Uncategorized

Analyzing the Linux Kernel in Userland with AFL and KLEE

At GRIMM we do a lot of vulnerability research and one of our favorite techniques for finding bugs in software is to repurpose or extend security tools from one area of research to another. One great example of this is when Juwei Lin and Lilang Wu ported syzkaller, the popular Linux kernel fuzzer, to macOS. Their research undercovered […]

Analyzing the Linux Kernel in Userland with AFL and KLEE Read More »

Power Architecture Research Collaboration

The National Motor Freight Traffic Association, Inc. (NMFTA), NXP® Semiconductors and GRIMM, a cybersecurity research firm, recently partnered to conduct an R&D project focused on Power Architecture®, also known as PowerPC®, a technology commonly found in automotive ECUs, to determine its cyber security impact on the heavy vehicle industry. NMFTA commissioned the research project to deliver an open-source software

Power Architecture Research Collaboration Read More »

a terminal app

IOT is even more of a risk than you thought

GRIMM purchased a GeoVision camera that arrived off-the-shelf with security vulnerabilities like most consumer IOT devices. The camera is a stand-in for any IOT device in a residential, industrial, or enterprise environment. The team demonstrated through a practical hands-on-exercise at HackNYC, RSA, Hack the Capitol, and multiple BSides where participants learn how to use a publically available exploit to compromise an emulated

IOT is even more of a risk than you thought Read More »

SCYTHE LOGO

SCYTHE Goes Atomic

The SCYTHE team is excited to announce that our latest release gives you the power of Atomic Red Team with all the automation and ease of use of the SCYTHE platform. Plus, you can now create and share your own SCYTHE threats allowing the ecosystem of adversary simulation to expand via the community! What’s new in version 2.4? Signature

SCYTHE Goes Atomic Read More »

Five Cybersecurity Questions for Boards or Investors

Boards of Directors and investors do not need to be technical experts to oversee or discover cybersecurity risk in organizations. They do, however, need to ask probing questions to ascertain the maturity level of, and fundamental challenges within, the way organizations understand and manage cybersecurity risk. In our interactions with Executive Board of Directors, Venture

Five Cybersecurity Questions for Boards or Investors Read More »

SCYTHE: Starting 2019 with Linux and ATT&CK™

The SCYTHE team has been hard at work on our new release and we are proud to present the next major evolution of the SCYTHE Continuous Red Team Automation platform. What’s New More auto-generated implants Linux support One-Click MITRE ATT&CK Report New Threats in the Threat Catalog New Logging Output Option Linux Implant Builder The campaign creation

SCYTHE: Starting 2019 with Linux and ATT&CK™ Read More »