Trellix Logo

Vulnerability Research & Red Team

The Vulnerability Research team includes skilled security researchers and analysts. They uncover and report hardware and software vulnerabilities to improve the security of products and services used globally. We deliver these insights and research ahead of the market and advise organizations around the world. The people behind these efforts are widely sought-after experts who support classified investigations, speak at industry events, and educate influencers across media, academia, and the public sector. Our Red team is composed of ethical hackers conducting tests to strengthen Trellix's security defenses.

Researchers in an office looking at tablet

Research Spotlight

CVE-2023-23397: The Notification Sound You Don’t Want to Hear

During "Patch Tuesday", a new Outlook security vulnerability was revealed as being exploited in the wild. We discuss how it works, the risks, and mitigations.

Read More

Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS

The Trellix Advanced Research Center vulnerability team has discovered a large new class of bugs that allow bypassing code signing to execute arbitrary code in the context of several platform applications, leading to escalation of privileges and sandbox escape on both macOS and iOS.

Read More

Trellix Advanced Research Center Patches 61,000 Vulnerable Open-Source Projects

Late last year, the Trellix Advanced Research Center team uncovered a vulnerability in Python’s tarfile module. As we dug in, we realized this was CVE-2007-4559 – a 15-year-old path traversal vulnerability with potential to allow an attacker to overwrite arbitrary files. We’re excited to share an update on this work. 

Read More

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System

Vulnerabilities in an industrial control system used to grant physical access to privileged facilities and integrate with more building automation deployments. 

Read More

The OpenSSL Who Cried “Severity: High

This blog will dive into CVE-2023-0286, a type confusion vulnerability that is exercised when OpenSSL processes X.509 GeneralNames containing X.400 addresses. 

Read More

Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities

The zero-day is the holy grail for cybercriminals; however, N-day vulnerabilities can pose problems even years after discovery. They continuously find their way into new projects as well perpetuating their danger. Unfortunately, open-source software (OSS) can also suffer from unpatched N-days.

Read More

Bug Reports 

 

A light-reading publication featuring the most impactful vulnerabilities every month

August 2023

Welcome back to The Bug Report, the hotter-than-hell Texas edition, featuring CVE-2022-40982 (aka Downfall), CVE-2023-38831, CVE-2023-32315 and CVE-2023-38035.

Read More

July 2023

Summer is now in full swing, and our July Bug Report has some red-hot actively-exploited vulns to match: CVE-2023-36884, CVE-2023-3519, and CVE-2023-29298.

Read More

June 2023

This June, we are all in-the-wild, all the time, helping you secure your own oxygen mask and assist others, in this edition of the Bug Report.

Read More

May 2023

April showers bring May flowers, but what do May flowers bring? CVE-2023-28771, CVE-2023-2868, and CVE-2023-24932, apparently.

Read More

April 2023

Those returning from spring break have been met with critical vulns like CVE-2023-28205, CVE-2023-29389, CVE-2023-28252, and CVE-2023-2033 - read to learn more.

Read More

March 2023

Welcome back to the Bug Report, Ides of March edition! This month features CVE-2023-24033, CVE-2023-21036 (Acropalypse), CVE-2023-23397, and CVE-2023-24880.

Read More

February 2023

Love and RCE payloads were in the air this February. So sit back, grab your leftover conversation hearts, and let's dive into last month's top CVEs.

Read More

January 2023

January began with a headache on a Sunday morning and, if you happen to be on the receiving end of this month's remote code excitement, it ended with one, too.

Read More

December 2022

Let's say hello to this month's list of naughty bugs! We even have a mention by the NSA! Naughty naughty, Citrix!

Read More

November 2022

The world of software security is not slowing down as the holidays approach, so there is plenty of delicious content to gobble up in this month’s Bug Report!

Read More

October 2022

Welcome back to the Bug Report: Spooky Edition, and we’ve got bugs crawling out of the walls! Appropriately, this month is rich with Spooky Scary Shelletons.

Read More

September 2022

Welcome back to the Bug Report, don’t-stub-your-toe edition! With a couple of exceptions, September has been a very welcome slow month for major bugs.

Read More

August 2022

Welcome to back to The Bug Report! Before we say goodbye to the last days of summer, let’s revisit some of the most striking bugs of August 2022.

Read More

July 2022

Welcome to the Bug Report, Heat Wave Edition! This month we have something special for you with CVE-2022-2107. But don’t worry, if that’s too hot for you to handle we also have two more vulnerabilities that cause headaches

Read More

June 2022

This month’s bug report dives into two critical bugs targeting important business applications; CVE-2022-26134, CVE-2022-30190, CVE-2022-22980.

Read More

May 2022

This month’s Bug Report highlights the importance of properly implemented and tested authentication by reviewing: CVE-2022-1388, CVE-2022-26925, and CVE-2022-22972.

Read More

April 2022

This month’s bug report includes CVE-2022-21449, a critical flaw in Java’s ECDSA implementation; CVE-2022-21449, a fully-remote, pre-authentication vuln in MSRPC; and so much more.

Read More

Trellix HAX 2023:
Annual Capture the Flag

Trellix’s Advanced Research Center launched on February the Trellix HAX 2023, our third annual capture the flag (CTF) competition! With 12 new challenges of varying skill levels to test participants mettle against and a SANS course as the first-place prize

See the Results!

Trellix HAX 2022:
Annual Capture the Flag –
Catmen San Fransisco

The Advanced Threat Research team announced our second annual Capture the Flag contest featuring 12 new challenges of varying skill levels, and a Discord server to facilitate competitive collaboration. For this contest, we decided to add a bit of story – so put on your 90’s nostalgia hats, as you assist our heroine, Catmen Sanfrancisco (clearly no relation to Carmen Sandiego).

Read the Story

Advanced Threat Research Tools & Techniques Library

The Trellix Advanced Threat Research team conducts security research with the aim of staying ahead of the evolving threat landscape to expose and reduce attack surfaces. Our series of white papers discuss laboratory security research techniques that are generally known among the professional community of security researchers.

Explore Research Tools

Automotive

Trellix researchers investigate the attack surfaces in autonomous vehicles as well as the machine learning algorithms and physical-to-digital attacks related to them.

Learn More

Critical Infrastructure

Trellix researchers investigate multiple areas of critical infrastructure implementations, including human machine interface (HMI) software, programmable logic controllers (PLCs), and network protocols, such as MODBUS, ICCP, and others.

Learn More

Healthcare and Medical Devices

Our research explores medical devices, networks, protocols, and security practices to help healthcare organizations innovate securely.

Learn More

Software-Defined Radio

Our research looks at radio frequency, including near-field communications (NFC and RFID) and wireless transmissions to determine potential impacts to network and proximity devices.

Learn More

Browser, Operating System & Enterprise Software

By discovering and disclosing critical vulnerabilities in the world’s most popular software, the Trellix Advanced Research team continuously reduces the overall attack surface for one of the most attractive targets for cybercriminals.

Learn More

Consumer Electronics & IOT

Our researchers look for vulnerabilities in consumer devices to identify threats and guide manufacturers toward more secure products, reducing the potential for attackers to gain access to home or business networks.

Learn More

Walkthroughs & Vulnerabilities 101 Videos

Vulnerabilities 101
IoT Hacking
CTF Challenge
Extras

Vulnerability Research 101

Vuln Research 101 (Part 1) - Reconning the Linksys WRT54GL

Vuln Research 101 (Part 2) - Hacking the Linksys WRT54GL via command injection

Vuln Research 101 (Part 3) - Hacking the Linksys WRT54GL via buffer overflow

IoT Hardware Hacking Walk-Thru Series

IoT Hardware Hacking Walk-Thru Part 1

IoT Hardware Hacking Walk-Thru Part 2

IoT Hardware Hacking Walk-Thru Part 3

IoT Hardware Hacking Walk-Thru Part 4

IoT Hardware Hacking Walk-Thru Part 5

Catch The Flag (CTF) Challenge Walk Thru series

CTF Challenge Walk-Thru series

Additional Videos

Trellix Researchers Expose Zero Day Vulnerabilities in Industrial Control System