Winternship 2021 - 2022

Remote /
Internships – Internships /
About Trail of Bits
Trail of Bits helps secure the world’s most targeted organizations and products. We combine high-end security research with a real-world attacker mentality to reduce risk and fortify code.

As a cybersecurity research and consulting firm, we serve clients in the defense, tech, finance, and blockchain industries. We help with their most difficult security challenges by designing and building new technology, researching new techniques to advance the state of practice, and reviewing the security of the latest available technology products before they hit the market.

Our team consumes, produces, and presents research as a natural part of doing business. When we make new discoveries or developments, we strive to share our knowledge and release our tools as open-source. It’s a practice that’s earned us industry accolades and helped contribute to our double-digit bottom line growth.

Trail of Bits offers unique remote, short-term internship opportunities called “Winternships” (Winter Internships). Winternships generally happen over your University’s winter break. You can get paid (~$2500) to work on a project that excites you and still spend time with your friends and family.

Collaboration and Mentorship
Trail of Bits takes advantage of the latest technology to get work done. Winternships will be organized and tracked through Slack, Google Meet, and Github. Projects will have a project inception, schedule, and debrief. You will work with our copywriter to publish an end-of-Winternship blog post that summarizes your work.


    • You must be a student or recently a student
    • You must have at least 3 weeks of time available between December 6, 2021 and January 28, 2022 to dedicate to the project.
    • You should have the legal right to work in the United States now or by the time you graduate
    • OPTION 1
    • You decide your project. Projects must be short-term, achievable within the time Winternship, and focused on cybersecurity. Project materials must be released as open-source code under a permissive license (e.g., Apache2) and be hosted on the Trail of Bits Github organization after the project concludes.
    • OPTION 2: You work on one of the projects below
    • Fuzzing: Fuzz a given low level open source project with the goal of finding memory corruption bugs. (ideally, have a target idea you would like to work on)
    • Find Bugs in Rust: Learn finding bugs in Rust by developing static analysis rules in Dylint or Semgrep for finding buggy patterns in Substrate-based blockchains. We have many examples of those, so you can learn quirks of Substrate APIs and blockchains written with this technology.
    • MUI: Extend feature set of MUI, the GUI for Manticore, or extend MUI to operate on an additional platform such as IDA.
    • CPython API Misuse: Implement CodeQL rules, extend Clang Static Analyzer or implement other static analysis to find CPython API misuses. There are many ways to go wrong with CPython APIs and many are straightforward to identify like: 1) passing possibly NULL arguments to functions or macros that require non-null argument; 2) violating APIs execution order requirements; 3) failing to check return errors; or 4) reference counting errors. We have ideas or examples of some of those.
    • Go-Fuzz: Improve Go-fuzz, a Golang fuzzer. Help us improve its initial corpus, fix its obscure bugs, implement a corpus minimizer, work on new fuzzing strategies, improve its UX or maybe implement a leak detector? Choose 1-3 goals from this list.
    • Rust: Extending our fuzzing wrapper for Rust, test-fuzz, by adding cargo-fuzz as a fuzzing backend (in addition to AFL).
    • Echidna: Improve Echidna UI/UX parts (for instance, implement HTML coverage output, system compatibility and distribution), Profile performance and improve fuzzing speed, Add tests and work on simplifying and documenting the code. This project requires familiarity with Haskell or a similar functional programming language. Please comment on your experience in your application.
    • OPTION 3: If you don't see a project here that interests you and don't wish to propose one, see what other internship projects are available on our career page!

Company Perks

    • Before, during and after COVID-19, our workforce works flexibly. Many employees choose to work from home around the globe. As long as you deliver against your goals, we encourage you to harness your personal working style to let you work best.
    • We routinely highlight the amazing work our employees do via our blog, product offerings, and conference talks. We celebrate you!
    • We're at the forefront of a number of markets and have the internal expertise and the ambition to capitalize on those opportunities. Our employees see their work in use and valued by many others.
Dedication to diversity, equity, & inclusion
Trail of Bits is committed to creating and maintaining a diverse and inclusive workplace where our employees can thrive and be themselves! We welcome all persons into our community. We embrace the diversity of gender, gender identity or expression, race, color, religious creed, national origin, ancestry, age, physical and mental disabilities, medical condition, genetic characteristic, sexual orientation, marital status, family care or medical leave status, military or veteran status, or perceived membership in any of these groups.

If you’re interested, submit your resume and a little bit about the project you’d like to work on.