Published on

2024 Cyber Security Research Internship

Authors
  • avatar
    Name
    Prashant Anantharaman
    Twitter

Narf Industries is looking to hire an intern (Spring 2024 or Summer 2024) for a Department of Energy project where we are designing efficient hardware-level packet processors (in both SDN and FPGA forms) to detect syntactic and semantic anomalies in SCADA traffic. This internship aims to develop highly parallelized, efficient, and complete network protocol pipelines in hardware for application-layer SCADA protocols.

Most state-of-the-art FPGA-based packet processing solutions are focused on packet filtering and forwarding. Correct and resilient deep packet inspection (DPI) and payload interpretation, especially at scale, is an ongoing research problem across many protocols and network topologies. Anomaly detectors in SCADA networks use span ports to maintain throughput and availability requirements and may receive a high-rate feed from across an entire utility network. To meet this need, Narf’s packet processing tools will deploy complete, language-theoretic security-compliant parsers that strictly implement the protocol specifications.

Impact
The tools developed in this project would be tested on large-scale hardware-in-the-loop simulators and be transitioned to commercial utility partners.

About you
The right candidate will be enrolled in a graduate computer science or computer engineering degree and have experience designing packet processing pipelines for SDN data plane and/or FPGA NICs using high-level synthesis tools. This is a paid, remote, and full-time position. However, the candidate must reside in the United States. The duration of the internship is 3 to 6 months.

About Narf Industries
We are a small, boutique cybersecurity firm focused on building high-quality solutions for government and commercial clients. At Narf, you would work with security researchers and software engineers with decades of experience. Our employees have presented at top hacker conferences (DEF CON, Black Hat, ShmooCon, REcon) and won several CTF competitions.

To apply
You must send a crafted TCP-encapsulated Modbus Write Single Coil request that contains all fields but contains an incorrect Modbus length field. The server at 134.209.175.2:1234 will respond with an encoded response containing instructions on applying. (References: Modbus header specification (section 3.1.3), Modbus payload specification (page 2-Figure 1; page 17), packet capture).

We will be accepting applications starting October 24, 2023 until December 31, 2023 or until the position is filled. This post will be updated when the position is closed.