Automatic exploitation of IoT bugs

Project overview:

  • Goal: Check whether an identified bug constitutes a vulnerability.
  • Location: Amsterdam/Eindhoven
  • Timeframe: 3-6 months
  • Starting: around January 2023
  • Complexity: High
  • Team: Security Specialists
  • Category: Exploit development
  • Supervisor: Sjors/Anna

As a student, you have:


  • an HBO or WO level of education in the relevant domain.

Technical skills:

  • Proven experience or education in software security;
  • Experience with (basic) exploit development;
  • Experience reading ARM and/or MIPS assembly;
  • Experience with Python;
  • Experience with evading exploitation mitigations is a pre;

Soft skills:

  • The ability to work well in an international team environment;
  • Good communication skills, self-organization.

The project you will be working on:

Secura is currently involved in a large-scale EU-level project called SANCUS. The objective of SANCUS is to create and test a framework that can automatically judge the security of an IoT device. One part of this assessment is the automatic detection of vulnerabilities in compiled software. In order to achieve this Secura uses a combination of fuzzing and symbolic execution, which is able to detect bugs in the software. However, in order to conclusively state that a bug is a vulnerability, this bug should have some impact on the security of the software. For this reason, Secura aims to automatic exploit identified bugs.

As an intern, you will be tasked with the following:

  1. Acquire an understanding of the project and used technologies;
  2. Perform a thorough study on the background of the topic, as many solutions already exist, and
    choose a method that works for our use case;
  3. Implement the solution and extend it where necessary;
  4. Test the effectiveness of your implementation and improve it where necessary;
  5. Document the process and results.

Contact us

We would like to receive your CV and motivation letter by mail via

Send email keyboard_arrow_right