Winternship 2022-2023

  • Applications may have closed
Apply for job

Trail of Bits

Remote


About Trail of BitsTrail of Bits helps secure the world’s most targeted organizations and products
We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code
As a cybersecurity research and consulting firm, we serve clients in the defense, tech, finance, and blockchain industries
We help with their most difficult security challenges by designing and building new technology, researching new techniques to advance the state of practice, and reviewing the security of the latest available technology products before they hit the market
Our team consumes, produces, and presents research as a natural part of doing business
When we make new discoveries or developments, we strive to share our knowledge and release our tools as open-source
It’s a practice that’s earned us industry accolades and helped contribute to our double-digit bottom line growth
RoleTrail of Bits offers unique remote, short-term internship opportunities called “Winternships” (Winter Internships)
Winternships generally happen over your University’s winter break
You can get paid (~$2500) to work on a project that excites you and still spend time with your friends and family
Unlike other internships, our "Winternship" program is designed for people who are ready to start working on day 1
You will take skills that you have learned and apply them to short-term low-risk projects that Trail of Bits will actually use
Collaboration and MentorshipTrail of Bits takes advantage of the latest technology to get work done
Winternships will be organized and tracked through Slack, Google Meet, and Github
Projects will have a project inception, schedule, and debrief
You will work with our copywriter to publish an end-of-Winternship blog post that summarizes your work

Requirements

    • You must be a student or recently a student
    • You must have at least 3 weeks of time available between December 5, 2022 and January 27, 2023 to dedicate to the project

Option 1: Propose a project

    • You decide your project
      Projects must be short-term, achievable within the time Winternship, and focused on cybersecurity
      Project materials must be released as open-source code under a permissive license (, Apache2) and be hosted on the after the project concludes

Option 2: Work on one of the projects below

    • Fuzzing:

      Fuzz a given low level open source project with the goal of finding memory corruption bugs
      (ideally, have a target idea you would like to work on)
    • Find Bugs in Rust:

      Learn finding bugs in Rust by developing static analysis rules in Dylint or Semgrep for finding buggy patterns in Substrate-based blockchains
      We have many examples of those, so you can learn quirks of Substrate APIs and blockchains written with this technology
       
    • MUI:

      Extend feature set of MUI, the GUI for Manticore, or extend MUI to operate on an additional platform such as IDA
    • CPython API Misuse:

      Implement CodeQL rules, extend Clang Static Analyzer or implement other static analysis to find CPython API misuses
      There are many ways to go wrong with CPython APIs and many are straightforward to identify like: 1) passing possibly NULL arguments to functions or macros that require non-null argument; 2) violating APIs execution order requirements; 3) failing to check return errors; or 4) reference counting errors
      We have ideas or examples of some of those
    • Go-Fuzz:

      Improve Go-fuzz, a Golang fuzzer
      Help us improve its initial corpus, fix its obscure bugs, implement a corpus minimizer, work on new fuzzing strategies, improve its UX or maybe implement a leak detector? Choose 1-3 goals from this list
    • Rust:

      Extending our fuzzing wrapper for Rust, test-fuzz, by adding cargo-fuzz as a fuzzing backend (in addition to AFL)
       

Company Perks

    • Winterns who perfom well and meet all expectations will be invited back for later roles or internships,
    • Before, during and after COVID-19, our workforce works flexibly
      Many employees choose to work from home around the globe
      As long as you deliver against your goals, we encourage you to harness your personal working style to let you work best
       
    • We routinely highlight the amazing work our employees do via our blog, product offerings, and conference talks
      We celebrate you!
    • We're at the forefront of a number of markets and have the internal expertise and the ambition to capitalize on those opportunities
      Our employees see their work in use and valued by many others

Dedication to diversity, equity, & inclusionTrail of Bits is committed to creating and maintaining a diverse and inclusive workplace where our employees can thrive and be themselves! We welcome all persons into our community
We embrace the diversity of gender, gender identity or expression, race, color, religious creed, national origin, ancestry, age, physical and mental disabilities, medical condition, genetic characteristic, sexual orientation, marital status, family care or medical leave status, military or veteran status, or perceived membership in any of these groups