Trail of Bits (@trailofbits) / X

Trail of Bits

4,260 posts

Trail of Bits

@trailofbits

We help secure the world’s most targeted organizations and products. We combine security research with an attacker mentality to reduce risk and fortify code.

New York, NY

Joined March 2010

Pinned
Trail of Bits
@trailofbits
May 7
We beat Google's zero-knowledge proof of quantum cryptanalysis by exploiting bugs in their Rust ZKP code, then forged a proof with better metrics. Plus 11 new public reviews, Trailmark, MuTON and mewt, dimensional analysis, and more. May Tribune: mailchi.mp/trailofbits/ma…
11K
Trail of Bits
@trailofbits
Sep 4, 2025
We built local backdoors for @signalapp, @1Password, @SlackHQ, and @googlechrome using a “data” file their integrity checks ignored.
80K
Trail of Bits
@trailofbits
Jan 16, 2024
Today, we are disclosing LeftoverLocals, a vulnerability that allows listening to LLM responses through leaked GPU local memory created by another process on Apple, Qualcomm, AMD, and Imagination GPUs (CVE-2023-4969) buff.ly/48RDP68
GIF
307K
Trail of Bits
@trailofbits
Mar 19, 2024
Today we’re releasing weAudit, the VSCode extension we use during secure code reviews to collaboratively take notes and highlight code regions. blog.trailofbits.com/2024/03/19/rea…
66K
Trail of Bits
@trailofbits
Jun 21, 2022
For the last year, a 9-person team from @trailofbits has deeply studied the security of blockchains for @DARPA. Today, our analysis and tools are public: blog.trailofbits.com/2022/06/21/are…
00:00
Trail of Bits
@trailofbits
Jul 8, 2019
Fuck RSA blog.trailofbits.com/2019/07/08/fuc…
Trail of Bits
@trailofbits
Jan 17, 2023
Today, we are releasing RPC Investigator, made for exploring RPC clients and servers on Windows. This .NET application builds on the NtApiDotNet platform, adding features that offer a new way to explore RPC
Introducing RPC Investigator
From blog.trailofbits.com
60K
Trail of Bits
@trailofbits
Apr 13, 2022
Your code might be vulnerable! Our cryptography team has discovered a number of Fiat-Shamir vulnerabilities affecting proof systems such as Bulletproofs and PlonK. Check out this blog series for details and contact us if you think your codebase might be… blog.trailofbits.com/2022/04/13/par…
Trail of Bits
@trailofbits
Nov 22, 2023
Event Tracing for Windows (ETW) is crucial for modern EDR solutions. But what do you really know about its internal workings? Dive into ETW to discover useful attack targets and forensic information.
ETW internals for security research and forensics
From blog.trailofbits.com
61K
Trail of Bits
@trailofbits
Jul 26, 2023
We’re thrilled to announce our new Testing Handbook, which gathers insights we gained over years of experience using static and dynamic analysis tools. It goes beyond standard documentation, focusing on giving the right answers rather than all the answers.
Announcing the Trail of Bits Testing Handbook
From blog.trailofbits.com
51K
Trail of Bits
@trailofbits
Aug 2, 2017
Microsoft didn’t sandbox Windows Defender, so I did blog.trailofbits.com/2017/08/02/mic…
GIF
Trail of Bits
@trailofbits
Oct 25, 2022
Earlier this year, one of our interns found a vulnerability that affects applications using the SQLite library API. We are publicly disclosing that vuln today.
Stranger Strings: An exploitable flaw in SQLite
From blog.trailofbits.com
Trail of Bits
@trailofbits
Apr 4, 2018
It's easy to find bugs when you know how to build the right tools. Check out our blog to learn how to model vulnerabilities with Binary Ninja's MLIL and SSA form. blog.trailofbits.com/2018/04/04/vul…
Trail of Bits
@trailofbits
Jan 30, 2018
Check out our _accessible_ Meltdown and Spectre explainer, made for developers without a background in computer architecture. No awkward analogies, we stick to the real details. blog.trailofbits.com/2018/01/30/an-…