Showing posts from April, 2018

These Scars Must Be Worth Something

These Scars Must Be Worth Something A summary of wisdom from years of learning the hard way. Excerpted from a keynote I gave at Rochester Institute of Technology to the RC3 Security Club. Is Anyone Going to Die?  I learned this one in the Army where it was a real question. In the civilian world, overused military metaphors notwithstanding, not so much. The point is perspective. It’s easy to get caught up in the moment and let the stress get to you. At the end of the day, what is really at stake? No Plan Survives First Contact.  Ok, ok, so overused military aphorisms notwithstanding… whatever you plan, you’re not going to think of everything and reality is a harsh mistress. Plan to execute with the expectation that you will need to adjust. On the other hand, you can’t be stuck in analysis paralysis. The key is to balance 80/20 thinking. It’s a Small World.  When you’re young, the world seems so big. There is so much you don’t know and so many of other random people populating it

See you in San Francisco for RSAC!

See you in San Francisco for RSAC! GRIMM and SCYTHE are packing our bags and heading to the RSA Conference. We have a busy week planned and are excited to see new and familiar faces. We would be happy to connect one-on-one to talk about the ways your organization can benefit from  CROSSBOW . Our teams will be in full force - here are a few places you will find us throughout the week: Mayhem at the Mint Join SCYTHE and Bugcrowd at the historic SF Mint for an evening of luxurious InfoSec networking and partying. We’ll have two bars and over 10 rooms of fun - this is  the  RSAC event you don’t want to miss, guaranteed. Tuesday, April 17th from 8pm to Midnight RSVP  Required for Entry Located Two Blocks from the Moscone Center at 88 5th St., San Francisco, CA 94103 ICS Sandbox Bryson recently launched the non-profit  ICS Village  with several other ICS stalwarts (Tom VanNorman, Larry Vandenaweele, Beau Woods) which will kick off its first public event at RSAC 2018. Please

Heap overflow in the necp_client_action syscall

Heap overflow in the necp_client_action syscall One of the things that is important to us at GRIMM is making sure there is time to experiment, and explore new ways of approaching problems. We want to answer the big questions like “How can we find vulnerabilities that other tools and manual analysis has overlooked?” This is what we are passionate about. So when one of our engineers has an idea for a new fuzzer, we try to make time for them to put their idea to the test. This bug was found when  Jeffball  wrote a syscall fuzzer for MacOS and spotted this bug while looking into another crash. It is safe to say that the new fuzzer was a smashing success! The following is a write-up of a heap overflow vulnerability found while Fuzzing the macOS necp_client_action syscall. The necp_client_action syscall is part of the Network Extension Control Policy (NECP) kernel subsystem. This bug was first found in the XNU kernel version 4570.1.46 and was patched in the 10.13.4 kernel update (versio