Trail of Bits

New release: Open-source Go implementations of NIST post-quantum signature algorithms Developed by our cryptography team, we're releasing pure Go implementations of ML-DSA (FIPS-204) and SLH-DSA (FIPS-205). These libraries are engineered to be constant time, preventing timing side-channel attacks like KyberSlash. Why constant-time matters: Division operations caused KyberSlash, a timing attack on early Kyber implementations. Our libraries eliminate this vulnerability through Barrett reduction by replacing variable-time division with constant-time multiplication using precomputed reciprocals. If you're adding post-quantum signature support to Go applications, these production-ready libraries are engineered by our cryptography team. Read the technical details: https://lnkd.in/gPe772dA

New tool release: Checksec Anywhere Read the blog: https://lnkd.in/gfDQM8dd Binary security analysis has a fragmentation problem. Security professionals juggle separate checksec tools for ELF, PE, and Mach-O binaries, each with different interfaces and dependencies. Checksec Anywhere consolidates this into one browser platform. Built on the checksec.rs project and ported to WASM, it runs entirely in-browser. Drag binaries in, get instant color-coded reports showing missing stack canaries, ASLR, DEP, Control Flow Guard, and code signing across all three formats. Built by summer intern Gabe Sherman using Rust/WASM, it processes thousands of binaries with native-speed performance. Try it: checksec-anywhere.com Source: https://lnkd.in/gDWyvwye Built with guidance from William Woodruff and Bradley Swain.

Headed to DevConnect, DSS or any of the other hundreds of DeFi events in Buenos Aires (Nov 17-21)? This is one week that can’t be missed, come find us at one of our sessions or DM us to connect in person. 🐍 Guillermo L. is going to talk about Mutation testing, showing examples of real life usage of slither-mutate. 👀 Nisedo ‬will be speaking about auditing tactics and strategies that go way beyond "just read the code" 🎓 Benjamin Samuels will be speaking about the future of smart contracts and Slither’s Model Context Protocol See everyone in Buenos Aires: https://lnkd.in/gzyX7X_R

Catch Kikimora Morozova on November 8 at BSides Berlin. They show how AI image downscaling creates prompt injection vectors. Learn fingerprinting techniques to detect these vulnerabilities in your systems. https://lnkd.in/gYCxFDCs

NYC cyber students: Meet our team at CSAW on November 6th Ronald Eytchison presents Buttercup, our Cyber Reasoning System that won DARPA's AIxCC $3M second place prize. Nov 6, 9:30am. Buttercup is now open-source! Ron will cover our technical approach, AI's role in our system, and the competition itself. https://lnkd.in/gYEeDgvk Don't forget to stop by our booth to explore open security engineering roles and internships with our Head of Talent, Carter Miller. trailofbits.com/careers

Excited to be back home in the city for NYBW & SmartCon. Looking forward to catching up with clients, partners, and friends throughout the week. If we haven't connected yet, feel free to DM me, Benjamin Samuels, or Carter Miller. Otherwise, see you at the main and side events!

Nov 6: Our CEO, Dan Guido, and Security Engineer Riccardo Schirone discuss making Buttercup accessible for real-world security teams at Berkeley's online AI Cybersecurity workshop. Buttercup is Trail of Bits' cyber reasoning system that won second place and $3 million in DARPA's AI Cyber Challenge (AIxCC) at DEF CON 33, automatically discovering 28 vulnerabilities across 20 different vulnerability types and successfully applying 19 patches. https://lnkd.in/gaP5eKKg

NY Blockchain Week (Nov 3-7) brings institutional finance, government, and Web3 innovation to NY and we're in our element as a Brooklyn-based firm. We're attending SmartCon (Nov 4-5) and events throughout the week. Whether you're building the next generation of financial infrastructure or need to secure existing systems, let's talk about how we can help. Connect with our team at SmartCon and throughout NYBW to talk open roles and all things blockchain: * Benjamin Samuels, Head of Blockchain * John Mudry, Head of GTM * Carter Miller, Head of Talent (We’re hiring!) For thirteen years, we've secured the infrastructure bridging traditional and defi technology: cryptocurrency exchanges, digital asset custodians, DeFi protocols, and the Web2 systems connecting these worlds. We combine expertise across blockchain, cryptography, application security, and AI to build specialized consulting teams for each project's unique challenges. DM us to connect at the conference!