Posts

Showing posts from August, 2017

GRIMM Named Finalist for the DC Timmy Awards: Best Tech Work Culture

Image
GRIMM Named Finalist for the DC Timmy Awards: Best Tech Work Culture
GRIMM is excited to be named a finalist in the Best Tech Work Culture category for the DC Timmy Awards. These awards, now in their third year, recognize technology work cultures that actively promote technical creativity, innovation, and learning in the DC area and celebrate the organizations that make innovation possible. Vote for GRIMM here! Sponsored by Tech in Motion, the DC-area business community can vote online through September 8th to help choose who represents the best of DC tech. Winners will be chosen through a panel of expert judges and community votes. They will be announced live at DC Timmy Awards’ ceremony on September 28th at 1776 Crystal City in Arlington, where members of the DC tech community can attend for free and meet the finalists. GRIMM takes deep pride in its dedication to education, innovation and technical problem solving. It takes great lengths to arm its entire team with the resources and f…

What Happens in Vegas...Did Not Stay in Vegas: GRIMM Steals Spotlight at DEFCON 25, Black Hat 2017, BSidesLV

Image
What Happens in Vegas...Did Not Stay in Vegas: GRIMM Steals Spotlight at DEFCON 25, Black Hat 2017, BSidesLV
Heading into the summer hacker conferences can be overwhelming. Demonstrations, panels and talks across multiple events events as in sames week - DEFCON 25, Black Hat 2017, BSidesLV - combined with all the parties (and meetings) made for an action packed week! With our social calendar full and our demonstrations in tow, the GRIMM team found itself in the spotlight while showcasing some of the most innovative cybersecurity research and intelligence on connected vehicles, IoT, smart homes, smart grids and ICS security up and down the Vegas Strip. With Internet of Things (IoT) top of mind, this was the perfect opportunity for GRIMM to show off our smart home and connected vehicle security demos at DEFCON’s Industrial Control Systems (ICS) and Car Hacking Villages. Both “Howdy Neighbor”, GRIMM’s model smart house that simulates how multiple interactive “smart” home products can be …

#NotQuite0DayFriday

Image
In our spare time, we like to hunt for bugs in various pieces of software. To help teach people this skill, we decided to write up our analysis on some of the crashes we find. The goal is to help people learn how to debug, analyze the problem, determine why it’s happening, and what the impact is. For example, is this just something which will cause the software to crash and merely cause a brief denial of service, or is this a vulnerability which can be exploited to take complete control over the computer? We follow NIST’s example and privately disclose the details of the issue to the software producers and then to the public either when the vendor tells us the issue is patched, isn’t going to be patched, or 45 days elapses. This is intended to protect the software users. We call it Not Quite 0-Day Friday because most of the bugs are 0-day vulnerabilities when we find them, but recently patched when we release them. So they’re not quite 0-days at the time of release. Most of the time …