GRIMM Blog

SCYTHE Announces $3 Million in Initial Financing Round Led by Gula Tech Adventures Earlier today we announced that  we raised $3 million in an initial funding round  led by the co-founder of Tenable, Ron Gula of Gula Tech Adventures. This investment will help accelerate our ability to deliver our attack simulation platform and drive new product development. We’ve planned a roadmap of new features and innovations that will disrupt the cybersecurity industry. We’re providing organizations the ability to get ahead of threats with real metrics and tangible examples of attacks and compromises. SCYTHE is an attack simulation platform that allows organizations to build and emulate every possible combination of real-world adversarial campaign to test an organization’s security controls with granularity. Our advanced capabilities offer enterprises the ability to set up, customize, and run adversarial campaigns in a matter of minutes to validate the risk posture and exposure of...

Malicious Command Execution via bash-completion (CVE-2018-7738) Note:  This was a parallel discovery where we found the bug and later found out it already had a CVE from Tenable.  See timeline for details. I was playing around with USB stick names when I saw something odd happen. I had named a drive `ID` by accident, and when I went to umount the drive I saw: $ umount /dev/s<tab>ID: command not found Something had obviously gone wrong here. After trying again I realized that the command was being executed when I hit the  key to bring up the list of valid devices (such as /dev/sdb1). $ sed -n 44,45p /usr/share/bash-completion/completions/umount DEVS_MPOINTS="$(mount | awk '{print $1, $3}')" COMPREPLY=( $(compgen -W "$DEVS_MPOINTS" -- $cur) ) After digging around in the OS I found that the umount bash-completion script is allowing drive names with `` or $() to be executed by line 44: $ sed -n 44,45p /usr/share/bash-completion/completi...