GRIMM’s New Michigan Cybersecurity Research Lab

GRIMM’s New Michigan Cybersecurity Research Lab

GRIMM
GRIMM has been a long time advocate of building Connected and Automated Vehicles (CAV) with a security-by-design approach. We advance our automotive and aerospace clients’ cybersecurity posture for all forms of embedded security concerns. For example, for the past several years, GRIMM has been a co-sponsor and staple at theSANS Automotive conference - a one-stop shop for bringing the automotive sector, including manufacturers as well as vendors, and the security industry together to discuss the complexities of securing citizens in commercial and personal vehicles.
Guided Fuzzing with Driller

Guided Fuzzing with Driller

GRIMM
At GRIMM, we are always trying out new tools to build our capabilities in vulnerability research. We frequently use fuzzing to search for bugs in applications, but there are some bugs a fuzzer alone would not be able to find. So, we were excited to try out Driller, a tool written by Shellphish. Driller uses symbolic execution to find new parts of the code to fuzz, helping the fuzzer to find bugs that it might not have reached otherwise.
Making security decisions based on verifiable facts

Making security decisions based on verifiable facts

Adam Nichols

Security decisions should be based on verifiable data - facts - rather than opinions. I’ve seen the trend of CISOs and many security operators being impeded by the lack of transparency into security data, jaded by product features and marketing fluff and limited by their ability to glean high quality, data-driven insights to inform decision making. This is a problem that GRIMM is working to solve.

SCYTHE and the ICS Village’s inaugural RSAC!

SCYTHE and the ICS Village’s inaugural RSAC!

GRIMM & SCYTHE

Whew. Who’s still recovering from RSAC 2018? GRIMM has been making appearances at the annual conference since launching in 2012. However, this was the inaugural visit for SCYTHE, GRIMM’s sister product company which launched last October, and the ICS Village, a non-profit the GRIMM and SCYTHE leadership helped launch this spring. And what a splash it was! In case you missed it, we were busy! Here’s a recap:

See you in San Francisco for RSAC!

See you in San Francisco for RSAC!

GRIMM & SCYTHE
GRIMM and SCYTHE are packing our bags and heading to the RSA Conference. We have a busy week planned and are excited to see new and familiar faces. We would be happy to connect one-on-one to talk about the ways your organization can benefit from CROSSBOW. Our teams will be in full force - here are a few places you will find us throughout the week: Mayhem at the Mint Join SCYTHE and Bugcrowd at the historic SF Mint for an evening of luxurious InfoSec networking and partying.
Heap overflow in the necp_client_action syscall

Heap overflow in the necp_client_action syscall

GRIMM
One of the things that is important to us at GRIMM is making sure there is time to experiment, and explore new ways of approaching problems. We want to answer the big questions like “How can we find vulnerabilities that other tools and manual analysis has overlooked?” This is what we are passionate about. So when one of our engineers has an idea for a new fuzzer, we try to make time for them to put their idea to the test.
HAX goes International

HAX goes International

GRIMM

The eyes of the world were recently focused on PyeongChang, South Korea for the 2018 Winter Olympics. While we watched athletes curl, skate, ski and slide across the frozen South Korean landscape, we at GRIMM had our own South Korean experience!

Jennifer Tisdale joins GRIMM as a Cyber Advocate for Connected Mobility and Infrastructure

Jennifer Tisdale joins GRIMM as a Cyber Advocate for Connected Mobility and Infrastructure

Brian DeMuth
Connected Mobility and Infrastructure are taking Detroit by storm; timing is critical for adopting strong security practices at this nascent point in the technology and the industry. With her background in cybersecurity and autonomous vehicles, Jennifer Tisdale is the ideal leader to drive GRIMM’s engagement with automotive industry Original Equipment Manufacturers (OEMs), suppliers, and industry stakeholders to ensure that cybersecurity initiatives are integrated into the future of mobility and smart city infrastructure.
Understanding the Real Cost of Pen Testing, Red Teaming and Blue Teaming

Understanding the Real Cost of Pen Testing, Red Teaming and Blue Teaming

Bryson Bort
The void in the cybersecurity workforce is compounding the level of risk faced by enterprises. The global shortage of skilled security workers could reach 1.8 million in the next five years according to the Center for Cyber Safety and Education. Contrast this with plans to boost security teams hiring by at least 15 percent in the same time frame - the numbers don’t add up. This is exacerbated by the increasing volume, variety and veracity of widespread cyberattacks like WannaCry, NotPetya, Locky, and other blockbuster ransomware.