Trail of Bits

Our entire NYC team, including interns, is attending SummerCon. Looking forward to connecting and sharing insights at the longest-running hacker conference in the US! 💫 We're proud to sponsor the 2024 SummerCon Research Grant, continuing our commitment to fostering new talent and promoting diversity. See you this week! In 2018, we partnered with the SummerCon Foundation to create a $100,000 grant promoting diversity and inclusion in cybersecurity. Participants received funding, mentorship, and a chance to present their findings at SummerCon. https://buff.ly/3XVnXND We continue to support diversity through sponsorships at the Women in CyberSecurity (WiCyS) and our diversity ticket program for OffensiveCon, co-created with Blue Frost in 2019.

The Application Security Weekly Productions podcast highlighted it… our "Quantum is Unimportant to Post-Quantum" blog begs the question: what is the AppSec equivalent? What measures has AppSec taken to improve design references for developers?

Excited to be attending Summercon in Brooklyn, NY this weekend! Summercon is the longest-running hacker conference in the US and Trail of Bits has been a proud sponsor of the event for the last several years! Back in 2018, Trail of Bits donated $100,000 to support developing security researchers through the Summercon Foundation. You can read more about the grant here: https://lnkd.in/epBvgup2. Let me know if you will be attending this year and would like to learn more about opportunities at Trail of Bits or just want to chat about all things security! https://lnkd.in/eW2MmsgG

🌟 Join us for a Burp Suite Webinar! 🌟 Featuring: Maciej Domanski, Shaun Mirani, Cliff Smith W/ special guest, James Kettle, Director of Research at PortSwigger 📅 July 31st @ 12 PM EST Why Use Burp Suite? Burp Suite is a leading tool for web application security testing. It helps security professionals: * Identify vulnerabilities in web applications * Perform automated and manual security testing * Integrate security testing into CI/CD pipelines * Enhance productivity with a suite of powerful tools like Scanner, Repeater, and Intruder What You'll Learn: * Web research techniques using Burp Suite * Optimizing your setup * Effectively using Burp tools in various scenarios * The future of Burp with BChecks and other less known features * Comparing dynamic and static analysis approaches based on real-world examples Register Now: https://buff.ly/3WpODVu Can’t make the live session? Register anyway, and we’ll send you a recording of the webinar.

This is exactly what Trail of Bits does and it’s really cool! Don’t know any other company that would have let me do the Ai security work I love while letting me be in Japan.

We are now a member of the Post-Quantum Cryptography Alliance (PQCA), founded by the The Linux Foundation . The PQCA and its members are at the forefront of advancing post-quantum cryptography. The alliance is focused on finding and creating production-ready libraries and packages to tackle the security challenges posed by quantum computing. It implements standardized algorithms and supports the development of new post-quantum algorithms to create reliable software for evaluation and prototyping. Here at Trail of Bits, our cryptography team has developed many PQC resources; here are a couple of our favorites: -Two newly open-sourced LMS libraries: https://buff.ly/3xUvH7E -Quantum is unimportant to post-quantum: https://buff.ly/3zqqQvI 🌟 Beyond our research efforts, we're conducting *security reviews* and *custom engineering* for organizations transitioning to post-quantum. 🌟 However, adopting PQC internally is not simple. If you're not sure where to start, we recommend signing up for a free office hours session with our cryptography team. For one hour, you will have access to our cryptographers to ask questions about best practices, implementations, and even tips on how to get started. https://buff.ly/3VtpXLT

If you’re either attending or watching today’s Hackers On Planet Earth (HOPE) conference, you won’t want to miss my colleague Suha S. Hussain’s talk on Incubated ML Exploits at 4 p.m. Eastern 😉 https://lnkd.in/eA2phAEh

Researchers have raised red flags about AES-GCM's weaknesses for nearly two decades. But it's still only one of two cipher modes used by TLS 1.3....what if there was a better way? Introducing AES-GEM (Galois Extended Mode), a new block cipher mode that enhances the security of GCM across all dimensions with minimal performance overhead. Key benefits of AES-GEM include: -> Extended nonce lengths for better security against nonce reuse. -> Improved subkey derivation methods for enhanced security. -> Support for longer messages without increased risk. -> Stronger authentication security to mitigate known vulnerabilities. ❗ Although AES-GEM is not ready for production use, our research shows its potential to significantly improve cryptographic security. Discover more about AES-GEM in our latest blog:

We have been named a leader in The Forrester Wave™: Cybersecurity Consulting Services, Q2 2024! 🎉 We believe we emerged as a leader for our innovative strategies, client-centric solutions, and commitment to open-source excellence. Read our blog: https://buff.ly/3WkdYjR

The hack behind your "sold out" ticket: we confirmed that scalpers reverse-engineered Ticketmaster's rotating barcodes to transfer their "untransferable" tickets. More from 404 Media: https://t.co/OfZSLsjET2