Deepening the Science of Security

Since 2012, Trail of Bits has helped secure some of the world’s most targeted organizations and products.
We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

Request a Quote

Philosophy

We don’t just fix bugs, we fix software. When our research into the depths of code and devices exposes gaps in the market, we engineer foundational tools to close them.

Research & Development

CTF Field Guide

Capture the flag (CTF) competitions provide an ideal platform for students to learn to think like attackers. And yet most schools and colleges lack the expertise to form and train CTF teams for competition. This guide closes the gap, and addresses the larger skills gap in the cybersecurity industry.

McSema

McSema is a novel software framework that allows for the reverse engineering of binary code with tools built to analyze source code. It’s now much simpler for software engineers to analyze and transform applications in complex ways.

Cyber Reasoning System (CRS)

Recognized as the second-most effective entrant in DARPA’s Cyber Grand Challenge (CGC) qualifying event, our CRS automatically detects software vulnerabilities on par with more complex systems, but requires half the code and easily integrates new analysis tools. Our CRS delivers effectiveness without compromising on simplicity or extensibility.

OSQuery

Until now, Windows servers were excluded from the power and efficiency of osquery, Facebook’s open-source platform that turns operating system information into a format that can be queried using standard SQL-based statements. In Fall, 2016, we changed that, and disrupted the endpoint security market in the process.

Cyber Fault-tolerant Attack Recovery (CFAR)

CFAR uses multiple CPU cores for security. Each core runs a functionally identical version of the same program, but mutated at the binary level. Exploit attempts cause the afflicted core to diverge in execution from the others, at which point the system knows it is under attack and can take precautions.

More Research

Organizations We Support