Dan Guido
@dguido
Followers
24,684
Following
907
Media
550
Statuses
10,432
CEO @trailofbits , organizer @EmpireHacking
Brooklyn, NY
Joined April 2008
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Black
• 1769504 Tweets
La OEA
• 723260 Tweets
NABJ
• 534817 Tweets
Perú
• 371979 Tweets
Petro
• 347354 Tweets
Flamengo
• 232685 Tweets
Rachel Scott
• 95702 Tweets
Jamaican
• 64491 Tweets
O Palmeiras
• 57971 Tweets
Abel
• 45806 Tweets
#ทางรัฐ
• 39909 Tweets
Wesley
• 31019 Tweets
Rony
• 25861 Tweets
#FLAxPAL
• 23741 Tweets
Rojas
• 23505 Tweets
#AEWDynamite
• 23005 Tweets
Luiz Araújo
• 21254 Tweets
Paiva
• 20341 Tweets
Maracanã
• 19339 Tweets
Lavia
• 15088 Tweets
Nkunku
• 14338 Tweets
Gerson
• 13083 Tweets
O Vasco
• 12828 Tweets
無課金おじさん
• 12344 Tweets
Veiga
• 11559 Tweets
Cavani
• 10888 Tweets
Madueke
• 10696 Tweets
My scooter was stolen last week. Unknown to the thief, I hid two Airtags inside it. I was able to use the Apple Find My network and UWB direction finding to recover the scooter today. Here’s how it all went down:
245
3K
14K
3) Act quickly, before the anti-stalking feature kicks in. Damage done to my handlebars was likely in response to the regular noises from the Airtag.
4) Limit your in-person interactions and always involve the police. Don’t try to retrieve your stolen goods until you have backup.
71
122
3K
Here are a few lessons learned if you’re using Airtags for theft recovery:
1) Use an Airtag adhesive that blends in and muffles noise. It’s clear my thief was looking for them.
2) Do not turn on Lost Mode. It immediately alerts the thief they’re being tracked.
11
160
2K
I filled out a report at the precinct, and my two patrolmen get a parade of high fives from their peers. No one can remember the last time they solved an e-bike crime! I teach them all how to use Airtags, then hop in a Lyft home.
@NinebotGlobal
agrees to RMA the scooter ♥️.
19
44
2K
Tired: Don’t invade Russia in winter
Wired: Don’t start an information war with a very online comedian
5
296
2K
I immediately encountered resistance:
1) go back to where it was stolen and call 911
2) that’s not our precinct
3) we can’t help you if it’s inside a residence
4) I’m not familiar with your voodoo magic^H^H^H Airtags
15
56
2K
As I further inspect the scooter, the cops start asking questions: Do you sell used e-bikes? Do you collect info from the seller? Do you ask they prove ownership? What is the contact info for the person who dropped this scooter off? No, No, No, and we don’t know.
6
34
2K
An employee inside realizes we're investigating further. He immediately becomes agitated: I should be happy I got my scooter back and leave. It’s my fault for getting it stolen. I’m screwing up his day. This isn’t how we do things in Brooklyn. More joined in.
8
38
1K
It’s at this point that I noticed there were cameras indoors. In hushed tones, I excitedly told the cops, “Ask for video from last Tuesday at noon.” As I walked the scooter outside, I further reiterated, “they’ll delete it if you don’t get video now.”
3
45
1K
I move outside while one cop retrieves the evidence, but the most aggressive employee followed me. He says, “All you’re doing is making enemies.” Gets closer to me, and pantomimes shooting me. He implies I’d get murdered if he sees me again.
16
50
1K
At this point, one mechanic started making excuses for the current state of it: the woman who brought it in had complained about the brakes, so he cut the power line to the handlebars and then removed them. This is not how to repair brakes:
6
40
1K
Seconds later, I walked right into it. My scooter! The employees were in disbelief: How did I know it was mine? I played sounds from an Airtag. Not good enough. I paired to it with the Ninebot iOS app. This convinced the last holdouts.
2
39
1K
No fear! The most important part of IR is preparation, and I hid two Airtags inside the scooter: one “decoy” in the wheel well and a second, more subtle, one inside the stem. Covered in black duct tape, they’re hard to see.
8
44
1K
I also had NYPD meet me at the nearest street corner but they were resistant to helping. They weren’t familiar with Airtags, thought I might be enlisting them to steal something, and refused to walk with me if I knocked on a door or into a store.
10
53
1K
I was patient, upbeat, and demonstrated with the Airtags on my keys. I reiterated I didn’t want them to do anything illegal to help me, made a joke about it only costing $800 so it’s no felony, and insisted it would get solved within an hour. It worked!
6
40
1K
I do my best “How to Win Friends” and find things to agree with him on. To their credit, the employees not harassing me outside cooperated and provided the video. It’s a woman, and they claim she didn’t leave a phone number.
5
28
1K
I received a UWB ping as I walked in the door. It’s 13ft away! I gestured to keep walking, it’s here. The store was unkempt with piles of scooters. There was not a single new scooter in the store, every item on sale was second-hand.
3
31
1K
iPhone users automatically receive a push notification if an unknown Airtag has been “following” them, without its owner, for a random time between 8 and 24 hours. The Airtag itself will also start making sounds w/ a built-in speaker.
6
61
1K
With a willing 2-man patrol and me in the backseat, we drove to the current location, I pointed out the apartments, and then it dawned on all of us… there’s an e-bike store directly next door! In we walked to survey the merchandise.
8
34
947
With only 1hr to hunt, I couldn’t find its precise location and left thinking it was in these apartments. I boarded my flight to Blackhat, expecting I’d never see my scooter again. Why? Apple’s anti-stalking features.
4
33
890
Luckily, the Airtags didn’t move for the whole week. I thought up a new game plan to recover it as soon as I got off my redeye flight this morning. First stop, the 79th Precinct to try convincing the cops to help me, again.
1
34
873
The theft occurred on Monday night. I went out to dinner and locked it to a grate with motorcycle handcuffs. I find them easier to use than a cable lock, but apparently I forgot to lock one cuff. It was gone after ~2 hours.
7
41
876
I resolved to find it the next day but I’d be short on time: I had to catch a flight to Blackhat. I biked to where the scooter was located with an extra lock in-hand, hoping I could see it on the street and lock it to the nearest object for later retrieval.
3
35
858
Satoshi Nakamoto may be Paul “Solotshi” Le Roux, infamous cartel boss and creator of TrueCrypt. I want to believe 👽
29
176
510
41
26
386
If you have an Intel CPU with the "PCID" feature, then the security fix for Spectre/Meltdown will have less performance overhead. On macOS, check if you have PCID by opening a terminal and running: `sysctl machdep.cpu.features | grep -o PCID`
6
222
363
1. You can't "pass" a security audit
2. You can't pentest an app secure
3. It's not independent if you paid for it
4. You should advise clients to say otherwise
See the
@trailofbits
guidelines for public citations of our work:
NordPass, as a password managing service, has successfully passed an independent
#security
#audit
by
@cure53berlin
3
3
14
11
76
370
Here's the most correct recap of what's happening with OpenSea right now.
tl;dr The security of web3 platforms depend entirely on wallets with universally poor security UX, and there's very little the platforms can do about it.
19
112
358
This company is going to use photos and video from
@BlackHatEvents
to legitimize themselves for months. Blackhat should exercise copyright over their logo to take it all down.
12
73
355
This is an incredible resource for anyone looking into zeroday exploits and I'm happy to say that I helped with it
3
200
330
I didn’t plan it this way, but rather than send a single person to RSA,
@trailofbits
sent 60 employees and their SOs to a retreat at the Whistler/Blackcomb ski resort this whole week.
7
11
289
Given one arbitrary binary (without source code), we can recreate any number of new versions of it with equivalent functionality but divergent exploitation properties. It works, and it's amazing.
Protecting Software Against Exploitation with DARPA’s CFAR
1
81
158
4
70
247
In the end, this is another reminder that a cloud product is only as good as its operators. If you want a cloud MDM where incompetent management can impulsively nuke their clients without explanation and violate their license terms, then by all means please use Kandji.
23
21
243
Trail of Bits has an iOS security toolkit out today: iVerify. Grab it from the app store here:
Read about it in
@Motherboard
:
and the
@trailofbits
blog:
Introducing iVerify, the security toolkit for iPhone users
6
31
67
9
96
240
This is, without a doubt, the best attempt I've seen to review VPN service providers.
5
80
238
We re-read 23 smart contract audits and found:
- 78% of high impact, easily exploitable findings are discoverable with automated analysis tools
- 50% of all findings will never be found with automated tools
- Unit testing _has no impact on security_
246 Findings From our Smart Contract Audits: An Executive Summary
0
19
58
3
87
228
Great news for Blackhat: hotel doors at Mandalay Bay use ASSA ABLOY Seos hardware, which stock Flipper Zeros can't touch. You need an add-on board to do anything:
7
44
221
Read our comprehensive explainer on the new iOS Boot ROM exploit.
3
101
212
Here's the Solidity bug that lost ~$30MM in ETH today (from the
@trailofbits
internal chat)
6
153
204
UPDATE:
✅Thrown out of 1 Blackhat talk
41
26
386
14
14
206
We're hired to provide industry-best advice
@trailofbits
, and that's exactly what we provided to
@HegicOptions
. How, then, were bugs found in their code mere hours after they deployed it to mainnet? (1/n)
9
61
201
I bought a house with a Japanese Cherry Blossom in the backyard without knowing it. I had a nice surprise this week (before and after):
12
5
190
I've been kicking this around for a while, finally went through with it. /r/SecurityEngineering now exists!
3
99
183
Check out my VPN scripts if you're packing for Vegas this weekend. Streisand for IPSEC:
7
72
171
This week
@trailofbits
✅Released an e2e group chat library
✅Tore down 2 counterfeit phones
✅Reviewed 23 smart contract audits
✅Reported 51 Kubernetes vulns
✅Delivered 0 talks @ BH
4
35
164
Everyone needs to stop hacking Blackboard to preserve it as a right of passage for students to do it.
3
38
151
Nearly all code for Bulletproofs, PlonK, and Girault’s proof of knowledge (crucial for zero knowledge proofs) were broken due to insecure randomness, recommended in the original academic papers for them. Rekt!
Your code might be vulnerable! Our cryptography team has discovered a number of Fiat-Shamir vulnerabilities affecting proof systems such as Bulletproofs and PlonK. Check out this blog series for details and contact us if you think your codebase might be…
12
131
381
3
27
149
So this business... CTS Labs asked us to review their research last week, and sent us a full technical report with PoC exploit code for each set of bugs.
29
129
148
I told
@ConsumerReports
what people needed to hear about password managers: any use is better than no use.
6
85
140
I made 1 final update to the Apple vs FBI post, clarifying that Apple can update the SE and what that means
11
129
135
Phew!
@trailofbits
is 48 employees (42 engineers), and 59 if you count summer interns. I don't know how we hold this ship together some days.
15
1
137
The embargo has been lifted!
@GeminiDotCom
is launching a US regulator-approved, fiat-collateralized, ERC20 stablecoin: the Gemini dollar. I’m pleased to announce that
@trailofbits
completed a security review of it. You can find our public report here:
3
35
125
Before anyone freaks out about "efail", realize that using it would be:
1) extremely easy to detect
2) archived in your target's email
As an attacker, I could not care less about this technique. It's intellectually neat, but operationally stupid.
5
71
129
It’s now been a week, and we still haven’t received an explanation nor do we expect to! Even if it were explained, this behavior is unacceptable for any cloud service and truly malicious for a cloud security company. cc
@badthingsdaily
3
9
124
I read this paper with my team. We have serious reservations about their methodology, and think their claims about impact are grossly overstated. Thread follows.
Millions of dollars in Ethereum are vulnerable to hackers right now
0
14
14
3
50
117
The next day, Kandji pulled the plug on our entire installation and used a kill-switch to silently un-enroll all our devices. This violated their own license agreement, which requires prior notice, an option to cure, and preserving our data, like any good cloud service.
1
10
113
When you hire
@trailofbits
, you typically get innovative automated security tests back. We've systematized this process internally, and are now sharing it publicly.
Here's how we use
@semgrep
for great results, quickly:
We’re thrilled to announce our new Testing Handbook, which gathers insights we gained over years of experience using static and dynamic analysis tools. It goes beyond standard documentation, focusing on giving the right answers rather than all the answers.
1
87
360
1
15
109
no u
A few months ago Cellebrite announced that they would begin parsing data from Signal in their extraction tools. It seems they're not doing that very carefully.
Exploiting vulnerabilities in Cellebrite's software, from an app's perspective:
100
2K
5K
3
20
100
From maintaining Slither alone,
@trailofbits
impact on blockchain security since 2017 is pretty dramatically large. If we win this silly poll, we'll make it even larger by open-sourcing 5 of our private detectors for everyone to use. ☺️
9
12
99
Edge just leapt ahead of Chrome as the most secure browser, no contest.
Edge adds the option for mandatory code signing enforcement and blocking of new executable pages. Killer with cfg.
0
32
39
10
64
95
I wrote up an explainer about the San Bernadino iPhone and the FBI federal court order.
12
112
87
I don't think Google Grr gets enough credit for being awesome. Remote, live memory forensics
3
70
91
Most people are now aware that
@trailofbits
conducted a security review of the Bitcoin Cash client on behalf of
@BitcoinSVNode
. While we cannot release our report in its entirety yet, I wanted to share a few details of what we found…
1
16
61
7
30
88
North Korea stole $2 billion from banks and cryptocurrency exchanges to fund its nuclear and ballistic weapons programs
4
57
84
MDM is a pain in the ass, and we’ve been looking for a new vendor since Fleetsmith was acquired by Apple (and then disabled 90% of their product). Their agent barely worked, and frequently mishandled security updates.
5
6
87
Writing security tests for clients is a big part of the future of
@trailofbits
. First blockchain, then CodeQL, Semgrep, AFL++, and more! Keep an eye on the Automated Testing Handbook for previews... ()
We’re launching a new service: invariant development. We’ll identify, implement, and test security-critical invariants to prevent bugs & secure your codebase over the long term. Plus, we’ll upskill your team to write their own invariants!
6
40
185
7
14
86
The best tool from Microsoft you're probably not using yet: BinScope, the binary analyzer
http://t.co/JaDkI99hUS
1
47
85
There's a bunch of misinformation about the new Firefox exploit so I'd like to clear a few things up.
2
73
84
Yan saved the company from the brink of failure in 2013, built the foundation for our research practice, and spearheaded the development of one of our core technologies. It was a privilege to work with him.
After 6.5 years, today was my last day at
@trailofbits
. Extremely thankful for the opportunities I had with such an amazing team.
8
4
111
0
6
86
Intern projects released this week
@trailofbits
:
✅Designed a featureful, high performance C++ SQLite wrapper
✅Automated analysis of crashes from KRF with Binary Ninja
✅Ported KLEE to work on binary code
0
35
86
Almost died driving in Ft Lauderdale tonight. 1am, in an Uber, and someone is on the wrong side of the road driving straight towards us. Driver calmly moved out of the way and we missed by a few feet. Buckle up and avoid cars when possible!
16
1
79
I adopted a dog from
@koreank9rescue
this weekend! She's a 5-month old Jindo mix with tiger stripes. What should I name her?
20
1
78
It's been ~30 days since I started /r/SecurityEngineering, and I'm really happy with the results so far.
1
18
74
We should prepare for a future where everyone's DNA is public (e.g., laws against abuse of data). There's little sense in preserving privacy, we're just 1 or 2 hacks away from the data being public forever.
9
35
75
.
@trailofbits
reviewed the Voatz mobile, blockchain voting system used in real elections in Colorado, Utah, Oregon, and West Virginia. We published the report in full today, with 79 security issues identified.
2
32
75
If you want
@trailofbits
to offensively hack things in public, you can now submit "adversarial audit" projects to the OTF for us. 🤠
1
19
76
I started 2017 with the intention of giving $12,000 to charity ($1,000 every month). It was tough but I met that goal. Here’s where it went:
3
7
76
McSema can run libFuzzer on binary code now.
1
38
73
At
@trailofbits
, the standard for knowing you’re in trouble has been Googling a question and finding 1 result: a mailing list post from yourself asking the exact same question 4 years ago.
0
6
71
I'm staffing up our DARPA AIxCC team! You'll have full access to the team and resources
@trailofbits
, and join our existing stellar team to compete and win.
1
23
70
Next person to smugly claim the solution to software security is forcing intel agencies to report one bug at a time gets a free face punch.
5
21
74
Here’s me wrapping up my lesson on computer architecture and software exploits to a class at my old high school. I take one day off every year to spend time teaching.
Great visit today from Mineola alum and
@trailofbits
CEO
@dguido
discussing cyber security, exploitations and the little man computer with our
@C2C_QCC
juniors.
#MineolaProud
0
2
11
3
0
74
Hunt for bugs in binaries with advanced static analysis techniques. In this post, Josh reliably finds Heartbleed-type bugs without access to source code.
It's easy to find bugs when you know how to build the right tools. Check out our blog to learn how to model vulnerabilities with Binary Ninja's MLIL and SSA form.
2
132
302
0
26
69
SEAL is making hack back happen on the blockchain, now shipping a legal defense fund for in-scope attempts to intercept and return stolen funds
Three months ago, we released the Whitehat Safe Harbor Agreement, a legal framework to protect whitehats who intercept and return funds.
One of the most common questions we got was, "what happens if someone threatens to sue me anyways"?
9
53
156
1
29
75
If any of you caught our HS intern on Twitter the other week, here's the full writeup of what she did this summer:
8
44
69
Google's plan for End-to-End key distribution is finally public, and it's not Web of Trust
4
100
71
Periodic reminder that NYC has a mature, vibrant security ecosystem. There are dozens of startups, teams, investors, and events, and I'm proud
@trailofbits
is among them. Browse through the full listing here:
5
16
70
Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works.
14
53
66
✅ spin a company out of
@trailofbits
🎉🎉 Big news -- iVerify is leaving the nest!After incubating at
@trailofbits
, we're setting out on our own to become the first mobile threat hunting company dedicated to rooting out mobile spyware without compromising privacy!
1
12
33
8
2
69