About Trail of BitsTrail of Bits helps secure the world’s most targeted organizations and products.
We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.
As a cybersecurity research and consulting firm, we serve clients in the defense, tech, finance, and blockchain industries.
We help with their most difficult security challenges by designing and building new technology, researching new techniques to advance the state of practice, and reviewing the security of the latest available technology products before they hit the market.
Our team consumes, produces, and presents research as a natural part of doing business.
When we make new discoveries or developments, we strive to share our knowledge and release our tools as open-source.
It’s a practice that’s earned us industry accolades and helped contribute to our double-digit bottom line growth.
RoleTrail of Bits offers unique remote, short-term internship opportunities called “Winternships” (Winter Internships).
Winternships generally happen over your University’s winter break.
You can get paid (~$2500) to work on a project that excites you and still spend time with your friends and family.
Unlike other internships, our "Winternship" program is designed for people who are ready to start working on day 1.
You will take skills that you have learned and apply them to short-term low-risk projects that Trail of Bits will actually use.
Collaboration and MentorshipTrail of Bits takes advantage of the latest technology to get work done.
Winternships will be organized and tracked through Slack, Google Meet, and Github.
Projects will have a project inception, schedule, and debrief.
You will work with our copywriter to publish an end-of-Winternship blog post that summarizes your work.
- You must be a student or recently a student
- You must have at least 3 weeks of time available between December 5, 2022 and January 27, 2023 to dedicate to the project
Option 1: Propose a project
- You decide your project.
Projects must be short-term, achievable within the time Winternship, and focused on cybersecurity.
Project materials must be released as open-source code under a permissive license (e.
, Apache2) and be hosted on the after the project concludes.
Option 2: Work on one of the projects below
Fuzz a given low level open source project with the goal of finding memory corruption bugs.
(ideally, have a target idea you would like to work on)
Find Bugs in Rust:
Learn finding bugs in Rust by developing static analysis rules in Dylint or Semgrep for finding buggy patterns in Substrate-based blockchains.
We have many examples of those, so you can learn quirks of Substrate APIs and blockchains written with this technology.
Extend feature set of MUI, the GUI for Manticore, or extend MUI to operate on an additional platform such as IDA.
CPython API Misuse:
Implement CodeQL rules, extend Clang Static Analyzer or implement other static analysis to find CPython API misuses.
There are many ways to go wrong with CPython APIs and many are straightforward to identify like: 1) passing possibly NULL arguments to functions or macros that require non-null argument; 2) violating APIs execution order requirements; 3) failing to check return errors; or 4) reference counting errors.
We have ideas or examples of some of those.
Improve Go-fuzz, a Golang fuzzer.
Help us improve its initial corpus, fix its obscure bugs, implement a corpus minimizer, work on new fuzzing strategies, improve its UX or maybe implement a leak detector? Choose 1-3 goals from this list.
Extending our fuzzing wrapper for Rust, test-fuzz, by adding cargo-fuzz as a fuzzing backend (in addition to AFL).
- Winterns who perfom well and meet all expectations will be invited back for later roles or internships,
- Before, during and after COVID-19, our workforce works flexibly.
Many employees choose to work from home around the globe.
As long as you deliver against your goals, we encourage you to harness your personal working style to let you work best.
- We routinely highlight the amazing work our employees do via our blog, product offerings, and conference talks.
We celebrate you!
- We're at the forefront of a number of markets and have the internal expertise and the ambition to capitalize on those opportunities.
Our employees see their work in use and valued by many others.
Dedication to diversity, equity, & inclusionTrail of Bits is committed to creating and maintaining a diverse and inclusive workplace where our employees can thrive and be themselves! We welcome all persons into our community.
We embrace the diversity of gender, gender identity or expression, race, color, religious creed, national origin, ancestry, age, physical and mental disabilities, medical condition, genetic characteristic, sexual orientation, marital status, family care or medical leave status, military or veteran status, or perceived membership in any of these groups.