Contact - Trail of Bits
Trail of Bits helps secure some of the world's most targeted organizations and products.| Trail of Bits
In part 1, we introduced Sleepy Pickle, an attack that uses malicious pickle files to stealthily compromise ML models and carry out sophisticated attacks against end users. Here we show how this technique can be adapted to enable long-lasting presence on compromised systems while remaining undetected. This variant technique, which we call […]| The Trail of Bits Blog
Trail of Bits is excited to introduce Ruzzy, a coverage-guided fuzzer for pure Ruby code and Ruby C extensions. Fuzzing helps find bugs in software that processes untrusted input. In pure Ruby, these bugs may result in unexpected exceptions that could lead to denial of service, and in Ruby C extensions, they […]| The Trail of Bits Blog
Ruby Central hired Trail of Bits to complete a security assessment and a competitive analysis of RubyGems.org, the official package management system for Ruby applications. With over 184+ billion downloads to date, RubyGems.org is critical infrastructure for the Ruby language ecosystem. This is a joint post with the Ruby Central team; read their announcement here! […]| Trail of Bits Blog
Finding deserialization functions accepting user input can be exciting, but what's your plan if well-known gadget chains aren't an option for exploitation? In this post, we explore the process of building a custom gadget chain to exploit deserialization vulnerabilities in Ruby. The post Discovering Deserialization Gadget Chains in Rubyland appeared first on Include Security Research Blog.| Include Security Research Blog
Trail of Bits helps secure some of the world's most targeted organizations and products.| Trail of Bits
