Vulnerability Research and Red Team

The Vulnerability Research team includes skilled security researchers and analysts. They uncover and report hardware and software vulnerabilities to improve the security of products and services used globally. We deliver these insights and research ahead of the market and advise organizations around the world.

The people behind these efforts are widely sought-after experts who support classified investigations, speak at industry events, and educate influencers across media, academia, and the public sector. Our Red team is composed of ethical hackers conducting tests to strengthen Trellix's security defenses.

Researchers in an office looking at tablet

Research Spotlight

CVE-2023-23397: The Notification Sound You Don’t Want to Hear

During "Patch Tuesday", a new Outlook security vulnerability was revealed as being exploited in the wild. We discuss how it works, the risks, and mitigations.

Read More

Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS

The Trellix Advanced Research Center vulnerability team has discovered a large new class of bugs that allow bypassing code signing to execute arbitrary code in the context of several platform applications, leading to escalation of privileges and sandbox escape on both macOS and iOS.

Read More

Trellix Advanced Research Center Patches 61,000 Vulnerable Open-Source Projects

Late last year, the Trellix Advanced Research Center team uncovered a vulnerability in Python’s tarfile module. As we dug in, we realized this was CVE-2007-4559 – a 15-year-old path traversal vulnerability with potential to allow an attacker to overwrite arbitrary files. We’re excited to share an update on this work. 

Read More

Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System

Vulnerabilities in an industrial control system used to grant physical access to privileged facilities and integrate with more building automation deployments. 

Read More

The OpenSSL Who Cried “Severity: High

This blog will dive into CVE-2023-0286, a type confusion vulnerability that is exercised when OpenSSL processes X.509 GeneralNames containing X.400 addresses. 

Read More

Open-Source Intelligence to Understand the Scope of N-Day Vulnerabilities

The zero-day is the holy grail for cybercriminals; however, N-day vulnerabilities can pose problems even years after discovery. They continuously find their way into new projects as well perpetuating their danger. Unfortunately, open-source software (OSS) can also suffer from unpatched N-days.

Read More

Bug Reports 


A light-reading publication featuring the most impactful vulnerabilities every month

Trellix HAX 2023:
Annual Capture the Flag

Trellix’s Advanced Research Center launched on February the Trellix HAX 2023, our third annual capture the flag (CTF) competition! With 12 new challenges of varying skill levels to test participants mettle against and a SANS course as the first-place prize

See the Results!

Trellix HAX 2022:
Annual Capture the Flag –
Catmen San Fransisco

The Advanced Threat Research team announced our second annual Capture the Flag contest featuring 12 new challenges of varying skill levels, and a Discord server to facilitate competitive collaboration. For this contest, we decided to add a bit of story – so put on your 90’s nostalgia hats, as you assist our heroine, Catmen Sanfrancisco (clearly no relation to Carmen Sandiego).

Read the Story

Advanced Threat Research Tools and Techniques Library

The Trellix Advanced Threat Research team conducts security research with the aim of staying ahead of the evolving threat landscape to expose and reduce attack surfaces. Our series of white papers discuss laboratory security research techniques that are generally known among the professional community of security researchers.
Explore Research Tools


Trellix researchers investigate the attack surfaces in autonomous vehicles as well as the machine learning algorithms and physical-to-digital attacks related to them.

Learn More

Critical Infrastructure

Trellix researchers investigate multiple areas of critical infrastructure implementations, including human machine interface (HMI) software, programmable logic controllers (PLCs), and network protocols, such as MODBUS, ICCP, and others.

Learn More

Healthcare and Medical Devices

Our research explores medical devices, networks, protocols, and security practices to help healthcare organizations innovate securely.

Learn More

Software-Defined Radio

Our research looks at radio frequency, including near-field communications (NFC and RFID) and wireless transmissions to determine potential impacts to network and proximity devices.

Learn More

Browser, Operating System & Enterprise Software

By discovering and disclosing critical vulnerabilities in the world’s most popular software, the Trellix Advanced Research team continuously reduces the overall attack surface for one of the most attractive targets for cybercriminals.

Learn More

Consumer Electronics & IOT

Our researchers look for vulnerabilities in consumer devices to identify threats and guide manufacturers toward more secure products, reducing the potential for attackers to gain access to home or business networks.

Learn More

Walkthroughs and Vulnerabilities 101 Videos

Vulnerability Research 101

Vuln Research 101 (Part 1) - Reconning the Linksys WRT54GL
Vuln Research 101 (Part 2) - Hacking the Linksys WRT54GL via command injection
Vuln Research 101 (Part 3) - Hacking the Linksys WRT54GL via buffer overflow

IoT Hardware Hacking Walk-Thru Series

IoT Hardware Hacking Walk-Thru Part 1
IoT Hardware Hacking Walk-Thru Part 2
IoT Hardware Hacking Walk-Thru Part 3
IoT Hardware Hacking Walk-Thru Part 4
IoT Hardware Hacking Walk-Thru Part 5

Catch The Flag (CTF) Challenge Walk Thru series

CTF Challenge Walk-Thru series

Additional Videos

Trellix Researchers Expose Zero Day Vulnerabilities in Industrial Control System