GRIMM Cyber

SOHO Device Exploitation

SOHO Device Exploitation After a long day of hard research, it’s fun to relax, kick back, and do something easy. While modern software development processes have vastly improved the quality of commercial software as compared to 10-15 years ago, consumer network devices have largely been left behind. Thus, when it’s time for some quick fun […]

SOHO Device Exploitation Read More »

GRIMM Summer Internships

GRIMM 2020 Summer Internships

Program History The GRIMM Intern program began three years ago. Interns work on billable client and research projects. Additionally, past Interns worked on the development of GRIMM’s “Howdy Neighbor”, a portable Capture the Flag competition built entirely around hacking Home Automation devices. Howdy Neighbor is one of GRIMM’s go-to, hands-on demonstrations at conferences across the

GRIMM 2020 Summer Internships Read More »

Trike

Sparked from a question on our public discord channel https://discord.gg/HeHuehh   What does GRIMM’s threat modeling process look like?  Is it only used in the design phase of the Software/System Development Life Cycle (SDLC), or can it be applied to systems already in production?   We use the Trike methodology on account of it’s friendliness

Trike Read More »

#GRIMMCon

Announcing #GRIMMCon for free for the community! We’ll have two tracks, one especially for First Time Speakers who we’ll pair with an expert (looking for volunteers!). Talks will be a mix of tech and personal fun. Check https://www.grimm-co.com/grimmcon for speaker and talk updates. Date/Time: 14 APR 20, 1100 – 1900 EST. Call-for-papers (CFP): https://docs.google.com/forms/d/e/1FAIpQLScEY5IWwiofqBLip7-VaY_1mOIjuTqVbqBwlhbqJif6OpWb6w/viewform CFP

#GRIMMCon Read More »

Maritime CyberThreats

Hacking Floaty Things In July 2019 the U.S. Coast Guard issued a safety alert https://www.cyberscoop.com/coast-guard-significant-malware-attack/ https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/CG-5PC/INV/Alerts/0619.pdf urging civilian mariners to get their cyber-poop in a group, encouraging the most basic of cyber-opsec on ships and supporting computer systems. Apparently a large international freighter ship heading for New York and New Jersey experienced “degraded” computer systems

Maritime CyberThreats Read More »

Power Architecture Research Collaboration

The National Motor Freight Traffic Association, Inc. (NMFTA), NXP® Semiconductors and GRIMM, a cybersecurity research firm, recently partnered to conduct an R&D project focused on Power Architecture®, also known as PowerPC®, a technology commonly found in automotive ECUs, to determine its cyber security impact on the heavy vehicle industry. NMFTA commissioned the research project to deliver an open-source software

Power Architecture Research Collaboration Read More »

a terminal app

IOT is even more of a risk than you thought

GRIMM purchased a GeoVision camera that arrived off-the-shelf with security vulnerabilities like most consumer IOT devices. The camera is a stand-in for any IOT device in a residential, industrial, or enterprise environment. The team demonstrated through a practical hands-on-exercise at HackNYC, RSA, Hack the Capitol, and multiple BSides where participants learn how to use a publically available exploit to compromise an emulated

IOT is even more of a risk than you thought Read More »