Posts

Showing posts from July, 2018

Getting ready for Black Hat?

Image
Getting ready for Black Hat?
August is right around the corner, our favorite time of the year - Black Hat and DEF CON! SCYTHE is gearing up for a great week in Las Vegas - and we’re especially excited because this is our first official hacker summer camp since officially launching the company last October. Here’s a bit of what we’ll be up to! SCYTHE will make it’s official debut on Wednesday, August 8 and Thursday, August 9 at the Black Hat Innovation City. To jump-start the day, SCYTHE will be hosting a nice breakfast with our friends at StackRox. RSVP here! Then swing by our exhibit in booth IC2432 on the Business Hall Floor, or better yet, hit us up to schedule some one-on-one demo time to see the SCYTHE platform live in action. Friendly SCYTHE experts will be there to provide opportunities to see the SCYTHE automated breach simulation platform and discuss how it might help your organization by providing continuous enterprise insight.  After an action-packed few days at Black Hat, S…

Crash Triage Process

Image
Crash Triage Process People tend to think that when a fuzzer finds a bunch of crashes that it’s exciting and fun, and it is… the first time.  However, when there are 181 supposedly-unique crashes and it’s time to go through each of them to determine the impact (aka which ones are exploitable, as opposed to only denial of service), it’s a lot less fun.  In fact, it can be downright grueling. Here’s what the process really looks like: Seed files -> Fuzzers -> Crashing inputsCrashing inputs -> Minimization -> Bucketing -> Per bug crashesPer bug crashes -> automated analysis -> automated triage reportAutomated triage report + input file -> Human using disassemblers and debuggers -> Proof of ConceptProof of Concept -> exploit development -> exploit If you’re looking for academic work on this topic, it’s often called “root cause analysis” in the literature.  As each step in this process could easily span a series of several long blog posts, we’ll only briefly…

GRIMM Celebrates Its 5 Year Anniversary

Image
GRIMM Celebrates Its 5 Year Anniversary
When Bryson Bort founded GRIMM, he had two objectives. Develop a world class, research and development companyChange and protect the world. Five years later, these are still GRIMM’s guiding principles. To us, world class is directly linked to talent density.  We have high standards for ourselves, and our workforce, and do not compromise. Our interns, most junior engineers, and our most senior engineers are passionate to help businesses succeed. Information Technology and the security that assures its delivery are enablers to businesses. And, we work as a team. “Individually, we are one drop. Together, we are an ocean.” – Ryunosuke Sator Exuding excellence at a security assessment services firm means consistently looking to find the bugs - in software, processes, and the workforce - if it can be done with a computer, we’ll try to do it!  Changing and protecting the world may be a tall order, but it’s what keeps us motivated and focused. To this en…