Research & Development
Binary Ninja offers security researchers a real -and easy- choice of reversing platforms. Its accessible interface and powerful automated analyses are a force multiplier for a researcher’s human intuition. We want to accelerate adoption of Binary Ninja, so we’re developing learning materials to help prospective users jump in now.
Sienna Locomotive brings fuzzing and crash triage to developers who lack detailed knowledge of vulnerabilities, how fuzzers work, and how to configure them. It works on Windows, was built on open-source software, and incorporates new research in crash triage to make fuzzing easy and effective.
Leveraging the Analog Domain for Security (LADS)
As a performer in DARPA's Leveraging the Analog Domain for Security program, we're writing program analysis tools to help protect low-resource systems from advanced cyber threats, such as RowHammer, which allow individual bits to get flipped in arbitrary program memory. The automated program analyzer we're engineering is built on Manticore, our Python symbolic execution platform.
Manticore unlocks the power of symbolic execution for security researchers. It's pure Python with minimal dependencies that can operate on x86, x64, and ARM binaries and Ethereum smart contracts. Anyone with experience in exploitation or reversing can use the API to create specialized binary analysis or software security tools.
CTF Field Guide
Capture the flag (CTF) competitions provide an ideal platform for students to learn to think like attackers. And yet most schools and colleges lack the expertise to form and train CTF teams for competition. This guide closes the gap, and addresses the larger skills gap in the cybersecurity industry.
In the Press
From our Blog
An Echidna for all seasons
Two years ago, we open-sourced Echidna, our property-based smart contract fuzzer. Echidna is one of the tools we use most in smart contract assessments. According to our records, Echidna was used in about 35% of our smart contract audits during the past two years.
Announcing the Zeek Agent
The Zeek Network Security Monitor provides a powerful open-source platform for network traffic analysis. However, from its network vantage point, Zeek lacks access to host-level semantics, such as the process and user accounts that are responsible for any connections observed. The new Zeek Agent fills this gap by interfacing Zeek directly with your endpoints, providing semantic context that’s highly valuable for making security decisions.