Claude Skills for Cybersecurity
Trail of Bits가 제공하는 Claude Skills는 AI 기반 보안 분석, 테스트, 개발 워크플로우를 지원하는 Claude Code 플러그인 마켓플레이스입니다. 스마트 계약 보안, 코드 감사, 악성코드 분석, 검증, 리버스 엔지니어링, 모바일 보안 등 다양한 보안 도메인에 특화된 플러그인들을 포함하며, 개발자가 AI를 활용해 보안 취약점 탐지와 감사 작업을 효율적으로 수행할 수 있도록 돕습니다. 오픈소스 형태로 제공되어 로컬 개발 및 확장도 가능하며, 보안 연구와 자동화에 즉시 적용할 수 있는 실용적 도구입니다.
https://github.com/trailofbits/skills
#aisecurity #pluginmarketplace #claude #trailofbits #codeauditing
Today we proudly share the results of our security audit of LibVLC. With auditing by @trailofbits
and funding provided by the @sovtechfund, LibVLC received scoped security work, custom tools and fixes, and documentation for future security development.
Read more about the work performed on the open source core engine and foundation of VLC media player on our blog: https://ostif.org/libvlc-audit-complete/
source: 404media.co/a-secure-chat-apps…
The #Swisscows CEO confirmed a “technically possible but artificially constructed scenario.” Trail of Bits, for its part, refers to a “misrepresentation” of the #exploit by Swisscows: “The core problem is that Teleguard’s server has all the information needed to decrypt every user’s private key and read every message,” said #DanGuido, co-founder and CEO of #TrailOfBits .#teleguard #chat #messenger #security #encryption #hack #hacker #software #fail #omg #wtf #news #meme #bug #internet #spy #attack #end2end #rsa
Dan Guido (@dguido)
Trail of Bits의 보안 감사(skills)를 활용해 Anthropic의 Claude에게 버그 헌터 역할을 가르치려는 시도에 대한 언급. 보안 감사 지식을 Claude에 접목해 취약점 탐지·버그 헌팅에 특화된 모델 활용 사례를 제안하는 내용.
Trail of Bits discovered and disclosed two vulnerabilities in the widely used elliptic JavaScript library that could allow signature forgery or prevent valid signature verification, with one vulnerability still unfixed after the 90-day disclosure window.
We found cryptography bugs in the elliptic library using Wycheproof
#HackerNews #cryptography #bugs #elliptic #library #Wycheproof #cybersecurity #TrailofBits
Trail of Bits discovered and disclosed two vulnerabilities in the widely used elliptic JavaScript library that could allow signature forgery or prevent valid signature verification, with one vulnerability still unfixed after the 90-day disclosure window.
FHE.org would like to thank Trail of Bits for their continued sponsorship this year (and last!) of the FHE.org 2026 conference.
Sponsorships like Trail of Bits' make it possible to provide a high quality conference with great speakers and to waive registration fees for all students.
Find out more information about Trail of Bits at https://trailofbits.com.
Don't forget to RSVP for your ticket to the FHE.org 2026 conference in Taipei, Taiwan March 8th!
huh #trailofbits did an audit of #simplex - only the "protocol spec" https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SimpleX_Design_Review_2024_Summary_Report_12_08_2024.pdf
quite limited scope. and last time i looked at the spec i lost my appetite, but apparently there have been updates, like addition of sntrup pq kem. so maybe this has improved? still wouldn't use it the supply chain attack surface is begging for a "soon" not an "if". and the global transcript of group chats was out of scope in this audit. so, meh?
A deep dive into Linux’s new mseal syscall
https://blog.trailofbits.com/2024/10/25/a-deep-dive-into-linuxs-new-mseal-syscall/
If you love exploit mitigations, you may have heard of a new system call named mseal landing into the Linux kernel’s 6.10 release, providing a protection called “memory sealing.” Beyond notes from the authors, very little information about this mitigation exists. In this blog post, we’ll explain what this syscall is, including […]
sayzard
OSTIF
Script Kiddie
N-gated Hacker News
Hacker News
FHE.org
stf
Blue DeviL // SCT