2025 · Automated bug finding and exploitation
Buttercup: Autonomously Finding and Fixing Bugs at Scale in Open-Source Software
Ronald Eytchison
Talks & Presentations
Conference talks & presentations
Trail of Bits researchers and engineers present at security conferences, academic venues, and community workshops worldwide. This archive collects 132 talks given since 2012, spanning 13 topics — from automated bug finding to blockchain, cryptography, and software supply chain. Flip through the slides right here.
At a glance
Talks
132
Speakers
69
Topics
13
Years
2012–2026
Topics we cover
BlockchainAutomated bug finding and exploitationSupply chainMachine LearningCryptographyEducationEngineeringCompilersMobile securityProgrammingInfrastructureSide channelsThreat analysis & malware
Featured
2026 · Machine Learning · AI/ML
How we made Trail of Bits AI-Native (so far)
- Dan Guido
Machine Learning AI/ML
Recent
View All2025 · Automated bug finding and exploitation
Buttercup: The Future of Trail of Bits' Solution to DARPA's AI Cyber Challenge
Trent Brunson
2025 · Automated bug finding and exploitation
Buttercup and DARPA's AI Cyber Challenge, Ringzer0
Henrik Brodin, Ronald Eytchison
2025 · Automated bug finding and exploitation
Our experience competing in the AI Cyber Challenge
Michael Brown et al.
2025 · Blockchain
Mutation Testing with Slither: A New Way to Find High-Severity Issues
Guillermo Larregay
2025 · Blockchain
Slither's Model Context Protocol: Giving LLMs Ground Truth from Static Analysis
Ben Samuels
All Talks
- Buttercup: Autonomously Finding and Fixing Bugs at Scale in Open-Source Software
2025 · Automated bug finding and exploitation · Blockchain
Ronald Eytchison
Slides - Buttercup: The Future of Trail of Bits' Solution to DARPA's AI Cyber Challenge
2025 · Automated bug finding and exploitation · Systems
Trent Brunson
Slides - Buttercup and DARPA's AI Cyber Challenge, Ringzer0
2025 · Automated bug finding and exploitation · Systems
Henrik Brodin, Ronald Eytchison
Slides - Our experience competing in the AI Cyber Challenge
2025 · Automated bug finding and exploitation · Systems
Michael Brown et al.
Slides - Mutation Testing with Slither: A New Way to Find High-Severity Issues
2025 · Blockchain · Blockchain
Guillermo Larregay
Slides - Slither's Model Context Protocol: Giving LLMs Ground Truth from Static Analysis
2025 · Blockchain · Blockchain
Ben Samuels
Slides - The $1.5B Problem: How Exchanges Can Build Safer Cold Storage
2025 · Blockchain · Blockchain
Benjamin Samuels
Slides - Cut To The QUIC: Slashing QUIC's Performance With A Hash DoS
2025 · Cryptography · Crypto
Paul Bottinelli
Slides - One, Two, TEE: Trust in Numbers Meets Hardware Security
2025 · Cryptography · Crypto
Paul Bottinelli
Slides - Repeatable Benchmarking: An Exploration of OpenSearch vs Elasticsearch
2025 · Engineering · Systems
Evan Downing
Slides - Weaponizing Image Scaling Against Production AI Systems
2025 · Machine Learning · AI/ML
Kikimora Morozova, Suha Sabi Hussain
Slides - Indirect Prompt Injection: Architectural Testing Approaches for Real World AI/ML Systems
2025 · Machine Learning · AI/ML
Will Vandevanter
Slides - From Polyglots to Prompt Injections: Parsing is Still Execution (And Your LLM Didn't Get the Memo)
2025 · Machine Learning · AI/ML
Evan Sultanik
Slides - Frontier AI in Cybersecurity: Risks and Opportunities
2025 · Machine Learning · AI/ML
Dan Guido, Riccardo Schirone
Slides - Attestations: a new generation of signatures on PyPI
2025 · Supply chain · Supply Chain
William Woodruff
Slides - Buttercup and DARPA's AI Cyber Challenge, CSAW
2024 · Automated bug finding and exploitation · Systems
Ronald Eytchison
Slides - A Broad Comparative Evaluation of Software Debloating Tools
2024 · Compilers · Systems
Michael D. Brown, Adam Meily, Eric Kilmer, Ronald Eytchison
Slides - Repurposing LLVM analyses in MLIR: Also there and back again across the tower of IRs
2024 · Compilers · Systems
Henrich Lauko
Slides - Building a Rusty path validation library for PyCA Cryptography
2024 · Cryptography · Crypto
William Woodruff
Slides - Introduction to Semgrep
2024 · Education · Systems
Maciej Domański, Matt Schwager, Spencer Michaels
Slides - Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs
2024 · Machine Learning · AI/ML
Suha Sabi Hussain
Slides - The Next 5 Years of Supply Chain Security on PyPI
2024 · Supply chain · Supply Chain
William Woodruff
Slides - PEP 740 and PyPI: Bootstrapping Provenance for the Python Ecosystem
2024 · Supply chain · Supply Chain
William Woodruff
Slides - Build Provenance: Lessons (so far) from Homebrew
2024 · Supply chain · Supply Chain
Joe Sweeney
Slides - Your Mitigations are My Opportunities
2023 · Automated bug finding and exploitation · Systems
Yarden Shafir
Slides - Detecting variability bugs with hybrid control and data flow
2023 · Automated bug finding and exploitation · Systems
Kelly Kaoudis, Henrik Brodin, Evan Sultanik
Slides - Blind Spots: Identifying Exploitable Program Inputs
2023 · Automated bug finding and exploitation · Systems
Henrik Brodin, Evan Sultanik, and Marek Surovič
- MLIR is the future of program analysis
2023 · Automated bug finding and exploitation · Systems
Peter Goodman
Slides - Slither: a static analysis tool for Vyper and Solidity
2023 · Blockchain · Blockchain
Troy Sargent
Slides - Using Graph-Based Machine Learning Algorithms for Software Analysis
2023 · Machine Learning · AI/ML
Michael D. Brown
Slides - What does it look like to code-sign for an entire packaging ecosystem?
2023 · Supply chain · Supply Chain
William Woodruff
Slides - Securing your Package Ecosystem with Trusted Publishing
2023 · Supply chain · Supply Chain
William Woodruff
Slides - Ergonomic codesigning for the Python ecosystem with Sigstore
2023 · Supply chain · Supply Chain
William Woodruff
Slides - Write better smart contracts with Slither's Python API
2022 · Blockchain · Blockchain
Troy Sargent
Slides - A Broad Comparative Evaluation of x86-64 Binary Rewriters
2022 · Compilers · Systems
Michael D. Brown
Slides - On the Optimization of Equivalent Concurrent Computations
2022 · Compilers · Systems
Henrich Lauko, Lukáš Korenčik, Peter Goodman
Slides - Sigstore for Python Packaging: Next Steps for Adoption
2022 · Supply chain · Supply Chain
William Woodruff
Slides - Automated Tools for Securing the Software Supply Chain
2022 · Supply chain · Supply Chain
Michael D. Brown
Slides - A Sermon on the Indulgences of Computational Sacrifice; or, The Superabundant Benedictions of Programming an Absurd NES Game
2021 · Automated bug finding and exploitation · Systems
Evan Sultanik
Video - Differential analysis of x86-64 instruction decoders
2021 · Automated bug finding and exploitation · Systems
William Woodruff, Niki Carroll, Sebastiaan Peters
Slides - Building a Practical Static Analyzer for Smart Contracts
2021 · Blockchain · Blockchain
Josselin Feist
Slides - Testing and Verifying Smart Contracts: From Theory to Practice
2021 · Blockchain · Blockchain
Josselin Feist
Slides - Exploiting Machine Learning Pickle Files
2021 · Machine Learning · AI/ML
Carson Harmon, Evan Sultanik, Jim Miller, Suha Sabi Hussain
Slides - How to find bugs when (ground) truth isn't real
2020 · Automated bug finding and exploitation · Systems
William Woodruff
Slides - Toward Automated Grammar Extraction via Semantic Labeling of Parser Implementations
2020 · Automated bug finding and exploitation · Systems
Carson Harmon, Brad Larsen, Evan Sultanik
Slides - Detecting transaction replacement attacks with Manticore
2020 · Blockchain · Blockchain
Sam Moelius
Slides - DeFi Hacks and Future Threats: The Role of Economics in Secure Protocol Design
2020 · Blockchain · Blockchain
Dan Guido
Slides - PrivacyRaven: Comprehensive Privacy Testing for Deep Learning
2020 · Machine Learning · AI/ML
Suha Sabi Hussain
Slides - The Treachery of Files and Two New Tools that Tame It
2019 · Automated bug finding and exploitation · Systems
Evan Sultanik
Slides - Symbolically Executing a Fuzzy Tyrant
2019 · Automated bug finding and exploitation · Systems
Stefan Edwards
Slides - Kernel space fault injection with KRF
2019 · Automated bug finding and exploitation · Systems
William Woodruff
Slides - Binary Symbolic Execution With KLEE-Native
2019 · Automated bug finding and exploitation · Systems
Sai Vegasena
Slides - Going sicko mode on the Linux Kernel
2019 · Automated bug finding and exploitation · Systems
William Woodruff
Slides - Fantastic Bugs and How to Squash Them; or, the Crimes of Solidity
2019 · Blockchain · Blockchain
Evan Sultanik
Slides - SlithIR: High-Precision Security Analysis with an IR for Solidity
2019 · Blockchain · Blockchain
Josselin Feist
Slides - Slither: A Static Analysis Framework for Smart Contracts
2019 · Blockchain · Blockchain
Josselin Feist
Slides - osql: The community oriented osquery fork
2019 · Engineering · Systems
Stefano Bonicatti, Mark Mossberg
Slides - Improving PyPI's security with Two Factor Authentication
2019 · Supply chain · Supply Chain
William Woodruff
Slides - Peeling back the 'Shlayers' of macOS Malware
2019 · Threat analysis & malware · Systems
Josh Watson, Erika Noerenberg
Slides - Vulnerability Modeling with Binary Ninja
2018 · Automated bug finding and exploitation · Systems
Josh Watson
Slides - Blockchain Autopsies - Analyzing Smart Contract Deaths
2018 · Blockchain · Blockchain
Jay Little
Slides - Rattle - an Ethereum EVM binary analysis framework
2018 · Blockchain · Blockchain
Ryan Stortz
Slides - File Polyglottery; or, This PoC is also a picture of cats
2017 · Automated bug finding and exploitation · Systems
Evan Sultanik
Slides - Symbolic Execution for Humans
2017 · Automated bug finding and exploitation · Systems
Mark Mossberg
Slides - The spirit of the 90s is still alive in Brooklyn
2017 · Automated bug finding and exploitation · Systems
Ryan Stortz, Sophia D'Antoine
Slides - Automatic bug finding for the blockchain
2017 · Blockchain · Blockchain
Felipe Manzano, Josselin Feist
Slides - The dream of a static and dynamic analysis shootout
2016 · Automated bug finding and exploitation · Systems
Ryan Stortz
Slides - Binary constraint solving for automatic exploit generation
2016 · Automated bug finding and exploitation · Systems
Sophia D'Antoine
Slides - The Smart Fuzzer Revolution
2016 · Automated bug finding and exploitation · Systems
Dan Guido
Slides - Making a scaleable automated hacking system
2016 · Automated bug finding and exploitation · Systems
Artem Dinaburg
Slides - Cyberdyne - Automatic bug-finding at scale
2016 · Automated bug finding and exploitation · Systems
Peter Goodman
Slides - Hardware side channels in virtualized environments
2015 · Side channels · Systems
Sophia D'Antoine
Slides - McSema: Static translation of x86 to LLVM IR
2014 · Automated bug finding and exploitation · Systems
Andrew Ruef, Artem Dinaburg
Slides - How to CTF - Getting and using Other People's Computers (OPC)
2014 · Education · Systems
Jay Little
Slides - The Exploit Intelligence Project Revisited
2013 · Threat analysis & malware · Systems
Dan Guido
Slides
| Year | Title | Speaker(s) | Topic | Domain | Link |
|---|---|---|---|---|---|
| 2026 | How we made Trail of Bits AI-Native (so far) | Dan Guido | Machine Learning | AI/ML | Slides |
| 2025 | Buttercup: Autonomously Finding and Fixing Bugs at Scale in Open-Source Software | Ronald Eytchison | Automated bug finding and exploitation | Blockchain | Slides |
| 2025 | Buttercup: The Future of Trail of Bits' Solution to DARPA's AI Cyber Challenge | Trent Brunson | Automated bug finding and exploitation | Systems | Slides |
| 2025 | Buttercup and DARPA's AI Cyber Challenge, Ringzer0 | Henrik Brodin, Ronald Eytchison | Automated bug finding and exploitation | Systems | Slides |
| 2025 | Our experience competing in the AI Cyber Challenge | Michael Brown et al. | Automated bug finding and exploitation | Systems | Slides |
| 2025 | Mutation Testing with Slither: A New Way to Find High-Severity Issues | Guillermo Larregay | Blockchain | Blockchain | Slides |
| 2025 | Slither's Model Context Protocol: Giving LLMs Ground Truth from Static Analysis | Ben Samuels | Blockchain | Blockchain | Slides |
| 2025 | The $1.5B Problem: How Exchanges Can Build Safer Cold Storage | Benjamin Samuels | Blockchain | Blockchain | Slides |
| 2025 | How to Become a Smart Contract Auditor | nisedo | Blockchain | Blockchain | Slides |
| 2025 | Constant-Time Coding Support in LLVM | Julius Alexandre | Compilers | Systems | Slides |
| 2025 | Cut To The QUIC: Slashing QUIC's Performance With A Hash DoS | Paul Bottinelli | Cryptography | Crypto | Slides |
| 2025 | One, Two, TEE: Trust in Numbers Meets Hardware Security | Paul Bottinelli | Cryptography | Crypto | Slides |
| 2025 | Repeatable Benchmarking: An Exploration of OpenSearch vs Elasticsearch | Evan Downing | Engineering | Systems | Slides |
| 2025 | Weaponizing Image Scaling Against Production AI Systems | Kikimora Morozova, Suha Sabi Hussain | Machine Learning | AI/ML | Slides |
| 2025 | Indirect Prompt Injection: Architectural Testing Approaches for Real World AI/ML Systems | Will Vandevanter | Machine Learning | AI/ML | Slides |
| 2025 | From Polyglots to Prompt Injections: Parsing is Still Execution (And Your LLM Didn't Get the Memo) | Evan Sultanik | Machine Learning | AI/ML | Slides |
| 2025 | Frontier AI in Cybersecurity: Risks and Opportunities | Dan Guido, Riccardo Schirone | Machine Learning | AI/ML | Slides |
| 2025 | macOS Privilege Escalation Via Traceroute6 | Paweł Płatek | Mobile security | AppSec | Slides |
| 2025 | Attestations: a new generation of signatures on PyPI | William Woodruff | Supply chain | Supply Chain | Slides |
| 2024 | Buttercup and DARPA's AI Cyber Challenge, CSAW | Ronald Eytchison | Automated bug finding and exploitation | Systems | Slides |
| 2024 | A Broad Comparative Evaluation of Software Debloating Tools | Michael D. Brown, Adam Meily, Eric Kilmer, Ronald Eytchison | Compilers | Systems | Slides |
| 2024 | Repurposing LLVM analyses in MLIR: Also there and back again across the tower of IRs | Henrich Lauko | Compilers | Systems | Slides |
| 2024 | Weak Fiat-Shamir attacks on modern proof systems | Jim Miller | Cryptography | Crypto | Slides |
| 2024 | Building a Rusty path validation library for PyCA Cryptography | William Woodruff | Cryptography | Crypto | Slides |
| 2024 | Implementing X.509 path validation for Python | William Woodruff | Cryptography | Crypto | Slides |
| 2024 | Introduction to Semgrep | Maciej Domański, Matt Schwager, Spencer Michaels | Education | Systems | Slides |
| 2024 | The Present and Future of AI and Security | Evan Downing | Machine Learning | AI/ML | Slides |
| 2024 | Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs | Suha Sabi Hussain | Machine Learning | AI/ML | Slides |
| 2024 | Holistic ML Threat Models | Adelin Travers | Machine Learning | AI/ML | Slides |
| 2024 | The Next 5 Years of Supply Chain Security on PyPI | William Woodruff | Supply chain | Supply Chain | Slides |
| 2024 | PEP 740 and PyPI: Bootstrapping Provenance for the Python Ecosystem | William Woodruff | Supply chain | Supply Chain | Slides |
| 2024 | Imagining a zero-trust future for PyPI | William Woodruff | Supply chain | Supply Chain | Slides |
| 2024 | Build Provenance: Lessons (so far) from Homebrew | Joe Sweeney | Supply chain | Supply Chain | Slides |
| 2023 | Your Mitigations are My Opportunities | Yarden Shafir | Automated bug finding and exploitation | Systems | Slides |
| 2023 | Detecting variability bugs with hybrid control and data flow | Kelly Kaoudis, Henrik Brodin, Evan Sultanik | Automated bug finding and exploitation | Systems | Slides |
| 2023 | Blind Spots: Identifying Exploitable Program Inputs | Henrik Brodin, Evan Sultanik, and Marek Surovič | Automated bug finding and exploitation | Systems | — |
| 2023 | MLIR is the future of program analysis | Peter Goodman | Automated bug finding and exploitation | Systems | Slides |
| 2023 | Test your tests: the do's and don'ts of testing | Kurt Willis | Blockchain | Blockchain | Slides |
| 2023 | Slither: a static analysis tool for Vyper and Solidity | Troy Sargent | Blockchain | Blockchain | Slides |
| 2023 | Roundme: rounding analysis made simpler | Josselin Feist | Blockchain | Blockchain | Slides |
| 2023 | Smart Contracts: The Beta | Nat Chin | Blockchain | Blockchain | Slides |
| 2023 | Fuzzing like a security engineer | Nat Chin | Blockchain | Blockchain | Slides |
| 2023 | Careful with MAc-then-SIGn | Marc Ilunga | Cryptography | Crypto | Slides |
| 2023 | Using Graph-Based Machine Learning Algorithms for Software Analysis | Michael D. Brown | Machine Learning | AI/ML | Slides |
| 2023 | What does it look like to code-sign for an entire packaging ecosystem? | William Woodruff | Supply chain | Supply Chain | Slides |
| 2023 | Securing your Package Ecosystem with Trusted Publishing | William Woodruff | Supply chain | Supply Chain | Slides |
| 2023 | Trusted Publishing: Lessons from PyPI | William Woodruff | Supply chain | Supply Chain | Slides |
| 2023 | Ergonomic codesigning for the Python ecosystem with Sigstore | William Woodruff | Supply chain | Supply Chain | Slides |
| 2022 | Write better smart contracts with Slither's Python API | Troy Sargent | Blockchain | Blockchain | Slides |
| 2022 | Building Secure Cairo | Filipe Casal, Simone Monica | Blockchain | Blockchain | Slides |
| 2022 | How to fuzz like a pro | Josselin Feist, Nat Chin | Blockchain | Blockchain | Slides |
| 2022 | Demystifying Fuzzing | Nat Chin | Blockchain | Blockchain | Slides |
| 2022 | VAST: MLIR for program analysis of C/C++ | Henrich Lauko | Compilers | Systems | Slides |
| 2022 | A Broad Comparative Evaluation of x86-64 Binary Rewriters | Michael D. Brown | Compilers | Systems | Slides |
| 2022 | On the Optimization of Equivalent Concurrent Computations | Henrich Lauko, Lukáš Korenčik, Peter Goodman | Compilers | Systems | Slides |
| 2022 | die, PGP, die | William Woodruff | Cryptography | Crypto | Slides |
| 2022 | A mostly gentle introduction to LLVM | William Woodruff | Education | Systems | Slides |
| 2022 | Sigstore for Python Packaging: Next Steps for Adoption | William Woodruff | Supply chain | Supply Chain | Slides |
| 2022 | Python Packaging Mystery Meat | William Woodruff | Supply chain | Supply Chain | Slides |
| 2022 | Automated Tools for Securing the Software Supply Chain | Michael D. Brown | Supply chain | Supply Chain | Slides |
| 2021 | A Sermon on the Indulgences of Computational Sacrifice; or, The Superabundant Benedictions of Programming an Absurd NES Game | Evan Sultanik | Automated bug finding and exploitation | Systems | Video |
| 2021 | Differential analysis of x86-64 instruction decoders | William Woodruff, Niki Carroll, Sebastiaan Peters | Automated bug finding and exploitation | Systems | Slides |
| 2021 | Building a Practical Static Analyzer for Smart Contracts | Josselin Feist | Blockchain | Blockchain | Slides |
| 2021 | Testing and Verifying Smart Contracts: From Theory to Practice | Josselin Feist | Blockchain | Blockchain | Slides |
| 2021 | Safely integrating with ERC20 tokens | Josselin Feist | Blockchain | Blockchain | Slides |
| 2021 | JWTs, and why they suck | Rory M | Education | Systems | Slides |
| 2021 | Exploiting Machine Learning Pickle Files | Carson Harmon, Evan Sultanik, Jim Miller, Suha Sabi Hussain | Machine Learning | AI/ML | Slides |
| 2020 | How to find bugs when (ground) truth isn't real | William Woodruff | Automated bug finding and exploitation | Systems | Slides |
| 2020 | Toward Automated Grammar Extraction via Semantic Labeling of Parser Implementations | Carson Harmon, Brad Larsen, Evan Sultanik | Automated bug finding and exploitation | Systems | Slides |
| 2020 | Detecting transaction replacement attacks with Manticore | Sam Moelius | Blockchain | Blockchain | Slides |
| 2020 | DeFi Hacks and Future Threats: The Role of Economics in Secure Protocol Design | Dan Guido | Blockchain | Blockchain | Slides |
| 2020 | PrivacyRaven: Comprehensive Privacy Testing for Deep Learning | Suha Sabi Hussain | Machine Learning | AI/ML | Slides |
| 2019 | The Treachery of Files and Two New Tools that Tame It | Evan Sultanik | Automated bug finding and exploitation | Systems | Slides |
| 2019 | Symbolically Executing a Fuzzy Tyrant | Stefan Edwards | Automated bug finding and exploitation | Systems | Slides |
| 2019 | Kernel space fault injection with KRF | William Woodruff | Automated bug finding and exploitation | Systems | Slides |
| 2019 | Binary Symbolic Execution With KLEE-Native | Sai Vegasena | Automated bug finding and exploitation | Systems | Slides |
| 2019 | Going sicko mode on the Linux Kernel | William Woodruff | Automated bug finding and exploitation | Systems | Slides |
| 2019 | Fantastic Bugs and How to Squash Them; or, the Crimes of Solidity | Evan Sultanik | Blockchain | Blockchain | Slides |
| 2019 | SlithIR: High-Precision Security Analysis with an IR for Solidity | Josselin Feist | Blockchain | Blockchain | Slides |
| 2019 | Slither: A Static Analysis Framework for Smart Contracts | Josselin Feist | Blockchain | Blockchain | Slides |
| 2019 | What blockchain got right | Dan Guido | Blockchain | Blockchain | Slides |
| 2019 | Traditional Infosec for Blockchain Firms | Dan Guido | Blockchain | Blockchain | Slides |
| 2019 | Seriously, stop using RSA | Ben Perez | Cryptography | Crypto | Slides |
| 2019 | Best Practices for Cryptography in Python | Paul Kehrer | Cryptography | Crypto | Slides |
| 2019 | Evidence-driven Security Engineering | Dan Guido | Engineering | Systems | Slides |
| 2019 | Linux Security Event Monitoring with osquery | Alessandro Gario | Engineering | Systems | Slides |
| 2019 | osql: The community oriented osquery fork | Stefano Bonicatti, Mark Mossberg | Engineering | Systems | Slides |
| 2019 | Return to the 100 Acre Woods | Stefan Edwards | Infrastructure | Systems | Slides |
| 2019 | Swimming with the kubectl fish | Stefan Edwards | Infrastructure | Systems | Slides |
| 2019 | Python internals - let's talk about dicts | Dominik Czarnota | Programming | Systems | Slides |
| 2019 | Improving PyPI's security with Two Factor Authentication | William Woodruff | Supply chain | Supply Chain | Slides |
| 2019 | Peeling back the 'Shlayers' of macOS Malware | Josh Watson, Erika Noerenberg | Threat analysis & malware | Systems | Slides |
| 2018 | Vulnerability Modeling with Binary Ninja | Josh Watson | Automated bug finding and exploitation | Systems | Slides |
| 2018 | Property-testing of smart contracts | JP Smith | Blockchain | Blockchain | Slides |
| 2018 | Anatomy of an unsafe programming language | Evan Sultanik | Blockchain | Blockchain | Slides |
| 2018 | Contract upgrade risks and recommendations | Josselin Feist | Blockchain | Blockchain | Slides |
| 2018 | Blackhat Ethereum | Ryan Stortz, Jay Little | Blockchain | Blockchain | Slides |
| 2018 | Blockchain Autopsies - Analyzing Smart Contract Deaths | Jay Little | Blockchain | Blockchain | Slides |
| 2018 | Rattle - an Ethereum EVM binary analysis framework | Ryan Stortz | Blockchain | Blockchain | Slides |
| 2018 | Securing value on the Ethereum blockchain | Dan Guido | Blockchain | Blockchain | Slides |
| 2018 | Binary analysis, meet the blockchain | Mark Mossberg | Blockchain | Blockchain | Slides |
| 2018 | Getting started with osquery | Lauren Pearl, Andy Ying | Engineering | Systems | Slides |
| 2018 | osquery Super Features | Lauren Pearl | Engineering | Systems | Slides |
| 2018 | osquery Extension Skunkworks | Mike Myers | Engineering | Systems | Slides |
| 2018 | Low-level debugging with Pwndbg | Dominik Czarnota | Programming | Systems | Slides |
| 2018 | Insecure Things to Avoid in Python | Dominik Czarnota | Programming | Systems | Slides |
| 2017 | File Polyglottery; or, This PoC is also a picture of cats | Evan Sultanik | Automated bug finding and exploitation | Systems | Slides |
| 2017 | Be a binary rockstar | Sophia D'Antoine | Automated bug finding and exploitation | Systems | Video |
| 2017 | Symbolic Execution for Humans | Mark Mossberg | Automated bug finding and exploitation | Systems | Slides |
| 2017 | The spirit of the 90s is still alive in Brooklyn | Ryan Stortz, Sophia D'Antoine | Automated bug finding and exploitation | Systems | Slides |
| 2017 | Automatic bug finding for the blockchain | Felipe Manzano, Josselin Feist | Blockchain | Blockchain | Slides |
| 2017 | The Joy of Pwning | Sophia D'Antoine | Education | Systems | Slides |
| 2016 | The dream of a static and dynamic analysis shootout | Ryan Stortz | Automated bug finding and exploitation | Systems | Slides |
| 2016 | Binary constraint solving for automatic exploit generation | Sophia D'Antoine | Automated bug finding and exploitation | Systems | Slides |
| 2016 | The Smart Fuzzer Revolution | Dan Guido | Automated bug finding and exploitation | Systems | Slides |
| 2016 | Making a scaleable automated hacking system | Artem Dinaburg | Automated bug finding and exploitation | Systems | Slides |
| 2016 | Cyberdyne - Automatic bug-finding at scale | Peter Goodman | Automated bug finding and exploitation | Systems | Slides |
| 2016 | Swift Reversing | Ryan Stortz | Mobile security | AppSec | Slides |
| 2016 | Modern iOS Application Security | Sophia D'Antoine, Dan Guido | Mobile security | AppSec | Slides |
| 2015 | Hardware side channels in virtualized environments | Sophia D'Antoine | Side channels | Systems | Slides |
| 2015 | Exploiting Out-of-Order Execution | Sophia D'Antoine | Side channels | Systems | Slides |
| 2014 | McSema: Static translation of x86 to LLVM IR | Andrew Ruef, Artem Dinaburg | Automated bug finding and exploitation | Systems | Slides |
| 2014 | Build it Break it Fix it | Andrew Ruef | Engineering | Systems | Slides |
| 2014 | How to CTF - Getting and using Other People's Computers (OPC) | Jay Little | Education | Systems | Slides |
| 2014 | Low-level Security | Andrew Ruef | Education | Systems | Slides |
| 2014 | Security and Your Business | Andrew Ruef | Education | Systems | Slides |
| 2013 | Bringing nothing to the party | Vincenzo Iozzo | Education | Systems | Slides |
| 2013 | The Exploit Intelligence Project Revisited | Dan Guido | Threat analysis & malware | Systems | Slides |
| 2012 | Analyzing the MD5 collision in Flame | Alex Sotirov | Cryptography | Crypto | Slides |
| 2012 | From One Ivory Tower to Another | Vincenzo Iozzo | Education | Systems | Slides |
| 2012 | The Mobile Exploit Intelligence Project | Dan Guido | Mobile security | AppSec | Slides |
| 2012 | A Tale of Mobile Threats | Vincenzo Iozzo | Mobile security | AppSec | Slides |
132 talks
Browse every report, paper, and talk in the Library →
Want a Trail of Bits researcher to speak at your event?
Get in Touch