CoreTech Summer Internship: Fred

After completing my second year of study of Computer Science at the University of Warwick, I came to CoreTech excited to gain some much-needed industry experience. I had worked remotely the previous summer doing iOS development for a start-up company, but I was eager to have an introduction to work within the cyber sector.

Through a university careers fair, I met with Chris C, Chris D and Mark B who each gave an overview of the three teams at CoreTech. Initially I was interested in joining the Vulnerability Research team and, following their advice, sent my CV to a recruitment inbox. After some backwards and forwards emails between myself and Chris C, I was provided with a more detailed depiction of day-to-day life within the company and was able to switch to interview for the Capability Development team. This was a choice that I was glad I made as I found that the Dev team’s work was far more suited to my skillset. It is important to note that once started I was impressed with how tightly knit the three teams are and how each project has room for versatility across multiple teams.

Finding a place to live over the course of the 10-week opportunity was daunting but, following advice from the recruitment team, I contacted local university halls for temporary summer lets. There were quite a few available in the area but I can recommend my choice for the first 7-weeks of the internship of Collegiate Shaftesbury Halls. Although their rental period does not span the whole contract it was an exceptionally cheap £500 in total – saving a large budget for the final three weeks – and only a 15-minute walk from the office. When looking at student accommodation I found that my student ID opened a lot of doors (despite being from a different University) and Collegiate was happy to let me move in a week earlier to facilitate my starting date.

Even before stepping foot in the office, CoreTech were extremely welcoming – setting me up with a buddy, Max S, and sending chocolates on receipt of my signed contract. The buddy scheme at the company was a great way to help me feel welcome; Max took me out to the flight club and for a couple of drinks on the weekend before I joined. Although everyone within the company has turned out to be incredibly friendly it was nice to have one face to recognise on the first day. Before this internship I had never been to Cheltenham or the surrounding area before but after joining everyone several times for drinks out after work that became far less daunting.

Overall, I appreciated how inclusive CoreTech were to me as an intern – I know from friends doing internships elsewhere that often they were made to feel isolated from full-time employees. Jamie, the other intern at the time, and I were invited to almost every company update and meeting - with our thoughts and input properly valued. Despite our field of operation, the company are very big on sharing knowledge and resources as much as they can. Bookstack is used by all employees to build a collective bank of guides and advice to approach a range of technical day-to-day challenges. It was also nice that as interns we were still encouraged to add our workings to this resource – again promoting that we were valued by the company.

This moves me on to focus on the work packages we were assigned over the course of the internship. The first task I was set to complete was a whitepaper on LLVM JIT and its applications. This task was assigned to me as my third-year project, when I return to university, will be focused on encrypting JIT applications. I appreciate the company taking my personal interests into account and an ambition to ensure that all employees are doing work they’re truly passionate about resonates throughout the organisation.

My second task, and our first collaborative task, was to setup a man-in-the-middle attack on an Android application for managing an IoT device to intercept firmware updates – see Jamie’s blog for more details on this.

Our final work package was to develop a custom native binary for Android to silently detect and offload screen lock/unlock events. This task was a capability development task and therefore better suited to my interests. We spent some time together researching the nuances of native Android development and made several iterations of our final product. This exposed me to a portion of the vigorous development lifecycle that operates within software development teams and specifically within security conscious development. Undertaking this project with 1-2 week “sprints” allowed us to rigorously test our solution to ensure that we produced work of a high standard. This project gave me a unique opportunity to learn the specifics of robust software development and the importance of following the right coding standards and practices. The creativity and freedom offered for this deliverable were well received by me and Jamie; we made calls to Android’s PowerManager service using Binder to capture screen status, which was sent with TLV-encoding via POST requests to our flask server for logging and interpretation. This project showed us the importance of researching the optimal method to complete certain tasks.

The work packaged format of tasks accurately replicated client projects – with set technical leads, customers and a detailed breakdown of deliverables. Despite this structure, the academy leads prompted us to be creative with our solutions and take the project to where we wanted it to go. The academy provided a niche freedom to explore areas of a project that we were particularly interested in and, although there was an expectation to achieve the set deliverables, we were encouraged to adjust to our findings along the way.

We were given a pro-rated holiday over the course of the 10-week programme and, despite being set paired projects, there was always work to keep us busy while each other were on leave. During a week that Jamie was away I worked on extending our native Android capability to support two-way communication. This was a great project as it provided the perfect balance of being a challenging, yet achievable, standalone deliverable which also maintained familiarity by staying within the context of our previous work. Over the course of the 5-day period I designed and implemented four distinct solutions to the task which favoured different client priorities. Working alongside fellow capability developers has taught me the importance of considering several avenues during development to ensure that the client receives a robust final product that best suits their operational context.

To close our internship, we worked with Dale and Guy in the newly built hardware lab. On our first day with them, we learnt how to cleanly extract components from a PCB using a heat gun. To prepare the target component, we learnt the importance of applying flux to ensure a smooth removal. Using tweezers, we could then carefully place extracted components in a specialised header of a DATAMAN 40-pin device programmer. This device allowed us to read serial data from the extracted component – subject to the correct header being available. We extracted the contents of the flash chip from three devices: our BIGGERFIVE watch from our previous project and two Wi-Fi routers. Unfortunately, the DATAMAN did not support the serial output of the BIGGERFIVE watch’s flash chip, and this is seemingly due to the flash being in a chip unavailable to us within the PCB.

Overall, I was thoroughly impressed with how much my internship at CoreTech has taught me. I was introduced to the wide variety of skills the company has to offer – providing a high-level overview of the tasks each member of the team must face on a day-to-day basis. I look forward to returning in September and I am sure I will keep in contact with the team in the meantime.