Publications from Trail of Bits

• Academic Papers
• Conference Presentations
  • Automated bug finding and exploitation
  • Blockchain
  • Cryptography
  • Engineering
  • Education
  • Mobile security
  • Programming
  • Side channels
  • Threat analysis
• Datasets
• Podcasts
• Security Reviews
  • Technology products
  • Cloud-native
  • Smart contracts
  • Blockchain protocols and software
• Workshops

Academic papers

Paper Title	Venue	Publication Date
Echidna: effective, usable, and fast fuzzing for smart contracts	ISSTA 2020	July 2020
Automated Grammar Extraction via Semantic Labeling of Parsers	LangSec 2020	May 2020
What are the Actual Flaws in Important Smart Contracts?	FC 2020	Feb 2020
Echidna: A Practical Smart Contract Fuzzer	FC 2020	Feb 2020
RSA GTFO	PoC||GTFO 0x20	Jan 2020
Manticore: Symbolic Execution for Binaries and Smart Contracts	ASE 2019	Jun 2019
Slither: A Static Analysis Framework For Smart Contracts	WETSEB 2019	May 2019
Toward Smarter Vulnerability Discovery Using Machine Learning	AISec 2018	Oct 2018
The Past, Present, and Future of Cyberdyne	IEEE S&P	Apr 2018
DeepState - Symbolic Unit Testing for C and C++	BAR 2018	Feb 2018
Cyber-Deception and Attribution in Capture-the-Flag Exercises	FOSINT-SI 2015	Jul 2015

Conference presentations

Automated bug finding and exploitation

Presentation Title	Author(s)	Year
How to find bugs when (ground) truth isn't real	William Woodruff	2020
The Treachery of Files and Two New Tools that Tame It	Evan Sultanik	2019
Symbolically Executing a Fuzzy Tyrant	Stefan Edwards	2019
Kernel space fault injection with KRF	William Woodruff	2019
Binary Symbolic Execution With KLEE-Native	Sai Vegasena	2019
Going sicko mode on the Linux Kernel	William Woodruff	2019
Vulnerability Modeling with Binary Ninja	Josh Watson	2018
File Polyglottery; or, This PoC is also a picture of cats	Evan Sultanik	2017
Be a binary rockstar	Sophia D'Antoine	2017
Symbolic Execution for Humans	Mark Mossberg	2017
The spirit of the 90s is still alive in Brooklyn	Ryan Stortz, Sophia D'Antoine	2017
The dream of a static and dynamic analysis shootout	Ryan Stortz	2016
Binary constraint solving for automatic exploit generation	Sophia D'Antoine	2016
The Smart Fuzzer Revolution	Dan Guido	2016
Making a scaleable automated hacking system	Artem Dinaburg	2016
Cyberdyne - Automatic bug-finding at scale	Peter Goodman	2016
McSema - Static translation of x86 instructions to LLVM IR	Andrew Ruef, Artem Dinaburg	2014

Blockchain

Presentation Title	Author(s)	Year
Detecting transaction replacement attacks with Manticore	Sam Moelius	2020
Fantastic Bugs and How to Squash Them; or, the Crimes of Solidity	Evan Sultanik	2019
SlithIR: High-Precision Security Analysis with an IR for Solidity	Josselin Feist	2019
Slither: A Static Analysis Framework for Smart Contracts	Josselin Feist	2019
What blockchain got right	Dan Guido	2019
Property-testing of smart contracts	JP Smith	2018
Anatomy of an unsafe programming language	Evan Sultanik	2018
Contract upgrade risks and recommendations	Josselin Feist	2018
Blackhat Ethereum	Ryan Stortz, Jay Little	2018
Blockchain Autopsies - Analyzing Smart Contract Deaths	Jay Little	2018
Rattle - an Ethereum EVM binary analysis framework	Ryan Stortz	2018
Securing value on the Ethereum blockchain	Dan Guido	2018
Binary analysis, meet the blockchain	Mark Mossberg	2018
Automatic bug finding for the blockchain	Felipe Manzano, Josselin Feist	2017

Cryptography

Presentation Title	Author(s)	Year
Seriously, stop using RSA	Ben Perez	2019
Best Practices for Cryptography in Python	Paul Kehrer	2019
Analyzing the MD5 collision in Flame	Alex Sotirov	2012

Engineering

Presentation Title	Author(s)	Year
Improving PyPI's security with Two Factor Authentication	William Woodruff	2019
Linux Security Event Monitoring with osquery	Alessandro Gario	2019
osql: The community oriented osquery fork	Stefano Bonicatti, Mark Mossberg	2019
Getting started with osquery	Lauren Pearl, Andy Ying	2018
osquery Super Features	Lauren Pearl	2018
osquery Extension Skunkworks	Mike Myers	2018
Build it Break it Fix it	Andrew Ruef	2014

Education

Presentation Title	Author(s)	Year
The Joy of Pwning	Sophia D'Antoine	2017
How to CTF - Getting and using Other People's Computers (OPC)	Jay Little	2014
Low-level Security	Andrew Ruef	2014
Security and Your Business	Andrew Ruef	2014
Bringing nothing to the party	Vincenzo Iozzo	2013
From One Ivory Tower to Another	Vincenzo Iozzo	2012

Infrastructure

Presentation Title	Author(s)	Year
Return to the 100 Acre Woods	Stefan Edwards	2019
Swimming with the kubectl fish	Stefan Edwards	2019

Machine Learning

Presentation Title	Author(s)	Year
PrivacyRaven: Comprehensive Privacy Testing for Deep Learning	Suha Hussain	2020

Mobile security

Presentation Title	Author(s)	Year
Swift Reversing	Ryan Stortz	2016
Modern iOS Application Security	Sophia D'Antoine, Dan Guido	2016
The Mobile Exploit Intelligence Project	Dan Guido	2012
A Tale of Mobile Threats	Vincenzo Iozzo	2012

Programming

Presentation Title	Author(s)	Year
Python internals - let's talk about dicts	Dominik Czarnota	2019
Low-level debugging with Pwndbg	Dominik Czarnota	2018
Insecure Things to Avoid in Python	Dominik Czarnota	2018

Side channels

Presentation Title	Author(s)	Year
Hardware side channels in virtualized environments	Sophia D'Antoine	2015
Exploiting Out-of-Order Execution	Sophia D'Antoine	2015

Threat analysis

Presentation Title	Author(s)	Year
The Exploit Intelligence Project Revisited	Dan Guido	2013

Datasets

Dataset	Date
Smart Contract Audit Findings	Aug 2019

Podcasts

Podcast	Guest	Date	Topic(s)
WCBS 880	Dan Guido	Sep 2020	Gap years and intern hiring
Risky Business 594	Dan Guido	Aug 2020	Apple security
Epicenter 346	Dan Guido	Jun 2020	Smart contract security
Absolute AppSec 97	Stefan Edwards	May 2020	Threat modeling
Unchained 170	Dan Guido	May 2020	DeFi security
Risky Business 580	Dan Guido	Apr 2020	Mobile voting
Absolute AppSec 91	Stefan Edwards	Apr 2020	Mobile voting
Zero Knowledge 122	Ben Perez	Mar 2020	Cryptography reviews, ZKPs
Changelog	Dan Guido	Jan 2020	AlgoVPN
Risky Business 559	Stefan Edwards	Oct 2019	Kubernetes
FOSS Weekly 545	William Woodruff	Sep 2019	PyPI security improvements
Podcast.__init__ 225	William Woodruff	Aug 2019	PyPI security, UX, and sustainability
Absolute AppSec 68	Stefan Edwards, Bobby Tonic	Aug 2019	Kubernetes
Hashing it Out 53	Dan Guido	Jul 2019	Smart contract testing
Absolute AppSec 60	Stefan Edwards	May 2019	Android, programming languages
Absolute AppSec 55	Stefan Edwards	Apr 2019	Security testing
Hashing it Out 35	Dan Guido, Josselin Feist	Jan 2019	Ethereum's failed EIP-1283
Risky Business	JP Smith	Jan 2019	Post-quantum crypto in CTFs
Absolute AppSec 37	Stefan Edwards	Nov 2018	Programming languages, symbex
Risky Business 510	Lauren Pearl	Aug 2018	Open source security engineering
Absolute AppSec 34	Stefan Edwards	Oct 2018	Security testing, blockchain
Zero Knowledge 16	JP Smith	Mar 2018	Smart contract security
Risky Business 488	JP Smith	Feb 2018	Smart contract testing w/ Manticore
Risky Business 474	Dan Guido	Oct 2017	How to engineer secure software
Georgian Partners 47	Dan Guido	May 2017	AlgoVPN and Tor
VUC 643	Dan Guido	Apr 2017	AlgoVPN
Risky Business 449	Dan Guido	Mar 2017	Control Flow Integrity
Risky Business 425	Dan Guido	Sep 2016	Recap the week's news
Risky Business 421	Dan Guido	Aug 2016	Car hacking and the week's news
Risky Business 416	Dan Guido	Jul 2016	DARPA Cyber Grand Challenge
Risky Business 399	Dan Guido	Feb 2016	Apple vs the FBI
Risky Business 370	Dan Guido	Feb 2015	DARPA Cyber Grand Challenge
Risky Business 348	Dan Guido	Jun 2015	DARPA Cyber Grand Challenge

Security Reviews

Companies that have allowed us to speak about our work can be found here. Many more remain confidential.

Technology products

Product	Review Date	Level of Effort	Deliverables	Announcement
Azure Sphere	Jun 2020	12 person-weeks		Microsoft
Zoom	May 2020	9 person-weeks	Zoom
Secure Transport	Apr 2020	4 person-weeks
ZeroTier 2.0	Mar 2020	2 person-weeks	Security Review	ZeroTier
Voatz	Feb 2020	12 person-weeks	Security Review, Threat Model	Voatz, Tusk
Voice	Jan 2020	4 person-weeks
Sweet B	Jan 2020	4 person-weeks	Security Review	Western Digital
Azure Sphere	Jun 2019	12 person-weeks
SanDisk X600	May 2019	6 person-weeks	Security Review	Western Digital
Project Callisto	Aug 2018	5 person-weeks
zlib	Sep 2016	1 person-week	Security Review

Cloud-native

Product	Review Date	Level of Effort	Deliverables	Announcement
Helm	Aug 2020	4 person-weeks
Terraform	Mar 2020	6 person-weeks
OPA	Mar 2020	2 person-weeks
Vault	Feb 2020	12 person-weeks
etcd	Jan 2020	4 person-weeks	Security Review	CNCF
Rook	Dec 2019	2 person-weeks	Security Review	CNCF
Kubernetes	May 2019	12 person-weeks	Security Review, Threat Model, Whitepaper	Google, CNCF

Smart contracts

Product	Review Date	Level of Effort	Announcement
DODO	Sep 2020	3 person-weeks
Yield Protocol	Aug 2020	6 person-weeks
DeFiner	Aug 2020	1 person-week
Smart Pool	Aug 2020	1 person-week
Argent	Aug 2020	4 person-weeks
MYKEY	Jul 2020	4 person-weeks
CurveDAO	Jul 2020	6 person-weeks
Amp	Jul 2020	3 person-weeks
Federated Bridge	Jul 2020	1 person-week
dForce dToken	Jul 2020	2 person-weeks
Dexter	Jun 2020	4 person-weeks
QTUM	Apr 2020	3 person-days
Hegic	Apr 2020	3 person-days
Golem Network	Mar 2020	2 person-weeks
Reddit	Mar 2020	1 person-week	A New Frontier
Compound	Feb 2020	2 person-weeks
Chai	Feb 2020	2 person-days
WorkLock	Jan 2020	2 person-weeks	WorkLock Security Audit
Balancer	Jan 2020	4 person-weeks
Curve.fi	Jan 2020	1 person-week
Livepeer	Oct 2019	3 person-weeks
Topo Finance	Oct 2019	4 person-weeks
Dharma Wallet	Oct 2019	4 person-weeks
0x Protocol	Oct 2019	10 person-weeks
Flexa	Sep 2019	2 person-weeks	Announcing Flexa Capacity
Aave Protocol	Sep 2019	4 person-weeks
MC Dai	Aug 2019	13 person-weeks	MCD Security Roadmap Update: Oct 2019
Compound	Aug 2019	2 person-weeks
Staked	Aug 2019	4 person-weeks
Computable	Jul 2019	8 person-weeks	Computable Contract Audit
Numerai	May 2019	3 person-weeks	NMR 2.0 is now live!
MerkleX	May 2019	4 person-weeks
Interest Token	May 2019	2 person-days
TokenCard	May 2019	5 person-weeks
Compound	Apr 2019	8 person-weeks	Compound v2 is Live
Unity Coin	Apr 2019	1 person-week
Ocean Protocol	Mar 2019	4 person-weeks	One Protocol. One Network. One Community.
UMA Project	Mar 2019	3 person-weeks
Nomisma	Mar 2019	1 person-week
Reserve Protocol	Mar 2019	1 person-week
Set Protocol	Mar 2019	5 person-weeks	The Road to MainNet
NuCypher	Feb 2019	4 person-weeks	Security Audits (Round 2)
AMP StableWire	Jan 2019	1 person-week
EIP-1283	Jan 2019	1 person-week	Constantinople Security Update
Ampleforth	Nov 2018	4 person-weeks	Source Code and Security Audits with Trail of Bits
Origin Protocol	Nov 2018	4 person-weeks	How We Approach Security at Origin
Paxos Standard	Oct 2018	4 person-weeks
Basecoin	Oct 2018	12 person-weeks
Compound	Sep 2018	12 person-weeks	Compound launches money markets for Ethereum
NuCypher	Aug 2018	12 person-weeks	Security audits: round 1
CENTRE	Jul 2018	4 person-weeks	Designing an upgradeable Ethereum contract
Bloom	Jul 2018	1 person-week	Bloom development update
Gemini Dollar	Jun 2018	8 person-weeks	Stablecoins: Understanding Counterparty Risk
Dharma	May 2018	1 person-week	Dharma protocol v1 is live on mainnet
Golem	Apr 2018	4 person-weeks	Smart contracts: audit report
LivePeer	Mar 2018	4 person-weeks	Livepeer smart contract security audit #1 results
DappHub	Dec 2017	8 person-weeks
MakerDAO Sai	Oct 2017	8 person-weeks	Single-collateral Dai security reviews
Omega One	Aug 2017	6 person-weeks

Blockchain protocols and software

Product	Review Date	Level of Effort	Announcement
Stacks V2	Sep 2020	6 person-weeks
Prysm	Sep 2020	6 person-weeks
ETH2.0 Deposit CLI	Aug 2020	4 person-weeks
VRFs	Aug 2020	2 person-weeks
MobileCoin	Aug 2020	4 person-weeks
Ren	Aug 2020	4 person-weeks	August Development Update
Meld Gold	Jul 2020	2 person-weeks
Ledger Filecoin	Jul 2020	2 person-weeks
Arbitrum	Jul 2020	6 person-weeks
Symbol	Jul 2020	4 person-weeks
Zcoin	Jul 2020	2 person-weeks	Lelantus Cryptographic Library Audit Results
Magma	Jun 2020	1 person-week
Lighthouse	Jun 2020	4 person-weeks
Matic	Jun 2020	4 person-weeks
tBTC	May 2020	6 person-weeks
Chainlink Flux	May 2020	4 person-weeks
Zcash	Apr 2020	3 person-weeks	Heartwood security assessment results
Elrond	Mar 2020	6 person-weeks
EOSIO SDK	Jan 2020	4 person-weeks
Pixel	Dec 2019	4 person-weeks
Paymail Protocol	Nov 2019	7 person-weeks
Zcash	Nov 2019	6 person-weeks	NU3, Blossom, and Sapling security reviews
Zcash	Nov 2019	6 person-weeks
NEAR Protocol	Nov 2019	8 person-weeks
Status-go	Oct 2019	9 person-weeks
Simple Ledger	Oct 2019	3 person-weeks
EOSIO 2.0	Oct 2019	8 person-weeks
Oasis Labs	Sep 2019	13 person-weeks
AZTEC Protocol	Sep 2019	10 person-weeks
Celo	Sep 2019	8 person-weeks
Parity Fether	Aug 2019	4 person-weeks
Blockchain.com	Aug 2019	4 person-weeks
RandomX	Jun 2019	2 person-weeks	Monero and Arweave to Validate RandomX
ZecWallet	Apr 2019	2 person-weeks
Loom	May 2019	10 person-weeks	Loom SDK Q1 2019 Security Audit
Algorand	Mar 2019	14 person-weeks	Success and momentum of Algorand
Centrifuge	Mar 2019	5 person-weeks
Tendermint	Mar 2019	12 person-weeks
ndau	Nov 2018	8 person-weeks	ndau Holders Elect Inaugural Policy Council
Bitcoin SV	Nov 2018	12 person-weeks
Pantheon	Oct 2018	8 person-weeks	What we learned from auditing our Ethereum client
Building Blocks	Aug 2018	7 person-weeks	UN WFP uses Ethereum to aid 100,000 refugees
Parity	Jul 2018	12 person-weeks	Parity completes Trail of Bits security review
Tezori	Jul 2018	2 person-weeks	Thanks to @trailofbits for their security review
Web3	Mar 2018	2 person-weeks	W3F and TOB hardware wallet security guidance
RSKj	Nov 2017	6 person-weeks	RSK security audit results

Workshops

Workshop Title	Venue	Date
Smart Contract Security Automation Workshop	TruffleCon 2019	Oct 2019
Manticore EVM Workshop	Devcon4 2018	Nov 2018
Introduction to Smart Contract Exploitation	GreHack 2018	Nov 2018
DeepState: Bringing Vulnerability Detection Tools into the Dev Cycle	SecDev 2018	Oct 2018
Smart Contract Security Automation Workshop	TruffleCon 2018	Oct 2018
Smart Contract Security Automation Workshop	ETH Berlin 2018	Sep 2018
Manticore EVM Workshop	EthCC 2018	Mar 2018
Manticore Workshop	GreHack 2017	Oct 2017