- Academic Papers
- Conference Presentations
- Datasets
- Podcasts
- Public Presentations
- Security Reviews
- Disclosures
- Workshops
- Legend
Presentation Title | Author(s) | Year |
---|---|---|
Ergonomic codesigning for the Python ecosystem with Sigstore | William Woodruff | 2023 |
Sigstore for Python Packaging: Next Steps for Adoption | William Woodruff | 2022 |
die, PGP, die | William Woodruff | 2022 |
Seriously, stop using RSA | Ben Perez | 2019 |
Best Practices for Cryptography in Python | Paul Kehrer | 2019 |
Analyzing the MD5 collision in Flame | Alex Sotirov | 2012 |
Presentation Title | Author(s) | Year |
---|---|---|
Python Packaging Mystery Meat | William Woodruff | 2022 |
Improving PyPI's security with Two Factor Authentication | William Woodruff | 2019 |
Linux Security Event Monitoring with osquery | Alessandro Gario | 2019 |
osql: The community oriented osquery fork | Stefano Bonicatti, Mark Mossberg | 2019 |
Getting started with osquery | Lauren Pearl, Andy Ying | 2018 |
osquery Super Features | Lauren Pearl | 2018 |
osquery Extension Skunkworks | Mike Myers | 2018 |
Build it Break it Fix it | Andrew Ruef | 2014 |
Presentation Title | Author(s) | Year |
---|---|---|
A mostly gentle introduction to LLVM | William Woodruff | 2022 |
JWTs, and why they suck | Rory M | 2021 |
The Joy of Pwning | Sophia D'Antoine | 2017 |
How to CTF - Getting and using Other People's Computers (OPC) | Jay Little | 2014 |
Low-level Security | Andrew Ruef | 2014 |
Security and Your Business | Andrew Ruef | 2014 |
Bringing nothing to the party | Vincenzo Iozzo | 2013 |
From One Ivory Tower to Another | Vincenzo Iozzo | 2012 |
Presentation Title | Author(s) | Year |
---|---|---|
Return to the 100 Acre Woods | Stefan Edwards | 2019 |
Swimming with the kubectl fish | Stefan Edwards | 2019 |
Presentation Title | Author(s) | Year |
---|---|---|
Exploiting Machine Learning Pickle Files | Carson Harmon, Evan Sultanik, Jim Miller, Suha Hussain | 2021 |
PrivacyRaven: Comprehensive Privacy Testing for Deep Learning | Suha Hussain | 2020 |
Presentation Title | Author(s) | Year |
---|---|---|
Swift Reversing | Ryan Stortz | 2016 |
Modern iOS Application Security | Sophia D'Antoine, Dan Guido | 2016 |
The Mobile Exploit Intelligence Project | Dan Guido | 2012 |
A Tale of Mobile Threats | Vincenzo Iozzo | 2012 |
Presentation Title | Author(s) | Year |
---|---|---|
Python internals - let's talk about dicts | Dominik Czarnota | 2019 |
Low-level debugging with Pwndbg | Dominik Czarnota | 2018 |
Insecure Things to Avoid in Python | Dominik Czarnota | 2018 |
Presentation Title | Author(s) | Year |
---|---|---|
A Broad Comparative Evaluation of x86-64 Binary Rewriters | Eric Schulte, Michael D. Brown, Vlad Folts | 2022 |
On the Optimization of Equivalent Concurrent Computations | Henrich Lauko, Lukáš Korenčik, Peter Goodman | 2022 |
Presentation Title | Author(s) | Year |
---|---|---|
Hardware side channels in virtualized environments | Sophia D'Antoine | 2015 |
Exploiting Out-of-Order Execution | Sophia D'Antoine | 2015 |
Presentation Title | Author(s) | Year |
---|---|---|
Peeling back the 'Shlayers' of macOS Malware | Josh Watson, Erika Noerenberg | 2019 |
The Exploit Intelligence Project Revisited | Dan Guido | 2013 |
Dataset | Date |
---|---|
Smart Contract Audit Findings | Aug 2019 |
We host our own podcast that explores the intersection of human intellect and computational power. You can download episodes from your favorite podcast app or listen to all the episodes on our website.
Podcast | Guest | Date | Topic(s) |
---|---|---|---|
ASW 229 | Nick Selby | Feb 2023 | Threat modeling and cloud-native audits |
Risky Business 690 | Dan Guido | Jan 2023 | Vuln disclosure |
Risky Business 672 | Dan Guido | Jul 2022 | Blockchain security |
Cloud Security Reinvented | Nick Selby | Jun 2022 | Cloud security |
Skiff Office Hours | Dan Guido | Mar 2022 | Privacy technology |
Risky Business 652 | Dan Guido | Jan 2022 | Zero-knowledge proofs |
Secureum Safecast #3 | Josselin Feist | Nov 2021 | Blockchain security |
Secureum Safecast #2 | Dan Guido | Oct 2021 | Blockchain security |
Press Freedom Foundation | Dan Guido | Jul 2021 | Mobile security and iVerify |
Employee Cycle | Hannah Hanks | Mar 2021 | First PeopleOps hire |
Risky Business 614 | Dan Guido | Feb 2021 | iVerify |
Building Better Systems 6 | Dan Guido | Jan 2021 | What blockchain got right |
WCBS 880 | Dan Guido | Sep 2020 | Gap years and intern hiring |
Risky Business 594 | Dan Guido | Aug 2020 | Apple security |
Epicenter 346 | Dan Guido | Jun 2020 | Smart contract security |
Absolute AppSec 97 | Stefan Edwards | May 2020 | Threat modeling |
Unchained 170 | Dan Guido | May 2020 | DeFi security |
Risky Business 580 | Dan Guido | Apr 2020 | Mobile voting |
Absolute AppSec 91 | Stefan Edwards | Apr 2020 | Mobile voting |
Zero Knowledge 122 | Ben Perez | Mar 2020 | Cryptography reviews, ZKPs |
Changelog | Dan Guido | Jan 2020 | AlgoVPN |
Risky Business 559 | Stefan Edwards | Oct 2019 | Kubernetes |
FOSS Weekly 545 | William Woodruff | Sep 2019 | PyPI security improvements |
Podcast.__init__ 225 |
William Woodruff | Aug 2019 | PyPI security, UX, and sustainability |
Absolute AppSec 68 | Stefan Edwards, Bobby Tonic | Aug 2019 | Kubernetes |
Hashing it Out 53 | Dan Guido | Jul 2019 | Smart contract testing |
Absolute AppSec 60 | Stefan Edwards | May 2019 | Android, programming languages |
Absolute AppSec 55 | Stefan Edwards | Apr 2019 | Security testing |
Hashing it Out 35 | Dan Guido, Josselin Feist | Jan 2019 | Ethereum's failed EIP-1283 |
Risky Business | JP Smith | Jan 2019 | Post-quantum crypto in CTFs |
Absolute AppSec 37 | Stefan Edwards | Nov 2018 | Programming languages, symbex |
Risky Business 510 | Lauren Pearl | Aug 2018 | Open source security engineering |
Absolute AppSec 34 | Stefan Edwards | Oct 2018 | Security testing, blockchain |
Zero Knowledge 16 | JP Smith | Mar 2018 | Smart contract security |
Risky Business 488 | JP Smith | Feb 2018 | Smart contract testing w/ Manticore |
Risky Business 474 | Dan Guido | Oct 2017 | How to engineer secure software |
Georgian Partners 47 | Dan Guido | May 2017 | AlgoVPN and Tor |
VUC 643 | Dan Guido | Apr 2017 | AlgoVPN |
Risky Business 449 | Dan Guido | Mar 2017 | Control Flow Integrity |
Risky Business 425 | Dan Guido | Sep 2016 | Recap the week's news |
Risky Business 421 | Dan Guido | Aug 2016 | Car hacking and the week's news |
Risky Business 416 | Dan Guido | Jul 2016 | DARPA Cyber Grand Challenge |
Risky Business 399 | Dan Guido | Feb 2016 | Apple vs the FBI |
Risky Business 370 | Dan Guido | Feb 2015 | DARPA Cyber Grand Challenge |
Risky Business 348 | Dan Guido | Jun 2015 | DARPA Cyber Grand Challenge |
Title | Agency | Date |
---|---|---|
Understanding Crypto Markets Security | CFTC | March 2023 |
Companies that have allowed us to speak about our work can be found here. Many more remain confidential.
Product | Date | Level of Effort |
Announcement | Report |
---|---|---|---|---|
KEDA | Dec 2022 | 6 | Our Audit of Kubernetes Event Driven Autoscaling (KEDA) is Complete! | 📄 |
Terraform Enterprise | Nov 2022 | 6 | ||
Nomad Enterprise | Nov 2022 | 6 | ||
HashiCorp Cloud | Jun 2022 | 9 | ||
Tekton | Mar 2022 | 4 | Tekton Security Review Completed | 📄 |
Linkerd | Feb 2022 | 4 | 📛📄✅ | |
CoreDNS | Jan 2022 | 4 | 📄 | |
Terraform Enterprise | Nov 2021 | 6 | ||
Nomad Enterprise | Nov 2021 | 6 | ||
Consul Enterprise | Oct 2021 | 6 | ||
Vault Enterprise | Oct 2021 | 6 | ||
HashiCorp Cloud | Jun 2021 | 8 | ||
Argo | Mar 2021 | 4 | 📛📄 | |
Terraform Cloud | Jan 2021 | 6 | ||
Consul | Oct 2020 | 10 | ||
Nomad | Aug 2020 | 6 | ||
Helm | Aug 2020 | 4 | Helm 2nd Security Audit | 📄 |
Terraform | Mar 2020 | 6 | ||
OPA | Mar 2020 | 2 | Open Policy Agent (OPA) Graduation Proposal | 📄 |
etcd | Jan 2020 | 4 | CNCF | 📄 |
Rook | Dec 2019 | 2 | CNCF | 📄 |
Kubernetes | May 2019 | 12 | Google, CNCF | 📛📄📰 |
Product | Date | Level of Effort |
Announcement | Report |
---|---|---|---|---|
Folks Finance Protocol | Nov 2022 | 6 | ||
wXTZ | Nov 2020 | 4 | 📄 | |
wALGO | Nov 2020 | 4 | 📄 | |
Meld Gold | Jul 2020 | 2 | ||
Algorand | Mar 2019 | 14 | Success and momentum of Algorand | |
Pixel | Dec 2019 | 4 |
Product | Date | Level of Effort |
Announcement | Report |
---|---|---|---|---|
Alkimiya Silica V2 | Jun 2022 | 6 | ||
Ava Labs | Apr 2022 | 8 | ||
Flare Network | Mar 2021 | 8 |
Product | Date | Level of Effort |
Announcement | Report |
---|---|---|---|---|
STAS SDK | Oct 2021 | 4 | ||
STAS-JS SDK | Sept 2021 | 4 | ||
Bitcoin SV | Jan 2021 | 6 | ||
Zcoin | Jul 2020 | 2 | Lelantus Cryptographic Library Audit Results | 📄 |
Zcash | Apr 2020 | 3 | Heartwood security assessment results | 📄 |
Zcash | Nov 2019 | 6 | NU3, Blossom, and Sapling security reviews | 📄 |
Zcash | Nov 2019 | 6 | 📄 | |
Paymail Protocol | Nov 2019 | 7 | ||
Bitcoin SV | Nov 2018 | 12 | ||
Simple Ledger | Oct 2019 | 3 | ||
ZecWallet | Apr 2019 | 2 | 📄 | |
RSKj | Nov 2017 | 6 | RSK security audit results | 📄 |
Product | Date | Level of Effort |
Announcement | Report |
---|---|---|---|---|
xUDT | Jun 2021 | 2 | ||
Nervos -RSA | Mar 2021 | 4 | ||
Nervos SUDT | Oct 2020 | 6 | 📄 | |
Cheque Cell & ORU | Feb 2021 | 8 | ||
Force Bridge - Solidity | Feb 2021 | 4 | ||
Force Bridge - Rust | Feb 2021 | 3 |
Product | Date | Level of Effort |
Announcement | Report |
---|---|---|---|---|
Nostra | Dec 2022 | 8 | ||
StarkGate | Dec 2022 | 2 | ||
StarkEx | Oct 2022 | 1 | ||
StarkNet token | Jul 2022 | 1 | ||
StarkPerpetual | Jan 2022 | 8 | ||
StarkEx | Nov 2021 | 8 |
Product | Date | Level of Effort |
Announcement | Report |
---|---|---|---|---|
Token-2022 Program | Feb 2023 | 1 | 📄✅ | |
Drift Protocol | Dec 2022 | 6 | Announcement (Tweet) | 📄✅ |
Solana | Apr 2022 | 12 |
Product | Date | Level of Effort |
Announcement | Report |
---|---|---|---|---|
ParaSpace | Dec 2022 | 1 | 📄 | |
ParaSpace | Nov 2022 | 7 | 📄✅ | |
Parallel Finance | Mar 2022 | 6 | 📄 | |
Polkadex | Feb 2022 | 10 | ||
Polkadex | Dec 2021 | 4 | ||
PINT | Sept 2021 | 4 | ||
Polkaswap | Jul 2021 | 6 | ||
AlephBFT | Jun 2021 | 4 | 📄 | |
Acala Network | Jun 2021 | 4 | ||
Compound Chain | May 2021 | 6 | ||
Acala Network | Jan 2021 | 6 | 📄 | |
Parity Fether | Aug 2019 | 4 | ||
Parity | Jul 2018 | 12 | Parity completes Trail of Bits security review | 📄 |
Product | Date | Level of Effort |
Announcement | Report |
---|---|---|---|---|
Umee | Feb 2022 | 8 | 📄 | |
Columbus-5 | Jan 2022 | 2 | ||
IBC Protocol | Dec 2021 | 4 | ||
THORChain | Aug 2021 | 12 | ||
Tendermint | Mar 2019 | 12 | ||
ndau | Nov 2018 | 8 | ndau Holders Elect Inaugural Policy Council |
Product | Date | Level of Effort |
Announcement | Report |
---|---|---|---|---|
Kolibri | Apr 2022 | 4 | ||
Tezori (T2) | Dec 2020 | 4 | 📄 | |
Tezori | Jul 2018 | 2 | Thanks to @trailofbits for their security review | |
Magma | Jun 2020 | 1 | 📄 | |
Dexter | Jun 2020 | 4 | 📄 |
Product | Date | CVE | CVSS | Exploits | Report |
---|---|---|---|---|---|
SQLite | Jul 2022 | CVE-2022-35737 | 7.5 | Crash Live lock Code execution |
💬 |
Workshop Title | Venue | Date |
---|---|---|
Smart Contract Security Automation Workshop | TruffleCon 2019 | Oct 2019 |
Manticore EVM Workshop | Devcon4 2018 | Nov 2018 |
Introduction to Smart Contract Exploitation | GreHack 2018 | Nov 2018 |
DeepState: Bringing Vulnerability Detection Tools into the Dev Cycle | SecDev 2018 | Oct 2018 |
Smart Contract Security Automation Workshop | TruffleCon 2018 | Oct 2018 |
Smart Contract Security Automation Workshop | ETH Berlin 2018 | Sep 2018 |
Manticore EVM Workshop | EthCC 2018 | Mar 2018 |
Manticore Workshop | GreHack 2017 | Oct 2017 |
Icon | Definition |
---|---|
💬 | Blog post or other social media |
📄 | Security Assessment report |
✅ | Fix review report |
📛 | Threat Model report |
📰 | Whitepaper |
Header | Definition |
---|---|
Level of Effort | Defined in person-weeks for the project |