• Future
    Jun 20 2022
    FEATURED VOICES IN THIS EPISODEDan GuidoDan Guido is the CEO of Trail of Bits, a cybersecurity firm he founded in 2012 to address software security challenges with cutting-edge research. In his tenure leading Trail of Bits, Dan has grown the team to 80 engineers, led the team to compete in the DARPA Cyber Grand Challenge, built an industry-leading blockchain security practice, and refined open-source tools for the endpoint security market. In addition to his work at Trail of Bits, he’s active on the boards of four early-stage technology companies. Dan contributes to cybersecurity policy papers from RAND, CNAS, and Harvard. He runs Empire Hacking, a 1,500-member meetup group focused on NYC-area cybersecurity professionals. His latest hobby coding project -- AlgoVPN -- is the Internet's most recommended self-hosted VPN. In prior roles, Dan taught a capstone course on software exploitation at NYU as a faculty member and the Hacker in Residence, consulted at iSEC Partners (now NCC Group), and worked as an incident responder for the Federal Reserve System.Nat ChinNat Chin is a security engineer 2 at Trail of Bits, where she performs security reviews of blockchain projects, and develops tools that are useful when working with Ethereum. She is the author of solc-select, a tool to help switch Solidity versions. She worked as a smart contract developer and taught as a Blockchain Professor at George Brown College, before transitioning to blockchain security when she joined Trail of Bits.Opal WrightOpal Wright is a cryptography analyst at Trail of Bits. Two of the following three statements about her are true: (a) she's a long-distance unicyclist; (b) she invented a public-key cryptosystem; (c) she designed and built an award-winning sex toy.Jim MillerJim Miller is the cryptography team lead at Trail of Bits. Before joining Trail of Bits, Jim attended graduate programs at both Cambridge and Yale, where he studied and researched both Number Theory and Cryptography, focusing on topics such as lattice-based cryptography and zero-knowledge proofs. During his time at Trail of Bits, Jim has led several security reviews across a wide variety of cryptographic applications and has helped lead the development of multiple projects, such as ZKDocs and PrivacyRaven.Josselin FeistJosselin Feist is a principal security engineer at Trail of Bits where he participates in assessments of blockchain software and designs automated bug-finding tools for smart contracts. He holds a Ph.D. in static analysis and symbolic execution and regularly speaks at both academic and industrial conferences. He is the author of various security tools, including Slither - a static analyzer framework for Ethereum smart contracts and Tealer - a static analyzer for Algorand contracts.Peter GoodmanPeter Goodman is a Staff Engineer in the Research and Engineering practice at Trail of Bits, where he leads all de/compilation efforts. He is the creator of various static and dynamic program analysis tools, ranging from the Remill library for lifting machine code into LLVM bitcode, to the GRR snapshot/record/replay-based fuzzer. When Peter isn't writing code, he's mentoring a fleet of interns to push the envelope. Peter holds a Master's in Computer Science from the University of Toronto.Host: Nick SelbyAn accomplished information and physical security professional, Nick leads the Software Assurance practice at Trail of Bits, giving customers at some of the world's most targeted companies a comprehensive understanding of their security landscape. He is the creator of the Trail of Bits podcast, and does everything from writing scripts to conducting interviews to audio engineering to Foley (e.g. biting into pickles). Prior to Trail of Bits, Nick was Director of Cyber Intelligence and Investigations at the NYPD; the CSO of a blockchain startup; and VP of Operations at an industry analysis firm.Production StaffStory Editor: Chris JulinAssociate Editor: Emily HaavikExecutive Producer: Nick SelbyExecutive Producer: Dan GuidoRecordingRocky Hill Studios, Ghent, New York. Nick Selby, EngineerPreuss-Projekt Tonstudio, Salzburg, Austria. Christian Höll, EngineerRemote recordings:Whistler, BC, Canada; (Nick Selby) Queens, NY; Brooklyn, NY; Rochester, NY (Emily Haavik);Toronto, ON, Canada. TAPES//TYPES, Russell W. Gragg, EngineerTrail of Bits supports and adheres to the Tape Syncers United Fair Rates CardEdited by Emily Haavik and Chris JulinMastered by Chris JulinVideoYou can watch a video of this episode.MusicDISPATCHES FROM TECHNOLOGY'S FUTURE, THE TRAIL OF BITS THEME, Chris JulinOPEN WINGS, Liron MeyuhasNEW WORLD, Ian PostFUNKYMANIA, Omri Smadar, The Original OrchestraGOOD AS GONE, INSTRUMENTAL VERSION, Bunker Buster ALL IN YOUR STRIDE, AbeBREATHE EASY, Omri SmadarTREEHOUSE, LingerwellLIKE THAT, Tobias BergsonSCAPES,  Gray NorthReproductionWith the exception of any Copyrighted music herein, Trail of Bits Season 1 Episode 0; Immutable © 2022 by Trail of Bits is ...
    Show More Show Less
    22 mins
  • It Depends
    Jun 20 2022
    FEATURED VOICES IN THIS EPISODEClint BruceClint Bruce is a former Navy Special Warfare Officer, a graduate of the US Naval Academy, decorated athlete, and seasoned entrepreneur. A 4-year letter winner at Navy playing middle linebacker, captain and MVP of the ’96 Aloha Bowl Championship team, he was named to multiple all-star teams his senior year. He enjoyed opportunities with both the Baltimore Ravens and New Orleans Saints and was inducted into the Navy/Marine Corps Stadium Hall of Fame in 2009. Clint’s desire to serve was deep and firmly rooted. He left the NFL to pursue becoming a Navy SEAL and successfully completed BUDS (Basic Underwater Demolition SEAL Training) in 1998 with Class 217. Joining SEAL Team FIVE, Clint completed multiple deployments pre and post-911 directly involved in counter-terrorism and national security missions globally. He is a co-founder of Carry the Load, which was founded to restore true meaning to Memorial Day and celebrate the service and sacrifice of Police, Fire, and Rescue personnel and their families during the month of May. Clint lives in Dallas with his college sweetheart and three daughters who are not impressed that he played football or was a Navy SEAL.Patrick GrayPatrick Gray is the producer and presenter of the Risky Business weekly information security podcast, a weekly podcast that launched in 2007. He formerly was a journalist for publications including Wired.com, ZDNet Australia, The Sydney Morning Herald, The Age, The Bulletin (magazine) and Men's Style Australia.Eric OlsonEric Olson is the Director of Threat Intelligence for Jet Blue Airways. A threat intelligence professional for more than 20 years, Eric has had executive roles including Senior Vice President of Product Management and Vice President, Intellugence Operations, at LookingGlass Cyber Solutions, and was VP of Product Strategy at Cyveillance.Allan FriedmanAllan Friedman is Senior Advisor and Strategist at the United States Cybersecurity and Infrastructure Security Agency, and one of the nation's leading experts on Software Bill of Materials. Allan leads CISA's efforts to coordinate SBOM initiatives inside and outside the US government, and around the world. He is known for applying technical and policy expertise to help audiences understand the pathways to change in an engaging fashion, and is frequently invited to speak or keynote to industry, academic, and public audiences. Wearing the hats of both a technologist and a policy maker, Allan has over 15 years of experience in international cybersecurity and technology policy. His experience and research focuses on economic and market analyses of information security. On the practical side, he has designed, convened, and facilitated national and international multistakeholder processes that have produced real results, helping diverse organizations finding common ground on contentious, cutting edge issues.Evan Sultanik, PhDEvan Sultanik is a Principal Computer Security Researcher at Trail of Bits. A computer scientist with extensive experience both in industry (as a software engineer) and academia, Evan is an active contributor to open source software. He is author of more than two dozen peer-reviewed academic papers, and is particularly interested in intelligent, distributed/peer-to-peer systems. Evan is editor of and frequent contributor to the International Journal of PoC||GTFO. William WoodruffWilliam Woodruff is a senior security engineer at Trail of Bits, contributing to the engineering and research practices in work for corporate and governmental clients. He has developed several of our open-source projects (e.g., twa, winchecksec, KRF, and mishegos). His work focuses on fuzzing, program analysis, and automated vulnerability reasoning. Outside of Trail of Bits, William helps to maintain the Homebrew project, the dominant macOS package manager. Before joining Trail of Bits, he was a software engineering intern at Cipher Tech Solutions, a small defense subcontractor. He has participated in the Google Summer of Code for four years (two as a student, two as a mentor) and taught a class in ethical hacking as a college senior. William holds a BA in philosophy from the University of Maryland (2018).HOST: Nick SelbyAn accomplished information and physical security professional, Nick leads the Software Assurance Practice at Trail of Bits, giving customers at some of the world's most targeted companies a comprehensive understanding of their security landscape. He is the creator of the Trail of Bits podcast, and does everything from writing scripts to conducting interviews to audio engineering to Foley (e.g. biting into pickles). Prior to Trail of Bits, Nick was Director of Cyber Intelligence and Investigations at the NYPD; the CSO of a blockchain startup; and VP of Operations at an industry analysis firm.PRODUCTION STAFFStory Editor: Chris JulinAssociate Editor: Emily HaavikExecutive Producer: Nick SelbyExecutive Producer: Dan ...
    Show More Show Less
    21 mins
  • W/Internships
    Jun 20 2022
    Featured Voices in this Episode:Trent BrunsonTrent Brunson is a Principal Security Engineer and Research Practice Manager at Trail of Bits. He has worked in computer security since 2012 as a researcher and engineer at Assured Information Security in Rome, NY, and at the Georgia Tech Research Institute, where he served as the Threat Intelligence Branch Chief and the Associate Division Chief of Threat Intelligence & Analytics. Dan GuidoDan Guido is the CEO of Trail of Bits, a cybersecurity firm he co-founded in 2012 to address software security challenges with cutting-edge research. In his tenure leading Trail of Bits, Dan has grown the team to more than 80 engineers, led the team to compete in the DARPA Cyber Grand Challenge, built an industry-leading blockchain security practice, and refined open-source tools for the endpoint security market. In addition to his work at Trail of Bits, he runs Empire Hacking, a 1,500-member meetup group focused on NYC-area cybersecurity professionals. His latest hobby coding project, AlgoVPN, is the Internet's most recommended self-hosted VPN.Suha HussainSuha Hussain is a software security engineer who specializes in machine learning assurance. Her work also involves data privacy, program analysis, and applied cryptography. She’s currently an intern at Trail of Bits, where she’s worked on projects such as PrivacyRaven and Fickling. She’s also pursuing a BS in Computer Science at Georgia Tech.Sam AlwsSam Alws is a computer science student at Vanderbilt University, hoping to take part in shaping the future of tech. He was a Trail of Bits wintern and also previously interned at Bloomberg LP. He serves as a volunteer software developer for Change++, writing code for charities, and spent two years with Project Spark, designing a programming curriculum for schools in India.Nick Selby (Host)An accomplished information and physical security professional, Nick leads the Software Assurance practice at Trail of Bits, giving customers at some of the world's most targeted companies a comprehensive understanding of their security landscape. He is the creator of the Trail of Bits podcast, and does everything from writing scripts to conducting interviews to audio engineering to Foley (e.g. biting into pickles). Prior to Trail of Bits, Nick was Director of Cyber Intelligence and Investigations at the NYPD; the CSO of a blockchain startup; and VP of Operations at an industry analysis firm. Production StaffStory Editor: Chris JulinAssociate Editor: Emily HaavikExecutive Producer: Nick SelbyExecutive Producer: Dan GuidoRecordingRecorded at Rocky Hill Studios, Ghent, NY - Nick Selby, Engineer22Springroad Tonstudio, Übersee, Germany - Volker Lesch, EngineerRemote recordings: New York, NY; Brooklyn, NY; Virginia; Atlanta, GA (Emily Haavik); Silver Spring, MD (Jason An). Trail of Bits supports and adheres to the Tape Syncers United Fair Rates Card.Edited by Emily Haavik and Chris JulinMastered by Chris Julin  VideoYou can watch a video of this podcast.Special ThanksDominik CzarnotaJosselin FeistMusicTRAIL OF BITS THEME: DISPATCHES FROM TECHNOLOGY'S FUTURE, Chris JulinELEMENT, Frank BentleyFOUR AM, Curtis ColeDRIVING SOLO, Ben FoxOPEN WINGS, Liron MeyuhasSHAKE YOUR STYLE, Stefano MastronardiTHE QUEEN, Jasmine J. WalkerILL PICKLE, Phil DavidPIRATE BLUES, Leon LaudenbackSCAPES, Gray NorthReproductionWith the exception of any Copyrighted music herein, Trail of Bits Season 1 Episode 2; Internships and Winternships © 2022 by Trail of Bits is licensed under Attribution-NonCommercial-NoDerivatives 4.0 International.  This license allows reuse: reusers may copy and distribute the material in any medium or format in unadapted form and for noncommercial purposes only (noncommercial means not primarily intended for or directed towards commercial advantage or monetary compensation), provided that reusers give credit to Trail of Bits as the creator. No derivatives or adaptations of this work are permitted. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/4.0/. Referenced in this Episode:Learn more about the work done by Trail of Bits interns over the years on the company blog.Apply for an internship or winternship at https://www.trailofbits.com/careersSuha Hussain and lead engineer Evan Sultanik describe the Fickling project: Never a Dill Moment: Exploiting Machine Learning Pickle Files. The Python manual refers specifically to the security issues discussed in this episode:  "The pickle module is not secure. Only unpickle data you trust... It is possible to construct malicious pickle data which will execute arbitrary code during unpickling. Never unpickle data that could have come from an untrusted source, or that could have been tampered with."Read more about PrivacyRaven and watch Suha’s video introducing the project: PrivacyRaven Has Left the NestSam Alws describes his journey to speed up Echidna: Optimizing a Smart Contract FuzzerFor those interested in ...
    Show More Show Less
    22 mins
  • Immutable
    Jun 20 2022
    FEATURED VOICES IN THIS EPISODEDan GuidoDan Guido is the CEO of Trail of Bits, a cybersecurity firm he founded in 2012 to address software security challenges with cutting-edge research. In his tenure leading Trail of Bits, Dan has grown the team to 80 engineers, led the team to compete in the DARPA Cyber Grand Challenge, built an industry-leading blockchain security practice, and refined open-source tools for the endpoint security market. In addition to his work at Trail of Bits, he’s active on the boards of four early-stage technology companies. Dan contributes to cybersecurity policy papers from RAND, CNAS, and Harvard. He runs Empire Hacking, a 1,500-member meetup group focused on NYC-area cybersecurity professionals. His latest hobby coding project -- AlgoVPN -- is the Internet's most recommended self-hosted VPN. In prior roles, Dan taught a capstone course on software exploitation at NYU as a faculty member and the Hacker in Residence, consulted at iSEC Partners (now NCC Group), and worked as an incident responder for the Federal Reserve System.Evan SultanikEvan Sultanik is a Principal Computer Security Researcher at Trail of Bits. A computer scientist with extensive experience both in industry (as a software engineer) and academia, Evan is an active contributor to open source software. He is author of more than two dozen peer-reviewed academic papers, and is particularly interested in intelligent, distributed/peer-to-peer systems. Evan is editor of and frequent contributor to the International Journal of PoC||GTFO. Trent BrunsonTrent is a Principal Security Engineer and Research Practice Manager at Trail of Bits. He has worked in computer security since 2012 as a researcher and engineer at Assured Information Security in Rome, NY, and at the Georgia Tech Research Institute, where he served as the Threat Intelligence Branch Chief and the Associate Division Chief of Threat Intelligence & Analytics.  Trent received his Ph.D. in computational physics from Emory University in Atlanta in 2014, and his dissertation work applied the renormalization group and Monte Carlo methods to study exact results on complex networks.Host: Nick SelbyAn accomplished information and physical security professional, Nick leads the Software Assurance practice at Trail of Bits, giving customers at some of the world's most targeted companies a comprehensive understanding of their security landscape. He is the creator of the Trail of Bits podcast, and does everything from writing scripts to conducting interviews to audio engineering to Foley (e.g. biting into pickles). Prior to Trail of Bits, Nick was Director of Cyber Intelligence and Investigations at the NYPD; the CSO of a blockchain startup; and VP of Operations at an industry analysis firm. Production StaffStory Editor: Chris JulinAssociate Editor: Emily HaavikExecutive Producer: Nick SelbyExecutive Producer: Dan GuidoRecordingRocky Hill Studios, Ghent, New York. Nick Selby, EngineerPreuss-Projekt Tonstudio, Salzburg, Austria. Christian Höll, EngineerRemote recordings: Whistler, BC (Nick Selby); Queens, NY (Emily Haavik)Edited and Mastered by Chris JulinTrail of Bits supports and adheres to the Tape Syncers United Fair Rates CardVideoWatch a video of this podcast. MusicDispatches From Technology's Future, the Trail of Bits theme, Chris JulinCANTO DELLE SCIACALLE, Cesare PastanellaSHALLOW WATER - REMIX, Omri Smadar, Yehezkel Raz, Sivan TalmorALL IN YOUR STRIDE, ABELET IT RISE, Divine Attraction ROAD LESS TRAVELED, The David Roy CollectiveKILLING ME SOFTLY, Ty SimonTECH TALK, Rex BannerLOST ON EARTH, Marek JakubowiczSCAPES, Gray NorthReproductionWith the exception of any Copyrighted music herein, Trail of Bits Season 1 Episode 0; Immutable © 2022 by Trail of Bits is licensed under Attribution-NonCommercial-NoDerivatives 4.0 International.  This license allows reuse: reusers may copy and distribute the material in any medium or format in unadapted form and for noncommercial purposes only (noncommercial means not primarily intended for or directed towards commercial advantage or monetary compensation), provided that reusers give credit to Trail of Bits as the creator. No derivatives or adaptations of this work are permitted. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/4.0/. Referenced in this EpisodeIn “Are Blockchains Decentralized? Unintended Centralities in Distributed Ledgers,” Evan Sultanik, Trent Brunson, and nine other engineers on the Trail of Bits Research and Engineering and Software Assurance teams report their findings from the year-long project to examine Blockchain centrality. Fluxture is a free and open source software crawling framework for Blockchains and peer-to-peer systems that Trail of Bits created to assist with the work described in this episode. We also link to the free and open source recursive dependency graphing tool It-Depends, which we will discuss in depth in the upcoming podcast episode ...
    Show More Show Less
    20 mins
  • Zero Knowledge Proofs and ZKDocs
    Jun 11 2022
    FEATURED VOICES IN THIS EPISODEJim MillerJim Miller is the cryptography team lead at Trail of Bits. Before joining Trail of Bits, Jim attended graduate programs at both Cambridge and Yale, where he studied and researched both Number Theory and Cryptography, focusing on topics such as lattice-based cryptography and zero-knowledge proofs. During his time at Trail of Bits, Jim has led several security reviews across a wide variety of cryptographic applications and has helped lead the development of multiple projects, such as ZKDocs and PrivacyRaven.Matthew GreenMatthew Green is a cryptographer and an associate professor at the Johns Hopkins Information Security Institute. His research includes techniques for privacy-enhanced information storage, anonymous payment systems, and bilinear map-based cryptography. He is one of the creators of the Zerocash protocol, which is used by the Zcash cryptocurrency, and a founder of an encryption startup Zeutro. He was formerly a partner in Independent Security Evaluators, a custom security evaluation and design consultancy. From 1999-2003, he served as a senior technical staff member at AT&T Laboratories/Research in Florham Park, New Jersey.Host: Nick SelbyAn accomplished information and physical security professional, Nick leads the Software Assurance Practice at Trail of Bits, giving customers at some of the world's most targeted companies a comprehensive understanding of their security landscape. He is the creator of the Trail of Bits podcast, and does everything from writing scripts to conducting interviews to audio engineering to Foley (e.g. biting into pickles). Prior to Trail of Bits, Nick was Director of Cyber Intelligence and Investigations at the NYPD; the CSO of a blockchain startup; and VP of Operations at an industry analysis firm. Production StaffStory Editor: Chris JulinAssociate Editor: Emily HaavikExecutive Producer: Nick SelbyExecutive Producer: Dan GuidoRecordingRecorded at Rocky Hill Studios, Ghent, NY - Nick Selby, Engineer; and 22Springroad Tonstudio, Übersee, Germany - Volker Lesch, EngineerRemote recordings were conducted at Whistler, BC, Canada; and Tarrytown, NYEdited and Mastered by Chris JulinTrail of Bits supports and adheres to the Tape Syncers United Fair Rates Card)MusicDispatches From Technology's Future, the Trail of Bits theme, Chris JulinTrue Detectives: Ian PostBig Band Lemonade: Shirker Big BandDuda:  Ian PostBread and Butter: ZiggyScapes: Gray NorthVideoWatch this episode as a video on YouTube.ReproductionWith the exception of any Copyrighted music herein, Trail of Bits Season 1 Episode 1; Zero Knowledge Proofs and ZKDocs © 2022 by Trail of Bits is licensed under Attribution-NonCommercial-NoDerivatives 4.0 International.  This license allows reuse: reusers may copy and distribute the material in any medium or format in unadapted form and for noncommercial purposes only (noncommercial means not primarily intended for or directed towards commercial advantage or monetary compensation), provided that reusers give credit to Trail of Bits as the creator. No derivatives or adaptations of this work are permitted. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/4.0/. Referenced in this Episode:The talk at Real World Crypto 2020 that Jim discusses was "This is not a proof: Pitfalls in real-world verifiable elections" by Sarah Jamie Lewis, Olivier Pereira, and Vanessa Teague. It was based on the academic paper, “How not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios," by David Bernhard, Olivier Pereira, and Bogdan Warinschi. It’s about some problems researchers have uncovered in an open-source e-voting system called Helios Voting. You can learn much more about ZKDocs and the latest Trail of Bits projects on our blog: trailofbits.com/blogJim Miller uses a tennis analogy to help describe some of the issues we discussed in this episode: Serving up zero-knowledge proofsTrail of Bits and Matthew Green teamed up to use Zero Knowledge proofs to form a trusted plane in which tech companies and vulnerability researchers can securely communicate, in a research project that's part of a larger DARPA-funded effort: Reinventing Vulnerability Disclosure using Zero Knowledge ProofsIn December 2020, a Trail of Bits intern wrote an extensive post called Reverie: An Optimized Zero Knowledge Proof System. Reverie is a ZK proof system using techniques from secure multiparty computation that optimizes for prover efficiency and doesn't require any trusted setup.To learn more about the Trail of Bits Internship and Winternship programs, visit the Trail of Bits Careers PageMeet the Team:Chris JulinChris Julin has spent years telling audio stories and helping other people tell theirs. These days he works as a story editor and producer for news outlets like APM Reports, West Virginia Public Broadcasting, and Marketplace. He has also taught and mentored hundreds of young journalists as a...
    Show More Show Less
    21 mins
  • Trailer
    Jun 10 2022
    PRODUCTION STAFF

    Story Editor: Chris Julin
    Associate Editor: Emily Haavik
    Executive Producer: Nick Selby
    Executive Producer: Dan Guido

    RECORDING

    Recorded at Rocky Hill Studios, Ghent, NY - Nick Selby, Engineer
    Remote recordings were conducted at Whistler, BC, Canada

    Edited and Mastered by Chris Julin
    Trail of Bits supports and adheres to the Tape Syncers United Fair Rates Card

    MUSIC

    Dispatches From Technology's Future, the Trail of Bits theme, Chris Julin
    Driving Solo, Ben Fox

    Meet the Team:CHRIS JULIN

    Chris Julin has spent years telling audio stories and helping other people tell theirs. These days he works as a story editor and producer for news outlets like APM Reports, West Virginia Public Broadcasting, and Marketplace. He has also taught and mentored hundreds of young journalists as a professor. For the Trail of Bits podcast, he serves as story and music editor, sound designer, and mixing and mastering engineer.

    EMILY HAAVIK

    For the past 10 years Emily Haavik has worked as a broadcast journalist in radio, television, and digital media. She’s spent time writing, reporting, covering courts, producing investigative podcasts, and serving as an editorial manager. She now works as an audio producer for several production shops including Us & Them from West Virginia Public Broadcasting and PRX, and APM Reports. For the Trail of Bits podcast, she helps with scripting, interviews, story concepts, and audio production.

    Show More Show Less
    2 mins