trailofbits

Set up a personal VPN in the cloud

Symbolic execution tool

Framework for lifting x86, amd64, aarch64, sparc32, and sparc64 program binaries to LLVM bitcode

A semantic diff utility and library for tree-like files such as JSON, JSON5, XML, HTML, YAML, and CSV.

Library for lifting machine code to LLVM bitcode

CTF Field Guide

Audits Python environments, requirements files and dependency trees for known security vulnerabilities, and can automatically fix them

A unit test-like interface for fuzzing and symbolic execution

Run Rust lints from dynamic libraries

A tiny web auditor with strong opinions.

Checksec, but for Windows: static detection of security mitigations in executables

VAST is an experimental compiler pipeline designed for program analysis of C and C++. It provides a tower of IRs as MLIR dialects to choose the best fit representations for a program analysis or further program abstraction.

A kernelspace syscall interceptor and randomized faulter

Demonstration library for using the Secure Enclave on iOS

A user-mode application authorization system for MacOS written in Swift

osquery extensions by Trail of Bits

A differential fuzzer for x86 decoders

Rewrite C++ code to automatically apply `constexpr` where possible

Coefficient-Based Reconstruction of Arithmetic — a Mixed Boolean-Arithmetic (MBA) expression simplifier for deobfuscation

An LLVM sanitizer tutorial

To make fuzzing Rust easy

Peter's Amazing Syntax Tree Analyzer

Zero-dependency Linux memory forensics PoC — leverages kernel-embedded BTF and kallsyms for type-aware memory analysis without external debug info.

A graph view plugin for Binary Ninja to visualize Objective-C

ebpfpub is a generic function tracing library for Linux that supports tracepoints, kprobes and uprobes.

A BPF-based syscall fault injector

A framework for instrumenting build tools

Mapping the NYC Infosec Community

Linux kernel driver to export the TSC frequency via sysfs

Easily create authenticated data structures