HAX goes International

By Anonymous -


HAX goes International
The eyes of the world were recently focused on PyeongChang, South Korea for the 2018 Winter Olympics. While we watched athletes curl, skate, ski and slide across the frozen South Korean landscape, we at GRIMM had our own South Korean experience!
Through GRIMM’s HAX program, which provides real-world, hands-on-keyboard cybersecurity experience to undergraduate college students, with the goal of preparing and shaping the cyber research community of the future, we teamed up with Penn State Altoona and Professor Jungwoo Ryoo, PSU Altoona’s Head of the Division of Business, Engineering and Information Sciences and Technology, to create an Internship Program for five female cybersecurity students from South Korea, pictured above. These students were given real-world skills for how to work in a 21st Century tech company, preparing them for the workforce in the era of globalization.
HAX challenges are real-world focused, requiring students to use any number of technical techniques that often are not able to be learned in course textbooks. Typical techniques can include: binary, reverse engineering, cryptographic errors, logic bugs, misconfigurations, numeric overflows, heap and stack overflows, race conditions, validations errors, and evolving techniques. GRIMM gives participants details of a problem and asks them to solve it. The students solve these challenges by essentially playing detective - they are given clues and asked to use tools and techniques they have learned through the program to find the “flag” hidden in the challenge.

 In January, Misun, Saerom, Seonmi, Sowon, and Giwoun came to the U.S. for 8 weeks. They attended classes in security and risk analysis, Information systems and technology and English as a second language. During their free time, they were able to explore other Pennsylvania campuses such as Penn State University Park and Carnegie Mellon University. They even worked in a trip to Washington, DC to learn directly from the GRIMM team and visit national monuments and local museums.


In the spirit of HAX, the students’ work assignment was to create two capture the flag scenarios - one web-based and one Windows-based to use for the HAX grand finale, end of (school) year challenge. This provided them with the opportunity to experience a project life-cycle from start to finish. The students were tasked with first brainstorming their ideas, drafting a proposal, and working with their project leads to finalize the parameters. Once their projects were accepted, they began to develop their challenges and prepare to present their completed work to GRIMM’s executives at a luncheon ceremony commemorating the completion of the program on March 2nd.
The GRIMM team looks forward to seeing the amazing things they will do in cybersecurity!


Popular posts from this blog

New Old Bugs in the Linux Kernel

By Anonymous -
Image
  Introduction Dusting off a few new (old) vulns Have you ever been casually perusing the source code of the Linux kernel and thought to yourself "Wait a minute, that can’t be right"? That’s the position we found ourselves in when we found three bugs in a forgotten corner of the mainline Linux kernel that turned out to be about 15 years old. Unlike most things that we find gathering dust, these bugs turned out to still be good, and one turned out to be useable as a Local Privilege Escalation (LPE) in multiple Linux environments. Who you calling SCSI? The particular subsystem in question is the SCSI (Small Computer System Interface) data transport, which is a standard for transferring data made for connecting computers with peripheral devices, originally via a physical cable, like hard drives. SCSI is a venerable standard originally published in 1986 and was the go-to for server setups, and iSCSI is basically SCSI over TCP. SCSI is still in use today, especially...
Read more

Automated Struct Identification with Ghidra

By Anonymous -
Image
At GRIMM, we do a lot of vulnerability and binary analysis research. As such, we often seek to automate some of the analysis steps and ease the burden on the individual researcher. One task which can be very mundane and time consuming for certain types of programs (C++, firmware, etc), is identifying structures' fields and applying the structure types to the corresponding functions within the decompiler. Thus, this summer we gave one of our interns,  Alex Lin , the task of developing a Ghidra plugin to automatically identify a binary's structs and mark up the decompilation accordingly. Alex's writeup below describes the results of the project, GEARSHIFT, which automates struct identification of function parameters by symbolically interpreting Ghidra's P-Code to determine how each parameter is accessed. The Ghidra plugin described in this blog can be found in our GEARSHIFT repository . Background Ghidra is a binary reverse engineering tool developed by the National Sec...
Read more

SOHO Device Exploitation

By Anonymous -
Image
Netgear R7000 SOHO Device Exploitation After a long day of hard research, it’s fun to relax, kick back, and do something easy. While modern software development processes have vastly improved the quality of commercial software as compared to 10-15 years ago, consumer network devices have largely been left behind. Thus, when it’s time for some quick fun and a nice confidence boost, I like to analyze Small Office/Home Office (SOHO) devices. This blog describes one such session of auditing the Netgear R7000 router , analyzing the resulting vulnerability, and the exploit development process that followed. The write-up and code for the vulnerability described in this blog post can be found in our NotQuite0DayFriday repository. Initial Analysis The first step when analyzing a SOHO device is to obtain the firmware. Thankfully, Netgear’s support website hosts all of the firmwares for the R7000. The Netgear R7000 version 1.0.9.88 firmware used in this blog post can be downloaded from this web...
Read more