Assistant Professor at UC Santa Cruz in CS and Security Research Engineer at @trailofbits Interested in PL and architecture design for heterogeneous systemsJosiah Dykstra @JosiahDykstra
1K Followers 818 Following Cyber practitioner, researcher, musician, chef. Author of Essential Cybersecurity Science and Cybersecurity Myths & Misconceptions. Tweets are my own.zksecurity.xyz @zksecurityXYZ
3K Followers 3 Following Security audits for zero-knowledge applications https://t.co/6b4Wq7NBk8Cloud Security Podcas.. @CloudSecPod
3K Followers 2 Following Award Winning & Top 100 Ranked Tech Podcast in US, UK and Aus. Learn Cloud Security in Public Cloud the unbiased way from CyberSecurity Host: @hashishrajanRappie @rappie_eth
390 Followers 725 Following Fuzzing specialist | @SpearbitDAO ASR | @perimeter_sec founderIrina Nicolae @ririnicolae
114 Followers 372 FollowingL2BEAT 💗 @l2beat
35K Followers 198 Following L2BEAT is an open-source, public-good analytics and research platform dedicated to L2 scaling solutions 💗Gauntlet @gauntlet_xyz
21K Followers 57 Following Solving DeFi's most complex economic problems to drive adoption and understanding of the financial systems of the future | research, risk mgmt, and optimizationBlockworks Research @blockworksres
26K Followers 17 Following The best research, data, governance, tokenomics, and models in one place.Adelin Travers @alkae_t
177 Followers 417 Following Principal Security Engineer, Machine Learning @ Trail of Bits, Views my own.Gene Meltser @gmeltser
182 Followers 195 Following Help you put cyber into your cyber, so you can cyber while you cyberCarter Miller @CarterToB
134 Followers 223 Following Senior Technical Recruiter, Cyber Security for Trail of Bits! Passionate about all things cyber. Check out https://t.co/Kl92CHis8s!Antonio Viggiano @agfviggiano
2K Followers 1K Following I help protocols improve their invariant tests @getreconxyzChris Dahlheimer @tweet_c_d
60 Followers 158 Following Senior Sales Engineer at Trail of Bits @trailofbits. Tweets on #CyberSecurity and #SoftwareSecurity.Ryan Lackey @octal
13K Followers 5K Following CSO, Evertas Insurance (https://t.co/2U2tdZ01jH @evertas) world's first cryptoasset insurance company c/acc (cat accelerationist) 🐈 🙀🇺🇸🇵🇷 rdl.ethBenjamin Samuels @thebensams
5K Followers 742 Following I like cryptography, long walks on the beach, and disrespecting my computer. Sec eng at @trailofbits. Opinions are my own @[email protected]Risky Business® Medi.. @riskydotbiz
2K Followers 4 Following The official account of Risky Business® Media, publishing cybersecurity podcasts and newsletters since 2007... Publisher/abuse: Patrick Gray (@riskybusiness)Molly White @molly0xFFF
116K Followers 2K Following crypto researcher & critic, software engineer, wikipedian • @web3isgreat creator • subscribe to my newsletter at https://t.co/WftJCrCfSYSuha @suhackerr
367 Followers 518 Following ML security @trailofbits. Opinions not representative of my employer. She/Her. (@[email protected])Fredrik Dahlgren @fegge
132 Followers 108 Following All tweets are pre-approved by the Swedish monarchy. Also at @[email protected].Michael Brown @MichaelBrownUC
277 Followers 784 Following Security Researcher, Premier @CincyLight fan accountFasax Travel Service @FasaxTravel
13 Followers 91 Following The Premier Travel Search Website in SomaliaMax Ammann @maxammann_
136 Followers 144 Following Security researcher and open-source enthusiast, volunteer at @IntegreatApp,SΞCURΞUM @TheSecureum
11K Followers 1 Following Secureum = Security + Ethereum Founder: @0xRajeev Discord: https://t.co/m9fMLfXhEU Newsletter: https://t.co/A3ypVExpzQDefi Security Summit @summit_defi
3K Followers 17 Following DeFi Security Summit 2024 | Nov 7-9 Bangkok, ThailandDaniel James @dwhjames
184 Followers 511 Following Computer Scientist interested in Functional Programming, and good coffee.Taelin @VictorTaelin
17K Followers 903 Following Founder of @HigherOrderComp Building the massively parallel future of computing Reaching AGI to cure all diseases and suffering is all that mattersGergely Orosz @GergelyOrosz
249K Followers 2K Following Writing @Pragmatic_Eng, the #1 technology newsletter on Substack. Author of @EngGuidebook. Formerly Uber & Skype.Jim Miller @TheMijCipher
342 Followers 151 Following Engineering Director for Cryptography at Trail of BitsChoiceDAO (🗽,🗽) @TheChoiceDAO
3K Followers 252 Following Coordinating community & capital in the fight for reproductive access | Supporting frontline nonprofits | https://t.co/69dBgkoAFo 💜Matthew McConaughey @McConaughey
3.0M Followers 188 Following Official twitter page of Matthew McConaughey and the Just Keep Livin' Organization. Co-founder @pantalonesXLjustCatTheFish @justCatTheFish
2K Followers 54 Following Polish ctf team. Captain: @disconnect3d_pl Vice: @haqpl https://t.co/pJy694x44HOffTheChainCon @offthechaincon
164 Followers 57 Following Blockchain Security Conference! Come visit us at: https://t.co/29zldDfeVxHow to SAST: 1. Use @semgrep 2. Get extra rules from @0xdea and @trailofbits 3. Output SARIF and use @trailofbits sarif explorer VSCode extension 4. Tune out noise and don’t send your devs 100k untriaged findings
The folks from @trailofbits have released their internal VSCode extension that assists in collaborative source code auditing: marketplace.visualstudio.com/items?itemName… Add notes/bookmarks, create Github issues, track audit progress, maintain logs, and more.
@trailofbits @semgrep Cool, really excited to try this out. I’ve always found the Microsoft one to be unpleasant to use and the biggest gap I’ve seen for tooling is campaign/finding management tooling
For all those asking since November, we’ve finally published Attacknet. Feel free to DM if you have any questions
Today we're releasing Attacknet, a new tool in the blockchain security arsenal. Built in collaboration with the @ethereum Foundation, it uses Chaos Engineering to test the most challenging network conditions imaginable for fault tolerance blog.trailofbits.com/2024/03/18/rel…
@GNcrypto_news @worldcoin Clarification: over 3 calendar-weeks, we reviewed Worldcoin's validation specificities, and we found 1 high, 3 medium, 1 low, 6 informational, and 1 undetermined severity issue. See the full breakdown of claims, findings, and our review of any implemented fixes in our report:…
Janet Yellen gives an important update regarding crypto
Great to see @trailofbits and @suhackerr getting some recognition for our ML supply chain research! 🧵 w/ brief history of our work in this area x.com/suhackerr/stat…
Great blog post for anyone in ML but especially those in ML security. Understanding ML file formats is critical to securing ML systems. This blog post goes into how this all works under the hood, including talking about Fickling and the safetensors audit (@trailofbits).
We conducted a cryptographic design review for @Ockam’s secure communication protocols. Establishing a secure design early on can help avoid known classes of attacks and create a solid foundation for future implementations. buff.ly/48AduZL
Our MPC-TSS library Silent Shard is one of the fastest threshold signature libraries in production and audited by @trailofbits . Silent Shard implemented the DKLs23 protocol (which was accepted in one of the flagship cryptography conferences- IEEE S&P 2024) and has proven in…
Great excerpt from @ByronTau's new book - how the Pentagon learned to use targeted ad data to locate and track Putin and other targets wired.com/story/how-pent…
📚 tl;dr sec 217 ☁️ Bypassing AWS CloudTrail @Frichette_n 📺 Usable Security @netflix 🤖 Augmenting Humans w/ AI @DanielMiessler 🔬 Ghidra binary type inference @trailofbits 🔍 Faster Memory Scanning @NCCGroupInfosec ⛓️ Bazel supply chain vuln @CycodeHQ tldrsec.com/p/tldr-sec-217
2024 just started, but what a start for @trailofbits: # AppSec - 30 new semgrep rules x.com/trailofbits/st… -Webinar on semgrep x.com/trailofbits/st… -Differ to find bugs in transformed program x.com/trailofbits/st… # Blockchain - Rich execution trace in echidna:…
We created a new tool called DIFFER that detects bugs in transformed software. DIFFER helped us identify hundreds of bugs and failures in debloated programs, raising serious questions about their safety. buff.ly/4buo5bk
Looks like this opens up a lot of attack vectors. Hope the mitigations do not lead to major crippling of the performance blog.trailofbits.com/2024/01/16/lef…
🦀 cargo-unmaintained Finds unmaintained packages in @rustlang projects Automatically, using heuristics, rather than relying on users to manually submit them to the RustSec Advisory Database By @trailofbits github.com/trailofbits/ca…
OSTIF and @trailofbits have been working on security audits together to help open source projects since 2018. They have written a fantastic post about some of our 2023 audits- and what the future of our partnership means for open source security. blog.trailofbits.com/2024/01/09/sec…
I am proud to present you the pre-print of our paper on GWP-ASan. 5+ years of work by four companies, spanning Server, Desktop, and Mobile, running on billions of devices. Finding and fixing thousands of bugs and potential vulnerabilities. arxiv.org/abs/2311.09394
Would you like to get started with CodeQL but don’t know how, or do you want to enable code scanning with CodeQL for your GitHub repository? Check out our new Testing Handbook chapter on CodeQL!
We've added a new chapter on CodeQL to our Testing Handbook. Learn to write custom queries, integrate code scanning into CI/CD, and get the most out of this versatile static analysis tool: buff.ly/4aaqWW4
Trail of Bits made a pretty good go at porting it but as far as I can tell its idiosyncrasies eventually defeated them github.com/trailofbits/cb…
Testing test suite can help discover non-trivial security issues
@giovannidisiena @trailofbits We use it during our security reviews. For example: - Issues 27, 28 and 29 in github.com/trailofbits/pu… were found with necessist - It was used for Appendix C of github.com/pyth-network/a…
@DevDacian @trailofbits When I finding a falsified case with Echidna I always take that one reproducer file (i.e. the fail case) Then I keep running that fail case until I can shrink down the call sequence as much as possible Echidna is 100% based