Uncategorized

Launching the GRIMM Red Team

Since GRIMM’s inception, our dedicated teams have helped build confidence in clients’ underlying security posture — largely through demonstrating the business impact of vulnerable systems during client engagements. GRIMM teams have covered functional areas in Application Security, Cyber-Physical (aka CyPhy), Tailored Software, Training, and CISO-level consulting. Many of GRIMM’s client engagements include an element of […]

Launching the GRIMM Red Team Read More »

DJI Privacy Analysis Validation

Given the recent controversy with DJI drones, a defense and public safety technology vendor sought to investigate the privacy implications of DJI drones within the Android DJI GO 4 application. To conduct their analysis, the vendor partnered with Synacktiv who performed an in-depth dynamic and static analysis of the application. Their analysis discovered four main causes of concern within

DJI Privacy Analysis Validation Read More »

While teleworking work/life balance are in conflict – a personal story

The corona-virus pandemic has fundamentally changed the way many people and organizations operate. While many countries have started progress towards opening up and returning to normal, companies are faced with the decision of whether or not having a remote workforce makes sense for them. Working remotely might be a normal thing for some, but with

While teleworking work/life balance are in conflict – a personal story Read More »

SOHO Device Exploitation

SOHO Device Exploitation After a long day of hard research, it’s fun to relax, kick back, and do something easy. While modern software development processes have vastly improved the quality of commercial software as compared to 10-15 years ago, consumer network devices have largely been left behind. Thus, when it’s time for some quick fun

SOHO Device Exploitation Read More »

GRIMM Summer Internships

GRIMM 2020 Summer Internships

Program History The GRIMM Intern program began three years ago. Interns work on billable client and research projects. Additionally, past Interns worked on the development of GRIMM’s “Howdy Neighbor”, a portable Capture the Flag competition built entirely around hacking Home Automation devices. Howdy Neighbor is one of GRIMM’s go-to, hands-on demonstrations at conferences across the

GRIMM 2020 Summer Internships Read More »

Trike

Sparked from a question on our public discord channel https://discord.gg/HeHuehh   What does GRIMM’s threat modeling process look like?  Is it only used in the design phase of the Software/System Development Life Cycle (SDLC), or can it be applied to systems already in production?   We use the Trike methodology on account of it’s friendliness

Trike Read More »

#GRIMMCon

Announcing #GRIMMCon for free for the community! We’ll have two tracks, one especially for First Time Speakers who we’ll pair with an expert (looking for volunteers!). Talks will be a mix of tech and personal fun. Check https://www.grimm-co.com/grimmcon for speaker and talk updates. Date/Time: 14 APR 20, 1100 – 1900 EST. Call-for-papers (CFP): https://docs.google.com/forms/d/e/1FAIpQLScEY5IWwiofqBLip7-VaY_1mOIjuTqVbqBwlhbqJif6OpWb6w/viewform CFP

#GRIMMCon Read More »

Maritime CyberThreats

Hacking Floaty Things In July 2019 the U.S. Coast Guard issued a safety alert https://www.cyberscoop.com/coast-guard-significant-malware-attack/ https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/CG-5PC/INV/Alerts/0619.pdf urging civilian mariners to get their cyber-poop in a group, encouraging the most basic of cyber-opsec on ships and supporting computer systems. Apparently a large international freighter ship heading for New York and New Jersey experienced “degraded” computer systems

Maritime CyberThreats Read More »