Research & Development
Sienna Locomotive brings fuzzing and crash triage to developers who lack detailed knowledge of vulnerabilities, how fuzzers work, and how to configure them. It works on Windows, was built on open-source software, and incorporates new research in crash triage to make fuzzing easy and effective.
Leveraging the Analog Domain for Security (LADS)
As a performer in DARPA's Leveraging the Analog Domain for Security program, we're writing program analysis tools to help protect low-resource systems from advanced cyber threats, such as RowHammer, which allow individual bits to get flipped in arbitrary program memory. The automated program analyzer we're engineering is built on Manticore, our Python symbolic execution platform.
Manticore unlocks the power of symbolic execution for security researchers. It's pure Python with minimal dependencies that can operate on x86, x64, and ARM binaries and Ethereum smart contracts. Anyone with experience in exploitation or reversing can use the API to create specialized binary analysis or software security tools.
CTF Field Guide
Capture the flag (CTF) competitions provide an ideal platform for students to learn to think like attackers. And yet most schools and colleges lack the expertise to form and train CTF teams for competition. This guide closes the gap, and addresses the larger skills gap in the cybersecurity industry.
Control Flow Integrity
Software would be more secure if more developers took advantage of Control Flow Integrity (CFI). But adoption of this exploit mitigation technology has been limited. We’re changing that with a series of practical analyses and working examples derived from our research.
In the Press
From our Blog
'AMD Flaws' Technical Summary
Two weeks ago, we were engaged by CTS Labs as independent consultants at our standard consulting rates to review and confirm the technical accuracy of their preliminary findings. We did not participate in their research or their subsequent disclosure. …
Echidna, a smart fuzzer for Ethereum
Today we released Echidna, our next-generation EVM smart fuzzer at EthCC. It’s the first-ever fuzzer to target smart contracts and has powerful features like abstract state-machine modeling and automatic minimal test case generation. We’ve been working on it for quite some time, and are thrilled to finally share it with the world! …