GRIMM Blog

ALPC Task Scheduler 0-Day On Monday (August 27, 2018) a Local Privilege Escalation (LPE) 0-day was released which reportedly affects Windows 10 and Server 2016, at a minimum.  We investigated this to understand the vulnerability, the current Proof of Concept (PoC) exploit, and wanted to write it up in terms which explain the actual risk to organizations. The main things to know are this: This is an LPE, which means It needs to be chained with other attacks to be meaningful It makes a bad situation (server/end user compromise) much worse It allows an unprivileged user to gain SYSTEM level access The attacker needs to start with code execution in a Medium integrity process In practical terms, it means unlocking the ability to potentially dump password hashes with tools like mimikatz, modify boot settings, gain additional persistence such as installing rootkits, and so forth The current PoC is just an example, as is typical with PoCs Does not demonstrate the full cap...

Breach Reality Check: Get More Realistic with the Latest in Attack Simulation Today, SCYTHE unveiled unique enhancements to the SCYTHE attack simulation platform. This release allows measuring effectiveness of an enterprise’s security controls with granularity and prioritizing areas for real action across the entire enterprise against your people, technology or processes easier than ever before. Highlights: Campaign Automation Be creative and make your job easier than ever! Automate TTPs and logic directly into campaigns such as command executing, taking screenshots, or exfiltrating files, setting them to transpire once SCYTHE lands on the specific target endpoint. You now have the ability to combine modules, commands, and techniques with our point and click Automate Campaign feature. MITRE ATT&CK™ Framework SCYTHE includes additional enhancements to align your campaigns with the MITRE ATT&CK framework. In addition to the threats in the Threat Catalog, the MITRE ATT...

GRIMM Announces Cyber Partnership with Michigan Educational Non-Profit, Square One Focused on New High School Curriculum for Automotive Cybersecurity Earlier this month, GRIMM’s embedded security team joined Michigan’s Governor, Rick Snyder, (pictured above) along with SAE, Michigan educational non-profit, Square One, and industry leaders at the 2018 SAE CyberAuto Challenge™ to announce our new partnership.   Our teams are joining forces to create, deliver, and mentor Michigan high school students with a new program:  “Masters of Mobility: Cybersecurity on the Road.” This program will provide in-depth training, resources and materials that will help “train-the-trainer.” High school teachers across Michigan will not just be able to educate their students on the importance of cybersecurity in automotive design, but will teach them how and challenge them to test the cyber resiliency of their own vehicle designs. Teachers will work with their students to program, hack and l...