Our entire NYC team, including interns, is attending SummerCon. Looking forward to connecting and sharing insights at the longest-running hacker conference in the US! 💫 We're proud to sponsor the 2024 SummerCon Research Grant, continuing our commitment to fostering new talent and promoting diversity. See you this week! In 2018, we partnered with the SummerCon Foundation to create a $100,000 grant promoting diversity and inclusion in cybersecurity. Participants received funding, mentorship, and a chance to present their findings at SummerCon. https://buff.ly/3XVnXND We continue to support diversity through sponsorships at the Women in CyberSecurity (WiCyS) and our diversity ticket program for OffensiveCon, co-created with Blue Frost in 2019.
Trail of Bits
Computer and Network Security
Brooklyn, New York 7,314 followers
Deepening the Science of Security
About us
Since 2012, Trail of Bits has been the premier place for security experts to boldly advance security and address technology’s newest and most challenging risks.
- Website
-
https://www.trailofbits.com
External link for Trail of Bits
- Industry
- Computer and Network Security
- Company size
- 51-200 employees
- Headquarters
- Brooklyn, New York
- Type
- Privately Held
- Founded
- 2012
- Specialties
- software security, reverse engineering, cryptography, blockchain, osquery, machine learning, binary analysis, blockchain, and Application Security
Locations
-
Primary
497 Carroll St
Brooklyn, New York 11215, US
Employees at Trail of Bits
Updates
-
The Application Security Weekly Productions podcast highlighted it… our "Quantum is Unimportant to Post-Quantum" blog begs the question: what is the AppSec equivalent? What measures has AppSec taken to improve design references for developers?
A 2024 Appsec Report, Preparing for the AIxCC, Secure Design and Post-Quantum Crypto – ASW #291
-
Trail of Bits reposted this
Excited to be attending Summercon in Brooklyn, NY this weekend! Summercon is the longest-running hacker conference in the US and Trail of Bits has been a proud sponsor of the event for the last several years! Back in 2018, Trail of Bits donated $100,000 to support developing security researchers through the Summercon Foundation. You can read more about the grant here: https://lnkd.in/epBvgup2. Let me know if you will be attending this year and would like to learn more about opportunities at Trail of Bits or just want to chat about all things security! https://lnkd.in/eW2MmsgG
Summercon 2024
eventbrite.com
-
🌟 Join us for a Burp Suite Webinar! 🌟 Featuring: Maciej Domanski, Shaun Mirani, Cliff Smith W/ special guest, James Kettle, Director of Research at PortSwigger 📅 July 31st @ 12 PM EST Why Use Burp Suite? Burp Suite is a leading tool for web application security testing. It helps security professionals: * Identify vulnerabilities in web applications * Perform automated and manual security testing * Integrate security testing into CI/CD pipelines * Enhance productivity with a suite of powerful tools like Scanner, Repeater, and Intruder What You'll Learn: * Web research techniques using Burp Suite * Optimizing your setup * Effectively using Burp tools in various scenarios * The future of Burp with BChecks and other less known features * Comparing dynamic and static analysis approaches based on real-world examples Register Now: https://buff.ly/3WpODVu Can’t make the live session? Register anyway, and we’ll send you a recording of the webinar.
Mastering Web Research with Burp Suite
trailofbits.registration.goldcast.io
-
Trail of Bits reposted this
This is exactly what Trail of Bits does and it’s really cool! Don’t know any other company that would have let me do the Ai security work I love while letting me be in Japan.
Recruiters, HMs, and people leaders of remote-friendly companies: instead of limiting your candidate pool to people who live in particular time zones, put the expected working hours in your job posting and let candidates decide if they are comfortable working them. Just like other job details, validate alignment with the expectations in every call/interview and you’ll end up making decisions that all parties are happy with.
-
We are now a member of the Post-Quantum Cryptography Alliance (PQCA), founded by the The Linux Foundation . The PQCA and its members are at the forefront of advancing post-quantum cryptography. The alliance is focused on finding and creating production-ready libraries and packages to tackle the security challenges posed by quantum computing. It implements standardized algorithms and supports the development of new post-quantum algorithms to create reliable software for evaluation and prototyping. Here at Trail of Bits, our cryptography team has developed many PQC resources; here are a couple of our favorites: -Two newly open-sourced LMS libraries: https://buff.ly/3xUvH7E -Quantum is unimportant to post-quantum: https://buff.ly/3zqqQvI 🌟 Beyond our research efforts, we're conducting *security reviews* and *custom engineering* for organizations transitioning to post-quantum. 🌟 However, adopting PQC internally is not simple. If you're not sure where to start, we recommend signing up for a free office hours session with our cryptography team. For one hour, you will have access to our cryptographers to ask questions about best practices, implementations, and even tips on how to get started. https://buff.ly/3VtpXLT
Announcing two new LMS libraries
http://blog.trailofbits.com
-
Trail of Bits reposted this
If you’re either attending or watching today’s Hackers On Planet Earth (HOPE) conference, you won’t want to miss my colleague Suha S. Hussain’s talk on Incubated ML Exploits at 4 p.m. Eastern 😉 https://lnkd.in/eA2phAEh
Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs HOPE XV
schedule.hope.net
-
Researchers have raised red flags about AES-GCM's weaknesses for nearly two decades. But it's still only one of two cipher modes used by TLS 1.3....what if there was a better way? Introducing AES-GEM (Galois Extended Mode), a new block cipher mode that enhances the security of GCM across all dimensions with minimal performance overhead. Key benefits of AES-GEM include: -> Extended nonce lengths for better security against nonce reuse. -> Improved subkey derivation methods for enhanced security. -> Support for longer messages without increased risk. -> Stronger authentication security to mitigate known vulnerabilities. ❗ Although AES-GEM is not ready for production use, our research shows its potential to significantly improve cryptographic security. Discover more about AES-GEM in our latest blog:
Announcing AES-GEM (AES with Galois Extended Mode)
http://blog.trailofbits.com
-
We have been named a leader in The Forrester Wave™: Cybersecurity Consulting Services, Q2 2024! 🎉 We believe we emerged as a leader for our innovative strategies, client-centric solutions, and commitment to open-source excellence. Read our blog: https://buff.ly/3WkdYjR
Trail of Bits named a leader in cybersecurity consulting services
http://blog.trailofbits.com
-
The hack behind your "sold out" ticket: we confirmed that scalpers reverse-engineered Ticketmaster's rotating barcodes to transfer their "untransferable" tickets. More from 404 Media: https://t.co/OfZSLsjET2
Scalpers Work With Hackers to Liberate Ticketmaster's ‘Non-Transferable’ Tickets
404media.co