cURL audit: How a joke led to significant findings | allinfosecnews.com

Feb. 14, 2023, 1:20 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

By Maciej Domanski

In fall 2022, Trail of Bits audited cURL, a widely-used command-line utility that transfers data between a server and supports various protocols. The project coincided with a Trail of Bits maker week, which meant that we had more manpower than we usually do, allowing us to take a nonstandard approach to the audit.

While discussing the threat model of the application, one of our team members jokingly asked, “Have we tried curl AAAAAAAAAA… yet”? Although the comment …

application audit bits command curl data findings led project protocols server team threat threat model trail of bits utility

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Mounting global ransomware attacks significantly impact US 52 minutes ago | malware.news

article attacks avril haines director +12

Media, think tank, service spoofing conducted in APT42 cyberespionage operations 52 minutes ago | malware.news

apt42 campaigns charming kitten cyberespionage +30

Old vulnerable D-Link routers subjected to novel Goldoon botnet attacks 52 minutes ago | malware.news

april article attacks botnet +13

Android apps targeted by new Dirty Stream attack 52 minutes ago | malware.news

android android apps apps arbitrary code +18

Details on 2021 Chemonics hack remain scant 52 minutes ago | malware.news

agency article compromised cyberattack +11

Data breach impacts Airsoft community site 52 minutes ago | malware.news

article breach cloud cloud storage +20

New AI security bill unveiled in Senate 52 minutes ago | malware.news

act ai act ai security article +15

Path traversal vulnerability elimination in software sought by feds 52 minutes ago | malware.news

agency article bleepingcomputer cybersecurity +17

Accelerated patching found with CISA KEV catalog-listed flaws 52 minutes ago | malware.news

agency article catalog cisa +24

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Offensive Security Engineer

@ Ivanti | United States, Remote

View on infosec-jobs.com

Senior Security Engineer I

@ Samsara | Remote - US

View on infosec-jobs.com

Senior Principal Information System Security Engineer

@ Chameleon Consulting Group | Herndon, VA

View on infosec-jobs.com

Junior Detections Engineer

@ Kandji | San Francisco

View on infosec-jobs.com

Data Security Engineer/ Architect - Remote United States

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700

View on infosec-jobs.com