Name		Name	Last commit message	Last commit date
Latest commit History 212 Commits
papers		papers
presentations		presentations
reviews		reviews
workshops		workshops
.gitignore		.gitignore
README.md		README.md

Repository files navigation

Publications from Trail of Bits

Academic Papers
Conference Presentations
Security Reviews
Workshops

Academic Papers

Paper Title	Venue	Publication Date
Slither: A Static Analysis Framework For Smart Contracts	WETSEB 2019	May 2019
Toward Smarter Vulnerability Discovery Using Machine Learning	AISec 2018	October 2018
The Past, Present, and Future of Cyberdyne	IEEE S&P	April 2018
DeepState - Symbolic Unit Testing for C and C++	BAR 2018	February 2018
Cyber-Deception and Attribution in Capture-the-Flag Exercises	FOSINT-SI 2015	July 2015

Conference Presentations

Automated bug finding and exploitation

Presentation Title	Author(s)	Year
Going sicko mode on the Linux Kernel	William Woodruff	2019
Vulnerability Modeling with Binary Ninja	Josh Watson	2018
Be a binary rockstar	Sophia D'Antoine	2017
Symbolic Execution for Humans	Mark Mossberg	2017
The spirit of the 90s is still alive in Brooklyn	Ryan Stortz, Sophia D'Antoine	2017
The dream of a static and dynamic analysis shootout	Ryan Stortz	2016
Binary constraint solving for automatic exploit generation	Sophia D'Antoine	2016
The Smart Fuzzer Revolution	Dan Guido	2016
Making a scaleable automated hacking system	Artem Dinaburg	2016
Cyberdyne - Automatic bug-finding at scale	Peter Goodman	2016
McSema - Static translation of x86 instructions to LLVM IR	Andrew Ruef, Artem Dinaburg	2014

Blockchain

Presentation Title	Author(s)	Year
SlithIR: High-Precision Security Analysis with an IR for Solidity	Josselin Feist	2019
Slither: A Static Analysis Framework for Smart Contracts	Josselin Feist	2019
What blockchain got right	Dan Guido	2019
Property-testing of smart contracts	JP Smith	2018
Anatomy of an unsafe programming language	Evan Sultanik	2018
Contract upgrade risks and recommendations	Josselin Feist	2018
Blackhat Ethereum	Ryan Stortz, Jay Little	2018
Blockchain Autopsies - Analyzing Smart Contract Deaths	Jay Little	2018
Rattle - an Ethereum EVM binary analysis framework	Ryan Stortz	2018
Securing value on the Ethereum blockchain	Dan Guido	2018
Binary analysis, meet the blockchain	Mark Mossberg	2018
Automatic bug finding for the blockchain	Felipe Manzano, Josselin Feist	2017

Cryptography

Presentation Title	Author(s)	Year
Analyzing the MD5 collision in Flame	Alex Sotirov	2012

Engineering

Presentation Title	Author(s)	Year
Getting started with osquery	Lauren Pearl, Andy Ying	2018
osquery Super Features	Lauren Pearl	2018
osquery Extension Skunkworks	Mike Myers	2018
Build it Break it Fix it	Andrew Ruef	2014

Education

Presentation Title	Author(s)	Year
The Joy of Pwning	Sophia D'Antoine	2017
How to CTF - Getting and using Other People's Computers (OPC)	Jay Little	2014
Low-level Security	Andrew Ruef	2014
Security and Your Business	Andrew Ruef	2014
Bringing nothing to the party	Vincenzo Iozzo	2013
From One Ivory Tower to Another	Vincenzo Iozzo	2012

Mobile security

Presentation Title	Author(s)	Year
Swift Reversing	Ryan Stortz	2016
Modern iOS Application Security	Sophia D'Antoine, Dan Guido	2016
The Mobile Exploit Intelligence Project	Dan Guido	2012
A Tale of Mobile Threats	Vincenzo Iozzo	2012

Side channels

Presentation Title	Author(s)	Year
Hardware side channels in virtualized environments	Sophia D'Antoine	2015
Exploiting Out-of-Order Execution	Sophia D'Antoine	2015

Threat analysis

Presentation Title	Author(s)	Year
The Exploit Intelligence Project Revisited	Dan Guido	2013

Security Reviews

Product	Review Date	Level of Effort	Announcement
RandomX	Jun 2019	2 person-weeks	Monero and Arweave to Validate RandomX
Kubernetes	May 2019	12 person-weeks	Kubernetes Security Audit Working Group
MerkleX	May 2019	4 person-weeks
Interest Token	May 2019	2 person-days
Western Digital	May 2019	6 person-weeks	Multiple vulnerabilities in SanDisk X600 SATA SED SSD
Loom	May 2019	10 person-weeks	The Loom SDK Q1 2019 Security Audit is now complete!
TokenCard	May 2019	5 person-weeks
ZecWallet	Apr 2019	2 person-weeks
Compound	Apr 2019	8 person-weeks
Unity Coin	Apr 2019	1 person-week
Algorand	Mar 2019	14 person-weeks	Success and momentum of Algorand
Ocean Protocol	Mar 2019	4 person-weeks	One Protocol. One Network. One Community.
UMA Project	Mar 2019	3 person-weeks
Nomisma	Mar 2019	1 person-week
Centrifuge	Mar 2019	5 person-weeks
Tendermint	Mar 2019	12 person-weeks
Reserve Protocol	Mar 2019	1 person-week
Set Protocol	Mar 2019	5 person-weeks	The Road to MainNet
NuCypher	Feb 2019	4 person-weeks
AMP StableWire	Jan 2019	1 person-week
EIP-1283	Jan 2019	1 person-week	Constantinople Security Update
Ampleforth	Nov 2018	4 person-weeks	Source Code and Security Audits with Trail of Bits
ndau	Nov 2018	8 person-weeks	ndau Holders Elect Inaugural Policy Council
Bitcoin SV	Nov 2018	12 person-weeks
Origin Protocol	Nov 2018	4 person-weeks
Pantheon	Oct 2018	8 person-weeks	What we learned from auditing our Ethereum client
Paxos Standard	Oct 2018	4 person-weeks
Basecoin	Oct 2018	12 person-weeks
Compound	Sep 2018	12 person-weeks	Compound launches money markets for Ethereum assets
Building Blocks	Aug 2018	7 person-weeks	UN WFP uses Ethereum to aid 100,000 refugees
NuCypher	Aug 2018	12 person-weeks	Security audits: round 1
Project Callisto	Aug 2018	4 person-weeks
Parity	Jul 2018	12 person-weeks	Parity completes Trail of Bits security review
Bloom	Jul 2018	1 person-week	Bloom development update
Tezori	Jul 2018	2 person-weeks	Thanks to @trailofbits for their security review
CENTRE	Jul 2018	4 person-weeks	Designing an upgradeable Ethereum contract
Gemini Dollar	Jun 2018	8 person-weeks	Stablecoins: Understanding Counterparty Risk
Project Callisto	Aug 2018	1 person-week
Dharma	May 2018	1 person-week	Dharma protocol v1 is live on mainnet
Golem	Apr 2018	4 person-weeks	Smart contracts: audit report
LivePeer	Mar 2018	4 person-weeks	Livepeer smart contract security audit #1 results
Web3	Mar 2018	2 person-weeks	W3F and TOB release hardware wallet security guidance
DappHub	Dec 2017	8 person-weeks
RSKj	Nov 2017	6 person-weeks	RSK security audit results
MakerDAO Sai	Oct 2017	8 person-weeks	Single-collateral Dai source code and security reviews
Omega One	Aug 2017	6 person-weeks
zlib	Sep 2016	1 person-week

Workshops

Workshop Title	Venue	Date
Manticore EVM Workshop	Devcon4 2018	November 2018
DeepState: Bringing Vulnerability Detection Tools into the Dev Cycle	SecDev 2018	October 2018
Smart Contract Security Automation Workshop	TruffleCon 2018	October 2018
Smart Contract Security Automation Workshop	ETH Berlin 2018	September 2018
Manticore EVM Workshop	EthCC 2018	March 2018
Manticore Workshop	GreHack 2017	October 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Publications from Trail of Bits

Academic Papers

Conference Presentations

Automated bug finding and exploitation

Blockchain

Cryptography

Engineering

Education

Mobile security

Side channels

Threat analysis

Security Reviews

Workshops

About

Releases

Packages

Contributors 68

Languages

License

trailofbits/publications

Folders and files

Latest commit

History

Repository files navigation

Publications from Trail of Bits

Academic Papers

Conference Presentations

Automated bug finding and exploitation

Blockchain

Cryptography

Engineering

Education

Mobile security

Side channels

Threat analysis

Security Reviews

Workshops

About

Topics

Resources

License

Security policy

Stars

Watchers

Forks

Releases

Packages 0

Contributors 68

Languages

Packages