People tend to think that when a fuzzer finds a bunch of crashes that it’s exciting and fun, and it is… the first time. However, when there are 181 supposedly-unique crashes and it’s time to go through each of them to determine the impact (aka which ones are exploitable, as opposed to only denial of […]
Crash Triage Process Read More »
Delta Debugging Have you ever been fuzzing a program and received a crash, only to find the input file was huge? Trying to manually determine which portions of an input file trigger the bug can be an extremely frustrating and time consuming process. Huge input files can make the triage of bugs much harder. This
GRIMM has been a long time advocate of building Connected and Automated Vehicles (CAV) with a security-by-design approach. We advance our automotive and aerospace clients’ cybersecurity posture for all forms of embedded security concerns. For example, for the past several years, GRIMM has been a co-sponsor and staple at the SANS Automotive conference – a one-stop shop
GRIMM’s New Michigan Cybersecurity Research Lab Read More »
At GRIMM, we are always trying out new tools to build our capabilities in vulnerability research. We frequently use fuzzing to search for bugs in applications, but there are some bugs a fuzzer alone would not be able to find. So, we were excited to try out Driller, a tool written by Shellphish. Driller uses symbolic
Guided Fuzzing with Driller Read More »
A summary of wisdom from years of learning the hard way. Excerpted from a keynote I gave at Rochester Institute of Technology to the RC3 Security Club. Is Anyone Going to Die? I learned this one in the Army where it was a real question. In the civilian world, overused military metaphors notwithstanding, not so much.
These Scars Must Be Worth Something Read More »
GRIMM and SCYTHE are packing our bags and heading to the RSA Conference. We have a busy week planned and are excited to see new and familiar faces. We would be happy to connect one-on-one to talk about the ways your organization can benefit from CROSSBOW. Our teams will be in full force – here are
See you in San Francisco for RSAc! Read More »
One of the things that is important to us at GRIMM is making sure there is time to experiment, and explore new ways of approaching problems. We want to answer the big questions like “How can we find vulnerabilities that other tools and manual analysis has overlooked?” This is what we are passionate about. So
Heap overflow in the necp_client_action syscall Read More »
The eyes of the world were recently focused on PyeongChang, South Korea for the 2018 Winter Olympics. While we watched athletes curl, skate, ski and slide across the frozen South Korean landscape, we at GRIMM had our own South Korean experience! Through GRIMM’s HAX program, which provides real-world, hands-on-keyboard cybersecurity experience to undergraduate college students,
HAX goes International Read More »
Connected Mobility and Infrastructure are taking Detroit by storm; timing is critical for adopting strong security practices at this nascent point in the technology and the industry. With her background in cybersecurity and autonomous vehicles, Jennifer Tisdale is the ideal leader to drive GRIMM’s engagement with automotive industry Original Equipment Manufacturers (OEMs), suppliers, and industry stakeholders to
The void in the cybersecurity workforce is compounding the level of risk faced by enterprises. The global shortage of skilled security workers could reach 1.8 million in the next five years according to the Center for Cyber Safety and Education. Contrast this with plans to boost security teams hiring by at least 15 percent in the
Understanding the Real Cost of Pen Testing, Red Teaming and Blue Teaming Read More »