Don’t Get Comfortable Yet - The Declining Fear of Ransomware

Don’t Get Comfortable Yet - The Declining Fear of Ransomware

SCYTHE
With the news that ransomware attacks are on the decline, in favor of crypto-mining (aka “crypto-jacking”), it is tempting to now reshuffle your enterprise’s defensive priorities based on the adversary trends. But before you retask your Blue Team to focus on researching cryptocurrency miners, let’s take a moment and remember a few key fundamental facts about ransomware, and how it is still different, and more dangerous, from its money-mining “successor”.
What is SCYTHE's origin story?

What is SCYTHE's origin story?

Bryson Bort
When I started GRIMM, I had a vision to tackle the greatest cybersecurity challenges that face our clients, industry and the greater business and government communities. Two and a half years ago, one of those challenges was brought to the company because of our reputation. A Fortune 50 company had been breached and suffered significant damages. As a result, the IT Security team was given a significantly increased budget which they used to hire incredible talent and have their choice of any assessment/penetration testing software available.
SCYTHE Announces $3 Million in Initial Financing Round Led by Gula Tech Adventures

SCYTHE Announces $3 Million in Initial Financing Round Led by Gula Tech Adventures

Bryson Bort
Earlier today we announced that we raised $3 million in an initial funding round led by the co-founder of Tenable, Ron Gula of Gula Tech Adventures. This investment will help accelerate our ability to deliver our attack simulation platform and drive new product development. We’ve planned a roadmap of new features and innovations that will disrupt the cybersecurity industry. We’re providing organizations the ability to get ahead of threats with real metrics and tangible examples of attacks and compromises.
Malicious Command Execution via bash-completion (CVE-2018-7738)

Malicious Command Execution via bash-completion (CVE-2018-7738)

GRIMM
Note: This was a parallel discovery where we found the bug and later found out it already had a CVE from Tenable. See timeline for details. I was playing around with USB stick names when I saw something odd happen. I had named a drive `ID` by accident, and when I went to umount the drive I saw: $ umount /dev/s<tab>ID: command not found Something had obviously gone wrong here.
ALPC Task Scheduler 0-Day

ALPC Task Scheduler 0-Day

Adam Nichols

On Monday (August 27, 2018) a Local Privilege Escalation (LPE) 0-day was released which reportedly affects Windows 10 and Server 2016, at a minimum.  We investigated this to understand the vulnerability, the current Proof of Concept (PoC) exploit, and wanted to write it up in terms which explain the actual risk to organizations.

Breach Reality Check: Get More Realistic with the Latest in Attack Simulation

Breach Reality Check: Get More Realistic with the Latest in Attack Simulation

SCYTHE

Today, SCYTHE unveiled unique enhancements to the SCYTHE attack simulation platform. This release allows measuring effectiveness of an enterprise’s security controls with granularity and prioritizing areas for real action across the entire enterprise against your people, technology or processes easier than ever before. Highlights:

GRIMM Announces Cyber Partnership with Michigan Educational Non-Profit, Square One Focused on New High School Curriculum for Automotive Cybersecurity

GRIMM Announces Cyber Partnership with Michigan Educational Non-Profit, Square One Focused on New High School Curriculum for Automotive Cybersecurity

GRIMM
Earlier this month, GRIMM’s embedded security team joined Michigan’s Governor, Rick Snyder, (pictured above) along with SAE, Michigan educational non-profit, Square One, and industry leaders at the 2018 SAE CyberAuto Challenge™ to announce our new partnership. Our teams are joining forces to create, deliver, and mentor Michigan high school students with a new program: “Masters of Mobility: Cybersecurity on the Road.” This program will provide in-depth training, resources and materials that will help “train-the-trainer.
Getting ready for Black Hat?

Getting ready for Black Hat?

SCYTHE
August is right around the corner, our favorite time of the year - Black Hat and DEF CON! SCYTHE is gearing up for a great week in Las Vegas - and we’re especially excited because this is our first official hacker summer camp since officially launching the company last October. Here’s a bit of what we’ll be up to! SCYTHE will make it’s official debut on Wednesday, August 8 and Thursday, August 9 at the Black Hat Innovation City.
Crash Triage Process

Crash Triage Process

GRIMM
People tend to think that when a fuzzer finds a bunch of crashes that it’s exciting and fun, and it is… the first time. However, when there are 181 supposedly-unique crashes and it’s time to go through each of them to determine the impact (aka which ones are exploitable, as opposed to only denial of service), it’s a lot less fun. In fact, it can be downright grueling. Here’s what the process really looks like:
GRIMM Celebrates Its 5 Year Anniversary

GRIMM Celebrates Its 5 Year Anniversary

GRIMM
When Bryson Bort founded GRIMM, he had two objectives. Develop a world class, research and development company Change and protect the world. Five years later, these are still GRIMM’s guiding principles. To us, world class is directly linked to talent density. We have high standards for ourselves, and our workforce, and do not compromise. Our interns, most junior engineers, and our most senior engineers are passionate to help businesses succeed.