Presentation Title | Author(s) | Year |
---|---|---|
Seriously, stop using RSA | Ben Perez | 2019 |
Best Practices for Cryptography in Python | Paul Kehrer | 2019 |
Analyzing the MD5 collision in Flame | Alex Sotirov | 2012 |
Presentation Title | Author(s) | Year |
---|---|---|
Improving PyPI's security with Two Factor Authentication | William Woodruff | 2019 |
Linux Security Event Monitoring with osquery | Alessandro Gario | 2019 |
osql: The community oriented osquery fork | Stefano Bonicatti, Mark Mossberg | 2019 |
Getting started with osquery | Lauren Pearl, Andy Ying | 2018 |
osquery Super Features | Lauren Pearl | 2018 |
osquery Extension Skunkworks | Mike Myers | 2018 |
Build it Break it Fix it | Andrew Ruef | 2014 |
Presentation Title | Author(s) | Year |
---|---|---|
The Joy of Pwning | Sophia D'Antoine | 2017 |
How to CTF - Getting and using Other People's Computers (OPC) | Jay Little | 2014 |
Low-level Security | Andrew Ruef | 2014 |
Security and Your Business | Andrew Ruef | 2014 |
Bringing nothing to the party | Vincenzo Iozzo | 2013 |
From One Ivory Tower to Another | Vincenzo Iozzo | 2012 |
Presentation Title | Author(s) | Year |
---|---|---|
Return to the 100 Acre Woods | Stefan Edwards | 2019 |
Swimming with the kubectl fish | Stefan Edwards | 2019 |
Presentation Title | Author(s) | Year |
---|---|---|
PrivacyRaven: Comprehensive Privacy Testing for Deep Learning | Suha Hussain | 2020 |
Presentation Title | Author(s) | Year |
---|---|---|
Swift Reversing | Ryan Stortz | 2016 |
Modern iOS Application Security | Sophia D'Antoine, Dan Guido | 2016 |
The Mobile Exploit Intelligence Project | Dan Guido | 2012 |
A Tale of Mobile Threats | Vincenzo Iozzo | 2012 |
Presentation Title | Author(s) | Year |
---|---|---|
Python internals - let's talk about dicts | Dominik Czarnota | 2019 |
Low-level debugging with Pwndbg | Dominik Czarnota | 2018 |
Insecure Things to Avoid in Python | Dominik Czarnota | 2018 |
Presentation Title | Author(s) | Year |
---|---|---|
Hardware side channels in virtualized environments | Sophia D'Antoine | 2015 |
Exploiting Out-of-Order Execution | Sophia D'Antoine | 2015 |
Presentation Title | Author(s) | Year |
---|---|---|
The Exploit Intelligence Project Revisited | Dan Guido | 2013 |
Dataset | Date |
---|---|
Smart Contract Audit Findings | Aug 2019 |
Podcast | Guest | Date | Topic(s) |
---|---|---|---|
WCBS 880 | Dan Guido | Sep 2020 | Gap years and intern hiring |
Risky Business 594 | Dan Guido | Aug 2020 | Apple security |
Epicenter 346 | Dan Guido | Jun 2020 | Smart contract security |
Absolute AppSec 97 | Stefan Edwards | May 2020 | Threat modeling |
Unchained 170 | Dan Guido | May 2020 | DeFi security |
Risky Business 580 | Dan Guido | Apr 2020 | Mobile voting |
Absolute AppSec 91 | Stefan Edwards | Apr 2020 | Mobile voting |
Zero Knowledge 122 | Ben Perez | Mar 2020 | Cryptography reviews, ZKPs |
Changelog | Dan Guido | Jan 2020 | AlgoVPN |
Risky Business 559 | Stefan Edwards | Oct 2019 | Kubernetes |
FOSS Weekly 545 | William Woodruff | Sep 2019 | PyPI security improvements |
Podcast.__init__ 225 |
William Woodruff | Aug 2019 | PyPI security, UX, and sustainability |
Absolute AppSec 68 | Stefan Edwards, Bobby Tonic | Aug 2019 | Kubernetes |
Hashing it Out 53 | Dan Guido | Jul 2019 | Smart contract testing |
Absolute AppSec 60 | Stefan Edwards | May 2019 | Android, programming languages |
Absolute AppSec 55 | Stefan Edwards | Apr 2019 | Security testing |
Hashing it Out 35 | Dan Guido, Josselin Feist | Jan 2019 | Ethereum's failed EIP-1283 |
Risky Business | JP Smith | Jan 2019 | Post-quantum crypto in CTFs |
Absolute AppSec 37 | Stefan Edwards | Nov 2018 | Programming languages, symbex |
Risky Business 510 | Lauren Pearl | Aug 2018 | Open source security engineering |
Absolute AppSec 34 | Stefan Edwards | Oct 2018 | Security testing, blockchain |
Zero Knowledge 16 | JP Smith | Mar 2018 | Smart contract security |
Risky Business 488 | JP Smith | Feb 2018 | Smart contract testing w/ Manticore |
Risky Business 474 | Dan Guido | Oct 2017 | How to engineer secure software |
Georgian Partners 47 | Dan Guido | May 2017 | AlgoVPN and Tor |
VUC 643 | Dan Guido | Apr 2017 | AlgoVPN |
Risky Business 449 | Dan Guido | Mar 2017 | Control Flow Integrity |
Risky Business 425 | Dan Guido | Sep 2016 | Recap the week's news |
Risky Business 421 | Dan Guido | Aug 2016 | Car hacking and the week's news |
Risky Business 416 | Dan Guido | Jul 2016 | DARPA Cyber Grand Challenge |
Risky Business 399 | Dan Guido | Feb 2016 | Apple vs the FBI |
Risky Business 370 | Dan Guido | Feb 2015 | DARPA Cyber Grand Challenge |
Risky Business 348 | Dan Guido | Jun 2015 | DARPA Cyber Grand Challenge |
Companies that have allowed us to speak about our work can be found here. Many more remain confidential.
Product | Review Date | Level of Effort | Deliverables | Announcement |
---|---|---|---|---|
SecureDrop | Dec 2020 | 8 person-weeks | ||
Citizen Browser | Dec 2020 | 3 person-days | How We Built a Facebook Inspector | |
Azure Sphere | Jun 2020 | 12 person-weeks | Azure Sphere 20.07 Security Enhancements | |
Zoom | May 2020 | 9 person-weeks | 90 Days Done, What’s Next for Zoom | |
Secure Transport | Apr 2020 | 4 person-weeks | ||
ZeroTier 2.0 | Mar 2020 | 2 person-weeks | Security Review | ZeroTier |
Standard Notes | Mar 2020 | 1 person-week | Security Review | Standard Notes Completes Crypto Audit |
Voatz | Feb 2020 | 12 person-weeks | Security Review, Threat Model | Voatz, Tusk |
Voice | Jan 2020 | 4 person-weeks | ||
Sweet B | Jan 2020 | 4 person-weeks | Security Review | Western Digital |
Azure Sphere | Jun 2019 | 12 person-weeks | ||
SanDisk X600 | May 2019 | 6 person-weeks | Security Review | Multiple vulnerabilities in SanDisk X600 |
Project Callisto | Aug 2018 | 5 person-weeks | ||
zlib | Sep 2016 | 1 person-week | Security Review |
Product | Review Date | Level of Effort | Deliverables | Announcement |
---|---|---|---|---|
Consul | Oct 2020 | 10 person-weeks | ||
Nomad | Aug 2020 | 6 person-weeks | ||
Helm | Aug 2020 | 4 person-weeks | ||
Terraform | Mar 2020 | 6 person-weeks | ||
OPA | Mar 2020 | 2 person-weeks | ||
Vault | Feb 2020 | 12 person-weeks | ||
etcd | Jan 2020 | 4 person-weeks | Security Review | CNCF |
Rook | Dec 2019 | 2 person-weeks | Security Review | CNCF |
Kubernetes | May 2019 | 12 person-weeks | Security Review, Threat Model, Whitepaper | Google, CNCF |
Workshop Title | Venue | Date |
---|---|---|
Smart Contract Security Automation Workshop | TruffleCon 2019 | Oct 2019 |
Manticore EVM Workshop | Devcon4 2018 | Nov 2018 |
Introduction to Smart Contract Exploitation | GreHack 2018 | Nov 2018 |
DeepState: Bringing Vulnerability Detection Tools into the Dev Cycle | SecDev 2018 | Oct 2018 |
Smart Contract Security Automation Workshop | TruffleCon 2018 | Oct 2018 |
Smart Contract Security Automation Workshop | ETH Berlin 2018 | Sep 2018 |
Manticore EVM Workshop | EthCC 2018 | Mar 2018 |
Manticore Workshop | GreHack 2017 | Oct 2017 |