VULNERABILITY RESEARCH

Old dog, same tricks

Introduction When enterprise software gets old, should we consider it tried-and-true, or decrepit and a threat, like the superglue holding the soles of my running shoes together? Old software that’s been humming around in the background hasn’t necessarily broken, but that doesn’t mean that you can necessarily trust it; in fact there should be a …

Old dog, same tricks Read More »

The walls have ears

Modern business often relies heavily on the Internet and software resources such as Zoom or Skype to support daily operations. Use of such systems often requires additional hardware resources like microphones and cameras. Advances in computing has provided a pathway for these very ordinary hardware commodities to develop into resources that enrich user experience through …

The walls have ears Read More »

GET AHEAD OF THE UNKNOWN

GRIMM is pleased to announce the launch of their new Private Vulnerability Disclosure (PVD) program. This offering allows defenders to get ahead of the attack curve, instead of reacting to unknown threats, by providing previously unknown vulnerabilities. Subscribers will have access to a stream of high-impact vulnerabilities from GRIMM’s internal research team. Release timing will …

GET AHEAD OF THE UNKNOWN Read More »

Analyzing the Linux Kernel in Userland with AFL and KLEE

At GRIMM we do a lot of vulnerability research and one of our favorite techniques for finding bugs in software is to repurpose or extend security tools from one area of research to another. One great example of this is when Juwei Lin and Lilang Wu ported syzkaller, the popular Linux kernel fuzzer, to macOS. Their research undercovered …

Analyzing the Linux Kernel in Userland with AFL and KLEE Read More »