GRIMM Celebrates Its 5 Year Anniversary

By -


GRIMM Celebrates Its 5 Year Anniversary

When Bryson Bort founded GRIMM, he had two objectives.
  1. Develop a world class, research and development company
  2. Change and protect the world.
Five years later, these are still GRIMM’s guiding principles.
To us, world class is directly linked to talent density.  We have high standards for ourselves, and our workforce, and do not compromise. Our interns, most junior engineers, and our most senior engineers are passionate to help businesses succeed. Information Technology and the security that assures its delivery are enablers to businesses. And, we work as a team. “Individually, we are one drop. Together, we are an ocean.” – Ryunosuke Sator
Exuding excellence at a security assessment services firm means consistently looking to find the bugs - in software, processes, and the workforce - if it can be done with a computer, we’ll try to do it!  Changing and protecting the world may be a tall order, but it’s what keeps us motivated and focused.
To this end, GRIMM does its best to educate our clients and the general public by demonstrating security issues - by showing, not just telling.  GRIMM’s 3PO and Howdy Neighbor have become #hackercon favorites.  While we love providing our hacker colleagues all over the globe fun and challenging CTF-like competitions, we also think these demonstrations are key in providing non-security people with enough tangible evidence of why whole industries need better security strategies.  Automotive and transportation, Internet of Things (IoT), industrial control systems (ICS) - all the things that private citizens rely on daily, all with potential privacy and safety implications. Our Founder is known not only for founding GRIMM, but he is a Co-Founder of the ICS Village, which is non-profit that brings education and awareness of ICS security to a conference near you!



Additionally, we do our best to consistently help the researcher community strive for excellence.  Adam Nichols’ #notquite0dayfriday, in which he posts write-ups for vulnerabilities and their impact to GitHub (after reporting them to the vendor) is a consistent hit.  GRIMM also contributes patches to open source security research software such as angr/DrillerHonggfuzzdelta debugging and more.  Sharing research is what makes the entire community grow, and we urge our colleagues to do so as well!  Additionally, helping the young security researcher community get the critical hands-on-the-keyboard skills they need to be powerful and effective the minute they enter the workforce is something we’ve been passionate about for years.  To do this, in 2017 we launched HAX, a program in which we partner with undergraduate security clubs with the purpose of fostering friendly competition and collaboration with lots of hands-on-the-keyboard practice.  Mentoring students is something we’re very passionate about, and we believe it’s our responsibility to help do whatever we can to prepare future cybersecurity generations before they enter the workforce.
If we can’t train cybersecurity personnel before they enter the workforce, after many years of developing custom courseware for clients, we likely have just the training for you and your workforce!  From Windows Vulnerability Research and Exploitation training, automotive exploitation and security, IoT or ICS security, we’ve trained both government and commercial customers practically monthly over the past three or so years.
In addition to being known for demos and training, we’ve made a big difference in the overall security posture for our clients.  By conducting security assessments of an organization’s network, system, application, or embedded devices, we’ve saved clients money, reputational loss or embarrassment from breach, and forged strong long-term (repeat!) partnerships.  If you want to take your security posture to the next level, consider contacting us for our vulnerability research and development or reverse engineering capabilities!
Despite our logo, we’re really a friendly bunch!  We pride ourselves in being both helpful to our customers, and to the security community.  GRIMM’s a family - we work hard and play hard together, as you’ve seen in a number of our pictures.  We thought for this special five year anniversary blog, we’d leave you with a few fun stories and pictures of GRIMM throughout these past five years.


Aaron Carreras said:  “Some of the best times we’ve had have been on the road (attending conferences) with our unique displays (3PO, Howdy Neighbor, Drone Hacking, etc.).  A memorable time was when LisaTommyTimACorn, and I attended the inaugural Wild West Hacking Fest in 2017.  When we got there and began setting-up our displays, one of the other vendors/displayers in the room was overheard saying, “oh man, GRIMM is here, they have the coolest stuff,” thus implying everyone else’s (including theirs) was less cool!  Additionally, due to Christine’s help dressing us up, we definitely won the show for best dressed vendor!”

Brian DeMuth said: “ I came to GRIMM because I was looking to come to an environment that inspired passion.  At GRIMM that really drives innovation. My fundamental belief in what an environment should be line up to GRIMM’s stated company beliefs:
  • Innovation: break the rules
  • Passion: believe in what could be
  • Humility: only the mission matters
  • Capacity: learn, share, ask!
  • Agility: change is constant
I desired to bring the lessons I had learned from start-ups to large companies to bear for a company I could be passionate about.  To enable growth all while allowing our culture to flourish - it’s not a simple task as I have seen first hand in past companies, but something I care a lot about.”


Matt Carpenter said: “I joined GRIMM a bit ahead of schedule…my previous position was Snowdenized (funding cut in the wake of the Snowden disclosures) and I was ready to be done with the defense contractor I was at.  Bryson and I planned to work together, it was just about 6 months early. Bryson took me in and gave me a place to create awesome. Awesome product, awesome tasks, and awesome team. I love to hack.  I love to innovate and tear things apart. I love to learn and digest new information and gain understanding. And I love to do it with people I can trust, people I can count on, and people I call friends.”


Tiffany Williams said:  “I came to GRIMM right out of college at RIT - it’s my first real job in the workforce.  When I was making the decision about where to work, GRIMM’s culture spoke to me. It allows me the flexibility to travel a lot, and “work where I work best” which is occasionally in Buffalo, NY, where I grew up.  A company that supports my ability to spend quality time with my family, while also working, is important to me. Additionally, I really like the team I’m working on – we’re friends, not just coworkers.”

Popular posts from this blog

New Old Bugs in the Linux Kernel

By Anonymous -
Image
  Introduction Dusting off a few new (old) vulns Have you ever been casually perusing the source code of the Linux kernel and thought to yourself "Wait a minute, that can’t be right"? That’s the position we found ourselves in when we found three bugs in a forgotten corner of the mainline Linux kernel that turned out to be about 15 years old. Unlike most things that we find gathering dust, these bugs turned out to still be good, and one turned out to be useable as a Local Privilege Escalation (LPE) in multiple Linux environments. Who you calling SCSI? The particular subsystem in question is the SCSI (Small Computer System Interface) data transport, which is a standard for transferring data made for connecting computers with peripheral devices, originally via a physical cable, like hard drives. SCSI is a venerable standard originally published in 1986 and was the go-to for server setups, and iSCSI is basically SCSI over TCP. SCSI is still in use today, especially
Read more

Automated Struct Identification with Ghidra

By Anonymous -
Image
At GRIMM, we do a lot of vulnerability and binary analysis research. As such, we often seek to automate some of the analysis steps and ease the burden on the individual researcher. One task which can be very mundane and time consuming for certain types of programs (C++, firmware, etc), is identifying structures' fields and applying the structure types to the corresponding functions within the decompiler. Thus, this summer we gave one of our interns,  Alex Lin , the task of developing a Ghidra plugin to automatically identify a binary's structs and mark up the decompilation accordingly. Alex's writeup below describes the results of the project, GEARSHIFT, which automates struct identification of function parameters by symbolically interpreting Ghidra's P-Code to determine how each parameter is accessed. The Ghidra plugin described in this blog can be found in our GEARSHIFT repository . Background Ghidra is a binary reverse engineering tool developed by the National Sec
Read more

SOHO Device Exploitation

By Anonymous -
Image
Netgear R7000 SOHO Device Exploitation After a long day of hard research, it’s fun to relax, kick back, and do something easy. While modern software development processes have vastly improved the quality of commercial software as compared to 10-15 years ago, consumer network devices have largely been left behind. Thus, when it’s time for some quick fun and a nice confidence boost, I like to analyze Small Office/Home Office (SOHO) devices. This blog describes one such session of auditing the Netgear R7000 router , analyzing the resulting vulnerability, and the exploit development process that followed. The write-up and code for the vulnerability described in this blog post can be found in our NotQuite0DayFriday repository. Initial Analysis The first step when analyzing a SOHO device is to obtain the firmware. Thankfully, Netgear’s support website hosts all of the firmwares for the R7000. The Netgear R7000 version 1.0.9.88 firmware used in this blog post can be downloaded from this web
Read more