A Broad Comparative Evaluation of Software Debloating Tools
A Broad Comparative Evaluation of x86-64 Binary Rewriters
A mostly gentle introduction to LLVM
Analyzing the MD5 Collision in Flame
Anatomy of an unsafe programming language
Automated Tools for Securing the Software Supply Chain
Automatic bugfinding for the blockchain
Best Practices for Cryptography in Python
Binary Symbolic Execution With KLEE-Native
Binary analysis, meet the blockchain
Binary constraint solving for automatic exploit generation
Blockchain Autopsies - Analyzing Smart Contract Deaths
Bringing nothing to the party
Build Provenance: Lessons (so Far) from Homebrew
Building a Practical Static Analyzer for Smart Contracts
Building a Rusty path validation library for PyCA Cryptography
Careful with MAc-then-SIGn
Contract upgrade risks and recommendations
Detecting transaction replacement attacks with Manticore
Differential analysis of x86-64 decoders
Differential fuzzing, or_ how to find bugs when (ground) truth isn't real
Ergonomic codesigning for the Python ecosystem with Sigstore
Exploiting Out-of-Order Execution
From One Ivory Tower to Another
Getting started with osquery
Going sicko mode on the Linux Kernel
Hardware side channels in virtualized environments
Holistic ML Threat Models
How to CTF - Getting and Using OPC
How to fuzz like a pro-Defi Security Summit-EthCC-EthTaipei
Imagining a zero-trust future for PyPI
Implementing X.509 path validation for Python
Improving PyPI's security with Two Factor Authentication
Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs
Insecure Things to Avoid in Python
Testing Handbook - Semgrep.pdf
TrailofBits_Semgrep_Practice_Exercises.pdf
Kernel space fault injection with KRF
Low-level debugging with Pwndbg
MLIR is the future of program analysis
McSema - Static Translation of x86 instructions to LLVM IR
Modern iOS Application Security
Never a Dill Moment: Exploiting Machine Learning Pickle Files
On the Optimization of Equivalent Concurrent Computations
PEP 740 and PyPI: Bootstrapping Provenance for the Python Ecosystem
Peeling back the Shlayers of macOS Malware
PrivacyRaven: Comprehensive Privacy Testing for Deep Learning
Property-based testing of smart contracts
Python Packaging Mystery Meat
Python internals - lets talk about dicts
Repurposing LLVM analyses in MLIR: Also there and back again across the Tower of IRs
Return to the 100 Acre Woods
Safely integrating with ERC20 tokens
Securing value on the Ethereum blockchain
Securing your Package Ecosystem with Trusted Publishing
Security and Your Business
Semantic Labeling of Parsers
Seriously, stop using RSA
Sigstore for Python Packaging: Next Steps for Adoption
SlithIR, An Intermediate Representation of Solidity to enable High Precision Security Analysis
Slither: A Static Analysis Framework for Smart Contracts
Smart Contracts: The Beta
Swimming with the kubectl fish
Symbolic Execution for Humans
Symbolically Executing a Fuzzy Tyrant
Testing and Verifying Smart Contracts: From Theory to Practice
The Exploit Intelligence Project
The Mobile Exploit Intelligence Project
The Next 5 Years of Supply Chain Security on PyPI
The Smart Fuzzer Revolution
The dream of a static and dynamic analysis shootout
The spirit of the 90s is alive in Brooklyn
Trusted Publishing: Lessons from PyPI
Using Graph-Based Machine Learning Algorithms for Software Analysis
VAST: MLIR for program analysis of C
Vulnerability Modeling with Binary Ninja
Weak Fiat-Shamir attacks on modern proof systems
What blockchain got right
What does it look like to code-sign for an entire packaging ecosystem
Write Better Smart Contracts By Checking Them With Slither's Python API
Your Mitigations are My Opportunities
osquery Extension Skunkworks
osquery Linux security event monitoring
You can’t perform that action at this time.