Trellix Logo

Adversarial & Vulnerability Research

What We Do

The Trellix Advanced Research Center is the premier partner of security operations teams around the world. Across our research areas, our security analysts and researchers produce actionable real-time intelligence and threat indicators to help customers detect, respond and remediate the latest cybersecurity threats.

Our goal is to identify and illuminate a broad spectrum of threats in today's complex landscape through research in nearly every vertical of threat, including those targeting financial, retail, manufacturing, critical infrastructure medical, industrial controls and many other industries. Our Adversarial & Vulnerability Research Team looks to uncover and understand the latest adversarial activity across the globe along, how it impacts our daily lives and how solve for those threats. Skilled security researchers and analysts uncover and report hardware and software vulnerabilities to improve the security of products and services used globally. We deliver these insights and research ahead of the market and advise organizations around the world. The group behind these efforts are widely sought-after experts, supporting classified investigations, speaking at industry events, and educating influencers across media, academia, analysts and the public sector.

 

View the Tools & Techniques Library

The Threat Report - Fall 2022

Latest Report

Trellix Advanced Research Center analyzes Q3 2022 threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.

Read Report

The Bug Reports

A light-reading publication featuring the most impactful vulnerabilities every month

 

December 2022

Let's say hello to this month's list of naughty bugs! We even have a mention by the NSA! Naughty naughty, Citrix!

Read More

 

November 2022

The world of software security is not slowing down as the holidays approach, so there is plenty of delicious content to gobble up in this month’s Bug Report!

Read More

 

October 2022

Welcome back to the Bug Report: Spooky Edition, and we’ve got bugs crawling out of the walls! Appropriately, this month is rich with Spooky Scary Shelletons.

Read More

 

September 2022

Welcome back to the Bug Report, don’t-stub-your-toe edition! With a couple of exceptions, September has been a very welcome slow month for major bugs.

Read More

 

August 2022

Welcome to back to The Bug Report! Before we say goodbye to the last days of summer, let’s revisit some of the most striking bugs of August 2022.

Read More

 

July 2022

Welcome to the Bug Report, Heat Wave Edition! This month we have something special for you with CVE-2022-2107. But don’t worry, if that’s too hot for you to handle we also have two more vulnerabilities that cause headaches

Read More

 

June 2022

This month’s bug report dives into two critical bugs targeting important business applications; CVE-2022-26134, CVE-2022-30190, CVE-2022-22980.

Read More

 

May 2022

This month’s Bug Report highlights the importance of properly implemented and tested authentication by reviewing: CVE-2022-1388, CVE-2022-26925, and CVE-2022-22972.

Read More

 

April 2022

This month’s bug report includes CVE-2022-21449, a critical flaw in Java’s ECDSA implementation; CVE-2022-21449, a fully-remote, pre-authentication vuln in MSRPC; and so much more.

Read More

 

March 2022

Welcome back to the March 2022 Bug Report, for those that are unfamiliar, every month we compile a shortlist of the top vulnerabilities of the month.

Read More

 

February 2022

Welcome back to the February 2022 Bug Report, for those that are unfamiliar, every month we compile a shortlist of the top vulnerabilities of the month.

Read More

 

January 2022

New year, new bugs! And we don’t mean the creepy crawly type, but rather the vulnerabilities that exist across today’s security landscape you should be aware of. Keep reading to learn the latest and greatest so you can stay ahead of adversaries.

Read More

 

December 2021

New year, new bugs! And we don’t mean the creepy crawly type, but rather the vulnerabilities that exist across today’s security landscape you should be aware of. Keep reading to learn the latest and greatest so you can stay ahead of adversaries.

Read More

Research Spotlight

Unauthenticated Remote Code Execution in a Wide Range of DrayTek Vigor Routers

The Trellix Advanced Research team unauthenticated remote code execution vulnerability, filed under CVE-2022-32548 affecting multiple DrayTek routers.

Read More

Tarfile: Exploiting the World With a 15-Year-Old Vulnerability

Trellix Advanced Research Center stumbled across a vulnerability in Python’s tarfile module. As we dug into the issue, we realized this was in fact CVE-2007-4559.

Read More

The Race to Secure eBPF for Windows

Highlights on the rising threats of ransomware attacks and ransom payments, enabled by cryptocurrency. This blog outlines why this is a concerning trend and how Trellix helps organizations detect, respond to remediate threats to be better prepared.

Read More

Connected Healthcare: A Cybersecurity Battlefield We Must Win

The medical industry is at unique risk of attack due to the numerous purpose-built devices. Their lack of ubiquity creates a false sense of security and reduced scrutiny from the security research industry.

Read More

The Sound of Malware

We have frequently used code comparisons and visualizations but would it be possible to compare malware samples using a more abstract technique? What about sound?

Read More

Critical Flaws in Widely Used Building Access Control System

Vulnerabilities in an industrial control system used to grant physical access to privileged facilities and integrate with more building automation deployments.

Read More

Automotive

Trellix researchers investigate the attack surfaces in autonomous vehicles as well as the machine learning algorithms and physical-to-digital attacks related to them.

Learn More

Critical Infrastructure

Trellix researchers investigate multiple areas of critical infrastructure implementations, including human machine interface (HMI) software, programmable logic controllers (PLCs), and network protocols, such as MODBUS, ICCP, and others.

Learn More

Healthcare and Medical Devices

Our research explores medical devices, networks, protocols, and security practices to help healthcare organizations innovate securely.

Learn More

Software-Defined Radio

Our research looks at radio frequency, including near-field communications (NFC and RFID) and wireless transmissions to determine potential impacts to network and proximity devices.

Learn More

Browser, Operating System & Enterprise Software

By discovering and disclosing critical vulnerabilities in the world’s most popular software, the Trellix Advanced Research team continuously reduces the overall attack surface for one of the most attractive targets for cybercriminals.

Learn More

Consumer Electronics & IOT

Our researchers look for vulnerabilities in consumer devices to identify threats and guide manufacturers toward more secure products, reducing the potential for attackers to gain access to home or business networks.

Learn More