GRIMM’s New Michigan Cybersecurity Research Lab

By -


GRIMM’s New Michigan Cybersecurity Research Lab

GRIMM has been a long time advocate of building Connected and Automated Vehicles (CAV) with a security-by-design approach. We advance our automotive and aerospace clients’ cybersecurity posture for all forms of embedded security concerns. For example, for the past several years, GRIMM has been a co-sponsor and staple at the SANS Automotive conference - a one-stop shop for bringing the automotive sector, including manufacturers as well as vendors, and the security industry together to discuss the complexities of securing citizens in commercial and personal vehicles. Hacking automobiles is not new, but as vehicles become more and more connected, and reliant on transferring digital information, the attack surface has grown tremendously, putting citizens’ privacy and potentially safety at risk. Bad guy’s no longer need physical access to your car to control the steering, acceleration, braking, or communications of your own vehicle.
This is where GRIMM excels. We have been working on this problem for decades. We believe firmly that the intersection of where hardware, software, and firmware is where most of your system weaknesses lie. Therefore, if it can drive or fly, likely our team has reverse engineered both the hardware and software, to understand where the flaws are. That requires significant space. We are excited to announce that GRIMM has opened a cybersecurity research lab in Michigan. Located in a former brewery, this open space is wide enough to park even your largest systems! Need an end-to-end security assessment or advice on how to best architect a system to support the security of an embedded device, connected mobility solution or critical infrastructure network? We are here to help!
Additionally, the lab has a dedicated classroom space to instruct hands-on training and advanced courseware for automotive, Internet of Things, and Industrial Control System (ICS) security. Did you miss GRIMM’s inaugural AutoSec course at the lab in April? Don’t worry! We’ll offer another one in the summer (week of August 27) and in the winter (week of December 3). Click here to register! We have plenty of off-the-shelf courseware that might be useful for your organization including software reverse engineering exploitation, Windows internals for developers and for security professionals, Linux internals, Linux Kernel exploitation and rootkits, introduction to vulnerability research, and advanced vulnerability research. Did you know GRIMM offers customized courseware too? GRIMM is happy to develop courseware for specific organization’s customized needs. This is particularly effective if you, your developers, or your security personnel work in niche areas, such as: cyber-physical security of  automotive, aerospace / drones, military platforms, medical devices or any connected device.
We’re proud of our Michigan roots. The engineers on our embedded device team were all born and raised in Michigan, and each one hails from the industries that make Michigan so great - automotive, aviation, and ICS. We care about helping these industries keep their customers safe, and their privacy protected. We established facility roots in Michigan given its proximity to the large number of automotive OEMs and Tier 1 suppliers, and the defense industrial base supporting technology integration into the U.S. military’s ground vehicle and aviation platforms. Over the next few years, we anticipate growing the team substantially. GRIMM looks forward to being a continued staple in the community! Think you have the skills we need? Hit us up!

Popular posts from this blog

New Old Bugs in the Linux Kernel

By Anonymous -
Image
  Introduction Dusting off a few new (old) vulns Have you ever been casually perusing the source code of the Linux kernel and thought to yourself "Wait a minute, that can’t be right"? That’s the position we found ourselves in when we found three bugs in a forgotten corner of the mainline Linux kernel that turned out to be about 15 years old. Unlike most things that we find gathering dust, these bugs turned out to still be good, and one turned out to be useable as a Local Privilege Escalation (LPE) in multiple Linux environments. Who you calling SCSI? The particular subsystem in question is the SCSI (Small Computer System Interface) data transport, which is a standard for transferring data made for connecting computers with peripheral devices, originally via a physical cable, like hard drives. SCSI is a venerable standard originally published in 1986 and was the go-to for server setups, and iSCSI is basically SCSI over TCP. SCSI is still in use today, especially
Read more

Automated Struct Identification with Ghidra

By Anonymous -
Image
At GRIMM, we do a lot of vulnerability and binary analysis research. As such, we often seek to automate some of the analysis steps and ease the burden on the individual researcher. One task which can be very mundane and time consuming for certain types of programs (C++, firmware, etc), is identifying structures' fields and applying the structure types to the corresponding functions within the decompiler. Thus, this summer we gave one of our interns,  Alex Lin , the task of developing a Ghidra plugin to automatically identify a binary's structs and mark up the decompilation accordingly. Alex's writeup below describes the results of the project, GEARSHIFT, which automates struct identification of function parameters by symbolically interpreting Ghidra's P-Code to determine how each parameter is accessed. The Ghidra plugin described in this blog can be found in our GEARSHIFT repository . Background Ghidra is a binary reverse engineering tool developed by the National Sec
Read more

SOHO Device Exploitation

By Anonymous -
Image
Netgear R7000 SOHO Device Exploitation After a long day of hard research, it’s fun to relax, kick back, and do something easy. While modern software development processes have vastly improved the quality of commercial software as compared to 10-15 years ago, consumer network devices have largely been left behind. Thus, when it’s time for some quick fun and a nice confidence boost, I like to analyze Small Office/Home Office (SOHO) devices. This blog describes one such session of auditing the Netgear R7000 router , analyzing the resulting vulnerability, and the exploit development process that followed. The write-up and code for the vulnerability described in this blog post can be found in our NotQuite0DayFriday repository. Initial Analysis The first step when analyzing a SOHO device is to obtain the firmware. Thankfully, Netgear’s support website hosts all of the firmwares for the R7000. The Netgear R7000 version 1.0.9.88 firmware used in this blog post can be downloaded from this web
Read more