Fredrik Dahlgren
Cryptography and static analysis @ Trail of Bits
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren
- Interesting post/research by Sean Heelan investigating the current state of exploit generation using frontier models like GPT-5.2 and Opus 4.5. sean.heelan.io/2026/01/18/o...
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Uppfriskande att se att någon har visioner som inte handlar om att utvisa människor eller sätta barn i fängelse. www.dn.se/varlden/eu-v...
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Good post on Merkle tree certificates.
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren
- WAICT builds on subresource integrity to create an end-to-end transparency solution for web applications. It is still early days, but this looks like great news for web application auditability and trust! 🎉 blog.cloudflare.com/improving-th...
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Jag försökte bli månadsgivare till en organisation jag stödjer, men för att godkänna autogirot var jag tvungen att ge något som heter FinShark tillgång till mitt konto i 180 dagar!? Det känns ju helt bananas! Är det här verkligen det bästa vi kan åstadkomma 2025?
- Reposted by Fredrik DahlgrenWe are alarmed by reports that Germany is on the verge of a catastrophic about-face, reversing its longstanding and principled opposition to the EU’s Chat Control proposal which, if passed, could spell the end of the right to privacy in Europe. signal.org/blog/pdfs/ge...
- This is so cursed.
- Signal is really pushing the envelope with their new post-quantum secure triple ratchet. The protocol is formally verified using ProVerif, and the implementation uses hax to verify correctness and panic-freeness of the implementation. Really great work!
- In 2023, Signal was the first mainstream messenger to enable post-quantum cryptography. We’re still ahead of the (elliptical) curve, implementing a new hybrid PQ ratchet ensuring Forward Secrecy & Post-Compromise Security even in a post-quantum world. signal.org/blog/spqr/
- LLDB adds native support for MCP. lldb.llvm.org/use/mcp.html
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik DahlgrenI’m Not a Robot, a game about solving CAPTCHAs, is out now! good luck :) > neal.fun/not-a-robot/
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Solving AI alignment alignment. alignmentalignment.ai
- Great paper on finding and exploiting parser differentials between ZIP parsers to bypass signature validation, malware detection, or VSCode extension ID validation. www.usenix.org/conference/u...
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Over 600 GB of source code, internal communication, and documentation about the great firewall of China leaked from Geedge Networks. gfw.report/blog/geedge_...
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren[Not loaded yet]
- This is a great post on how to bypass code signing (e.g. for malware persistence or to introduce backdoors) by tampering with V8 heap snapshots. All Electron apps (like Slack, 1Password, and Signal) and Chromium based browsers were vulnerable to this issue. blog.trailofbits.com/2025/09/03/s...
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Regeringens kulturkanon är ett surrogat för en riktig kulturpolitik. www.dn.se/kultur/bjorn...
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Why always WhatsApp tho? 🤔 ift.tt/JswW0ay
- Why factoring (of numbers that aren’t 15) isn’t a good benchmark for tracking the progress of quantum computers. algassert.com/post/2500
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren
[Not loaded yet] - Reposted by Fredrik Dahlgren[Not loaded yet]
- Please consider holding your next conference or event outside the US.
- Reposted by Fredrik DahlgrenAt long last - Phrack 72 has been released online for your reading pleasure! Check it out: phrack.org
- Reposted by Fredrik DahlgrenPyPI now serves PEP 792 project statuses in its APIs. that means you can now programmatically check if a package is archived, quarantined, etc.! blog.pypi.org/posts/2025-0...
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik DahlgrenMy wife shared this with me and I’m tellin you… it’s worth the read.
- Reposted by Fredrik Dahlgren[Not loaded yet]
- We’re open sourcing our AI reasoning system Buttercup, which placed second in DARPAs AI Cyber Challenge! It runs on your laptop and works with any OSS-fuzz/ClusterFuzz compatible project. blog.trailofbits.com/2025/08/08/b...
- Trail of Bits won second place in DARPAs AI Cyber Challenge (AIxCC) at DEFCON! 🙌 Congratulations to all of the competing teams. Amazing work! aicyberchallenge.com
- Ordered and looking forward to reading this!
- Are we AGI yet?
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik DahlgrenWell this is bad. Google is indexing ChatGPT conversations exposing sensitive user data I tried a few quick searches. I found someone's chat where I can see their api key I found some building their resume. Their name, email and phone numbers are exposed. www.fastcompany.com/91376687/goo...
- Reposted by Fredrik Dahlgren[Not loaded yet]
- I wonder if we’ll hear anything about AI at Microsoft Ignite this year..? 🤔
- Sometimes it is easy to forget that all of the mature E2EE systems we have today started out as small proof-of-concepts full of compromises, shortcuts, and we’ll-deal-with-that-later’s. blog.trailofbits.com/2025/07/18/b...
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik DahlgrenWe ran a randomized controlled trial to see how much AI coding tools speed up experienced open-source developers. The results surprised us: Developers thought they were 20% faster with AI tools, but they were actually 19% slower when they had access to AI than when they didn't.
- Swedish security police have unintentionally leaked the locations of the Swedish prime minister and the Swedish monarch by using the fitness app Strava while on assignments. Those who cannot learn from history are doomed to repeat it. 🙄 www.bbc.com/news/technol...
- Reposted by Fredrik Dahlgren[Not loaded yet]
- Reposted by Fredrik Dahlgren[Not loaded yet]
- CodeQL now supports Rust! github.blog/changelog/20...
- The Trail of Bits cryptography team will be in Cannes for EthCC this week. Hit us up if you want to hang out and talk about ZK, MPC, FHE, E2EE or your favorite acronym of choice!
- Never heard about mise before. I need to try this on a real project!
- Reposted by Fredrik Dahlgrenzizmor v1.10.0 is released! this is a *huge* new release: it exposes a new (experimental) auto-fix mode, more precise subspanning for fixtures, as well as a brand new pedantic audit (anonymous-definition) read the full notes here: docs.zizmor.sh/release-note...
