Skip to content
Publications from Trail of Bits
HTML Python
Branch: master
Clone or download
dguido presentations: Add KRF talk (LSS NA 2019) (#46)
presentations: Add KRF talk (LSS NA 2019)
Latest commit a8ee1ad Aug 21, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
datasets/smart_contract_audit_findings update based on discussion with Josselin Aug 7, 2019
papers Add files via upload Jul 10, 2019
presentations presentations: Add KRF talk (LSS NA 2019) Aug 21, 2019
reviews Add files via upload Aug 15, 2019
workshops Update Dec 11, 2018
.gitignore . Sep 11, 2018 presentations: Add KRF talk (LSS NA 2019) Aug 21, 2019

Publications from Trail of Bits

Academic Papers

Paper Title Venue Publication Date
Manticore: Symbolic Execution for Binaries and Smart Contracts ASE 2019 Jun 2019
Slither: A Static Analysis Framework For Smart Contracts WETSEB 2019 May 2019
Toward Smarter Vulnerability Discovery Using Machine Learning AISec 2018 Oct 2018
The Past, Present, and Future of Cyberdyne IEEE S&P Apr 2018
DeepState - Symbolic Unit Testing for C and C++ BAR 2018 Feb 2018
Cyber-Deception and Attribution in Capture-the-Flag Exercises FOSINT-SI 2015 Jul 2015

Conference Presentations

Automated bug finding and exploitation

Presentation Title Author(s) Year
It's coming from inside the house: kernel space fault injection with KRF William Woodruff 2019
Binary Symbolic Execution With KLEE-Native Sai Vegasena 2019
Going sicko mode on the Linux Kernel William Woodruff 2019
Vulnerability Modeling with Binary Ninja Josh Watson 2018
Be a binary rockstar Sophia D'Antoine 2017
Symbolic Execution for Humans Mark Mossberg 2017
The spirit of the 90s is still alive in Brooklyn Ryan Stortz, Sophia D'Antoine 2017
The dream of a static and dynamic analysis shootout Ryan Stortz 2016
Binary constraint solving for automatic exploit generation Sophia D'Antoine 2016
The Smart Fuzzer Revolution Dan Guido 2016
Making a scaleable automated hacking system Artem Dinaburg 2016
Cyberdyne - Automatic bug-finding at scale Peter Goodman 2016
McSema - Static translation of x86 instructions to LLVM IR Andrew Ruef, Artem Dinaburg 2014


Presentation Title Author(s) Year
SlithIR: High-Precision Security Analysis with an IR for Solidity Josselin Feist 2019
Slither: A Static Analysis Framework for Smart Contracts Josselin Feist 2019
What blockchain got right Dan Guido 2019
Property-testing of smart contracts JP Smith 2018
Anatomy of an unsafe programming language Evan Sultanik 2018
Contract upgrade risks and recommendations Josselin Feist 2018
Blackhat Ethereum Ryan Stortz, Jay Little 2018
Blockchain Autopsies - Analyzing Smart Contract Deaths Jay Little 2018
Rattle - an Ethereum EVM binary analysis framework Ryan Stortz 2018
Securing value on the Ethereum blockchain Dan Guido 2018
Binary analysis, meet the blockchain Mark Mossberg 2018
Automatic bug finding for the blockchain Felipe Manzano, Josselin Feist 2017


Presentation Title Author(s) Year
Analyzing the MD5 collision in Flame Alex Sotirov 2012


Presentation Title Author(s) Year
Linux Security Event Monitoring with osquery Alessandro Gario 2019
osql: The community oriented osquery fork Stefano Bonicatti, Mark Mossberg 2019
Getting started with osquery Lauren Pearl, Andy Ying 2018
osquery Super Features Lauren Pearl 2018
osquery Extension Skunkworks Mike Myers 2018
Build it Break it Fix it Andrew Ruef 2014


Presentation Title Author(s) Year
The Joy of Pwning Sophia D'Antoine 2017
How to CTF - Getting and using Other People's Computers (OPC) Jay Little 2014
Low-level Security Andrew Ruef 2014
Security and Your Business Andrew Ruef 2014
Bringing nothing to the party Vincenzo Iozzo 2013
From One Ivory Tower to Another Vincenzo Iozzo 2012

Mobile security

Presentation Title Author(s) Year
Swift Reversing Ryan Stortz 2016
Modern iOS Application Security Sophia D'Antoine, Dan Guido 2016
The Mobile Exploit Intelligence Project Dan Guido 2012
A Tale of Mobile Threats Vincenzo Iozzo 2012

Side channels

Presentation Title Author(s) Year
Hardware side channels in virtualized environments Sophia D'Antoine 2015
Exploiting Out-of-Order Execution Sophia D'Antoine 2015

Threat analysis

Presentation Title Author(s) Year
The Exploit Intelligence Project Revisited Dan Guido 2013


Dataset Date
Smart Contract Audit Findings Aug 2019


Podcast Guest Date Topic(s)
Absolute AppSec 68 Stefan Edwards, Bobby Tonic Aug 2019 Kubernetes
Hashing it Out 53 Dan Guido Jul 2019 Smart contract testing
Absolute AppSec 60 Stefan Edwards May 2019 Android, programming languages
Absolute AppSec 55 Stefan Edwards Apr 2019 Security testing
Hashing it Out 35 Dan Guido, Josselin Feist Jan 2019 Ethereum's failed EIP-1283
Risky Business JP Smith Jan 2019 Post-quantum cryptography in CTFs
Absolute AppSec 37 Stefan Edwards Nov 2018 Programming languages, symbex
Risky Business 510 Lauren Pearl Aug 2018 Open source security engineering
Absolute AppSec 34 Stefan Edwards Oct 2018 Security testing, blockchain software
Zero Knowledge 16 JP Smith Mar 2018 How security audits work for smart contracts
Risky Business 488 JP Smith Feb 2018 Smart contract testing with Manticore
Risky Business 474 Dan Guido Oct 2017 How to engineer secure software
Georgian Partners 47 Dan Guido May 2017 AlgoVPN and Tor
VUC 643 Dan Guido Apr 2017 AlgoVPN
Risky Business 449 Dan Guido Mar 2017 Control Flow Integrity
Risky Business 425 Dan Guido Sep 2016 Recap the week's news
Risky Business 421 Dan Guido Aug 2016 Car hacking and the week's news
Risky Business 416 Dan Guido Jul 2016 DARPA Cyber Grand Challenge
Risky Business 399 Dan Guido Feb 2016 Apple vs the FBI
Risky Business 370 Dan Guido Feb 2015 DARPA Cyber Grand Challenge
Risky Business 348 Dan Guido Jun 2015 DARPA Cyber Grand Challenge

Security Reviews

Product Review Date Level of Effort Announcement
Staked Aug 2019 4 person-weeks
Blockchain Aug 2019 4 person-weeks
RandomX Jun 2019 2 person-weeks Monero and Arweave to Validate RandomX
Numerai May 2019 3 person-weeks NMR 2.0 is now live!
Kubernetes May 2019 2 person-weeks
Kubernetes May 2019 3 person-weeks
Kubernetes May 2019 12 person-weeks Kubernetes security matures: Inside the project’s first audit
MerkleX May 2019 4 person-weeks
Interest Token May 2019 2 person-days
Western Digital May 2019 6 person-weeks Multiple vulnerabilities in SanDisk X600 SATA SED SSD
Loom May 2019 10 person-weeks The Loom SDK Q1 2019 Security Audit is now complete!
TokenCard May 2019 5 person-weeks
ZecWallet Apr 2019 2 person-weeks
Compound Apr 2019 8 person-weeks Compound v2 is Live
Unity Coin Apr 2019 1 person-week
Algorand Mar 2019 14 person-weeks Success and momentum of Algorand
Ocean Protocol Mar 2019 4 person-weeks One Protocol. One Network. One Community.
UMA Project Mar 2019 3 person-weeks
Nomisma Mar 2019 1 person-week
Centrifuge Mar 2019 5 person-weeks
Tendermint Mar 2019 12 person-weeks
Reserve Protocol Mar 2019 1 person-week
Set Protocol Mar 2019 5 person-weeks The Road to MainNet
NuCypher Feb 2019 4 person-weeks Security Audits (Round 2)
AMP StableWire Jan 2019 1 person-week
EIP-1283 Jan 2019 1 person-week Constantinople Security Update
Ampleforth Nov 2018 4 person-weeks Source Code and Security Audits with Trail of Bits
ndau Nov 2018 8 person-weeks ndau Holders Elect Inaugural Policy Council
Bitcoin SV Nov 2018 12 person-weeks
Origin Protocol Nov 2018 4 person-weeks
Pantheon Oct 2018 8 person-weeks What we learned from auditing our Ethereum client
Paxos Standard Oct 2018 4 person-weeks
Basecoin Oct 2018 12 person-weeks
Compound Sep 2018 12 person-weeks Compound launches money markets for Ethereum assets
Building Blocks Aug 2018 7 person-weeks UN WFP uses Ethereum to aid 100,000 refugees
NuCypher Aug 2018 12 person-weeks Security audits: round 1
Project Callisto Aug 2018 4 person-weeks
Parity Jul 2018 12 person-weeks Parity completes Trail of Bits security review
Bloom Jul 2018 1 person-week Bloom development update
Tezori Jul 2018 2 person-weeks Thanks to @trailofbits for their security review
CENTRE Jul 2018 4 person-weeks Designing an upgradeable Ethereum contract
Gemini Dollar Jun 2018 8 person-weeks Stablecoins: Understanding Counterparty Risk
Project Callisto Aug 2018 1 person-week
Dharma May 2018 1 person-week Dharma protocol v1 is live on mainnet
Golem Apr 2018 4 person-weeks Smart contracts: audit report
LivePeer Mar 2018 4 person-weeks Livepeer smart contract security audit #1 results
Web3 Mar 2018 2 person-weeks W3F and TOB release hardware wallet security guidance
DappHub Dec 2017 8 person-weeks
RSKj Nov 2017 6 person-weeks RSK security audit results
MakerDAO Sai Oct 2017 8 person-weeks Single-collateral Dai source code and security reviews
Omega One Aug 2017 6 person-weeks
zlib Sep 2016 1 person-week


Workshop Title Venue Date
Manticore EVM Workshop Devcon4 2018 Nov 2018
DeepState: Bringing Vulnerability Detection Tools into the Dev Cycle SecDev 2018 Oct 2018
Smart Contract Security Automation Workshop TruffleCon 2018 Oct 2018
Smart Contract Security Automation Workshop ETH Berlin 2018 Sep 2018
Manticore EVM Workshop EthCC 2018 Mar 2018
Manticore Workshop GreHack 2017 Oct 2017
You can’t perform that action at this time.