The Home of the Security Bloggers Network
Home » Cybersecurity » DevOps »
By Vara Prasad Bandaru
Earlier this year, I successfully completed my internship at Trail of Bits and secured a full-time position as a Blockchain Security Analyst.
This post is not intended to be a technical description of the work I did during my internship. Rather, it is intended to describe my general experience as a Trail of Bits intern. I hope that reading about my experience will motivate others to apply for future internships at Trail of Bits.
First, I will introduce myself and give some background on my technical expertise. Then, I will explain the application and interview processes and describe some of the work I did during my time as an intern (spoiler alert: I worked on Tealer, a static analyzer for Algorand smart contracts!). Finally, I’ll provide a list of takeaways that I would have wanted to know when I applied and a few things I liked about interning at Trail of Bits.
I’m in my final year of my bachelor’s program in computer science at RGUKT Nuzvid, a tier 3 college in India. Before my internship at Trail of Bits in the winter of 2021, I didn’t have much industry experience other than completing one computer science project (Monkey Interpreter, a Python rewrite of a Golang implementation) and competing in capture-the-flag (CTF) competitions. I began competing in CTFs near the end of the first year of my bachelor’s program (and still do on the weekends) under the username S3v3ru5.
I mainly concentrated on cryptography-related challenges, my strongest category, when I first started competing in CTFs. But around August of 2021, I began participating in blockchain-related challenges to gain experience in this technology that everyone is talking about. I was able to complete an easy Solana blockchain challenge in the ALLES CTF and all of the Ethereum blockchain challenges in the Ethernaut CTF, a web3/Solidity-based war game. I began this work only about a month and a half before I applied for my internship at Trail of Bits. As you can see, I didn’t have much blockchain experience beforehand.
It was through my work on these CTFs that I became familiar with Trail of Bits. I would always see Trail of Bits in the sponsors section of the CTFs I competed in, and I still remember solving a challenge presented by Trail of Bits in one of the CSAW finals. I always referred to (and still do) the Trail of Bits CTF guide and blog posts, especially “ECDSA: Handle with Care.”
As I was approaching the end of 2021, I started looking into cybersecurity internships, mainly those related to cryptography (my strong suit) and blockchain (my most recent area of interest). There were very few internships that both related to my interests and would accept a bachelor’s student who had no prior experience other than competing in CTFs and who hadn’t completed many projects. But I did remember that Trail of Bits is a top cybersecurity research and consulting firm that values CTFs, emphasizes self-learning, and gives people chances.
I decided to look into Trail of Bits’s open roles and discovered the winternship program. These interns work on a Trail of Bits project, or even on their own security-related projects, under the guidance of a mentor. The internship is paid and takes place over the winter break to give students and new security engineers real industry experience and an opportunity to write a publication for their resumes. An internship at Trail of Bits could even lead to an offer for a full-time role.
I wasn’t working on any projects at the time I applied for the internship, so I decided to apply for a few of the available Trail of Bits projects that seemed interesting to me. First, I applied to two projects that would allow me to gain more experience with blockchain technology: Manticore, a symbolic execution tool developed by Trail of Bits for analyzing Ethereum smart contracts and Linux ELF binaries, and a project researching the Solana blockchain. Both Ethereum and Solana are blockchains I’m technically familiar with, so I thought those projects would be a good fit. However, I later decided to apply to work on Tealer, a static analyzer for code written in Teal, an assembly-like language used in the Algorand blockchain. Even though I didn’t have experience with static analysis or the Algorand blockchain, Tealer was both a relatively small and new project: I knew that I could easily read through the source code to get my feet wet and that my work on this project could form the basis for future work. Finally, the application procedure was the same for all three projects, so I thought, “why not?”
I was invited to an initial 30-minute phone screen to discuss both Manticore and Tealer. It was my first interview, so I was a little nervous, but the Trail of Bits engineer I interviewed with, Felipe Manzano (who later became one of my mentors), made the experience enjoyable and stress-free. It felt more like a casual conversation with a friend about the work and my experience and interests. After that, we had another five-minute call to discuss the internship start date, the place of work, and other onboarding information. I received the offer letter later that day: I was selected to work on Tealer, the project I was hesitant to apply for.
I was surprised by this interview process. It was entirely different from many of my friends’ experiences interviewing with other companies. My interview was easy and better than most in every way for an internship role.
As I prepared for my first internship, I realized that I was not familiar with many of the tools and concepts that I would be working with. For example, I hadn’t worked with the Algorand blockchain or static analysis tools, and I wasn’t very experienced in Git or GitHub. I was worried that I was going to fail in my internship if I didn’t put in the effort to learn these tools and concepts before my internship started.
My internship was supposed to start on December 13, 2021, so I started my preparation on the first day of December. I read through various resources to learn about static analysis, the Algorand blockchain, Git, and GitHub during the first 10 days of December. I was able to see the results of my preparation when I found issues in Tealer’s parsing of Teal code compared to the developer docs, even before the start of my internship!
Because of the level of preparation I did before my start date, I was able to start my work on Tealer on my first day. During my internship, I accomplished the following:
I really liked working on Tealer, and my internship overall was an excellent experience. All my work was open for review and merged after approval. I received very good feedback and help whenever I was stuck. I was able to be involved in active discussions about the tool. And receiving an offer for a full-time position because of my performance in the internship made my experience even better.
I’d like to offer some tips to prospective interns that I wish I had heard before my internship. Now that I have first-hand experience with a Trail of Bits internship, I can speak to how true these tips really are.
I can’t say enough good things about my experience interning at Trail of Bits. From the stress-free interview process, to my ability to participate in active discussions about the project, to the direct merging of my work, it was a great experience. In short, I was an intern, but I felt like a full-time employee. Still, here are some highlights from my internship:
I’d like to thank Felipe Manzano and Josselin Feist for giving me free rein over the project and making my first internship an extraordinary learning experience. Also, thank you to Trail of Bits for extending the offer to join the company full-time after my studies. This internship couldn’t have been any better, and I am hoping for a similar experience in my full-time role.
One thing I wanted to change while writing this blog post is the use of the word “I.” Using “I” makes it feel like this experience was solely mine. This isn’t true: this story could have easily been yours. Make sure to look out for the next open internships at Trail of Bits and have your own extraordinary experience.
*** This is a Security Bloggers Network syndicated blog from Trail of Bits Blog authored by Trail of Bits. Read the original post at: https://blog.trailofbits.com/2022/10/05/trail-of-bits-internship-blockchain-tealer/
Working on blockchains as a Trail of Bits intern – Security Boulevard
The Home of the Security Bloggers Network