What Happens in Vegas...Did Not Stay in Vegas: GRIMM Steals Spotlight at DEFCON 25, Black Hat 2017, BSidesLV

By -


What Happens in Vegas...Did Not Stay in Vegas: GRIMM Steals Spotlight at DEFCON 25, Black Hat 2017, BSidesLV


Heading into the summer hacker conferences can be overwhelming. Demonstrations, panels and talks across multiple events events as in sames week - DEFCON 25, Black Hat 2017, BSidesLV - combined with all the parties (and meetings) made for an action packed week! With our social calendar full and our demonstrations in tow, the GRIMM team found itself in the spotlight while showcasing some of the most innovative cybersecurity research and intelligence on connected vehicles, IoT, smart homes, smart grids and ICS security up and down the Vegas Strip.
With Internet of Things (IoT) top of mind, this was the perfect opportunity for GRIMM to show off our smart home and connected vehicle security demos at DEFCON’s Industrial Control Systems (ICS) and Car Hacking Villages. Both “Howdy Neighbor”, GRIMM’s model smart house that simulates how multiple interactive “smart” home products can be hijacked by attackers of various skill level to expose real-world vulnerabilities, and “3PO”, GRIMM’s mobile car hacking lab built to demonstrate how hackers can hijack steering, accelerating, braking and communication systems in connected vehicles, were favorites of DEFCON attendees and media alike.




Check out WSB-TV (ABC) Atlanta’s feature on the future of connected vehicle security featuring GRIMM’s Founder and CEO, Bryson Bort here. Bryson also met with Adam Benson of VRGE to talk about GRIMM’s efforts to help educate and spread awareness about IoT issues. You can watch the “Vlog” here.
We spent a lot of quality time talking with our friends and colleagues about some of the industry’s most pressing issues. We had a great time hosting Paul Asadoorian and the Security Weekly podcast crew at GRIMM’s Las Vegas off-the-strip location. The podcasts from the week are available here.

Check out Security Weekly’s DEFCON teaser featuring CROSSBOW, GRIMM’s first enterprise product that enables teams to run security assessments on an actual operational environment, not a simulation, to provide a true picture of an organization’s security posture.
You can listen to Bryson’s conversation with Marco Ciappelli and Selena Templeton of ITSP Magazine for their Cyber Society and Diverse IT Podcast Series about GRIMM’s approach to diversity and inclusion as well as the societal, psychological and philosophical factors impacting enterprise cybersecurity today here.
GRIMM’s week in Las Vegas mapped directly to the old cliche “work hard play hard.” It was an energizing week surrounded by our peers and colleagues in the tech community and our hacker brethren. Check out some of our pictures below!
We kicked off the release of CROSSBOW with a Vegas-style Penthouse party with DJ Keith Myers.


GRIMM also hosted an arcade party at Caesars to commemorate the final night of DEFCON 25 with hundreds of our closest friends. Of course, no DEFCON party is complete without two giant 16-player LED foosball tables  and a battle of the DJs with Keith Myers, Ninjula, and a few guests.

Here are some additional photos from the week featuring the GRIMM team making the rounds:
GRIMM Security Researcher, Tommy Chin, discussing vulnerability research and the emergence of Software-Defined Networking (SDN) as a solution to virtualized networking problems at his session Pwning Software-Defined Networking (SDN) at BSidesLV 2017.

Matt Carpenter, Principal Security Researcher and head of GRIMM’s Hardware and Embedded System Security division discussing key industry trends during the closing panel of Synopsys’ Superstars of Cybersecurity Research Panel at Codenomi-con.


Lisa Wiswell, who recently joined GRIMM as a Principal following a decade of service at the Department of Defense joined a panel of experts to discuss the evolution of policies that dictate cybersecurity practices within the federal government see a photo from her Meet the Feds Panel at DEFCON 25 below.

In the DEFCON ICS Village Bryson Bort and atlas presented a talk Grid insecurity - and how to really fix this sh*t to reframe the issue of grid security as a systemic one and addressed ways to fix it.

GRIMM’s Tim Brom and Mitch Johnson also presented That’s no car. It’s a network from the Car Hacking Village. They discussed why traditional security approaches are not working for makers of personal vehicles and highlighted the tools that should be used to ensure the fidelity of personal vehicle related networks.

GRIMM can’t wait for next summer’s festivities. In the meantime, be on the lookout for our team at upcoming industry events nationwide. Stay tuned to our blog and news/events page for more information.


Popular posts from this blog

New Old Bugs in the Linux Kernel

By Anonymous -
Image
  Introduction Dusting off a few new (old) vulns Have you ever been casually perusing the source code of the Linux kernel and thought to yourself "Wait a minute, that can’t be right"? That’s the position we found ourselves in when we found three bugs in a forgotten corner of the mainline Linux kernel that turned out to be about 15 years old. Unlike most things that we find gathering dust, these bugs turned out to still be good, and one turned out to be useable as a Local Privilege Escalation (LPE) in multiple Linux environments. Who you calling SCSI? The particular subsystem in question is the SCSI (Small Computer System Interface) data transport, which is a standard for transferring data made for connecting computers with peripheral devices, originally via a physical cable, like hard drives. SCSI is a venerable standard originally published in 1986 and was the go-to for server setups, and iSCSI is basically SCSI over TCP. SCSI is still in use today, especially
Read more

Automated Struct Identification with Ghidra

By Anonymous -
Image
At GRIMM, we do a lot of vulnerability and binary analysis research. As such, we often seek to automate some of the analysis steps and ease the burden on the individual researcher. One task which can be very mundane and time consuming for certain types of programs (C++, firmware, etc), is identifying structures' fields and applying the structure types to the corresponding functions within the decompiler. Thus, this summer we gave one of our interns,  Alex Lin , the task of developing a Ghidra plugin to automatically identify a binary's structs and mark up the decompilation accordingly. Alex's writeup below describes the results of the project, GEARSHIFT, which automates struct identification of function parameters by symbolically interpreting Ghidra's P-Code to determine how each parameter is accessed. The Ghidra plugin described in this blog can be found in our GEARSHIFT repository . Background Ghidra is a binary reverse engineering tool developed by the National Sec
Read more

SOHO Device Exploitation

By Anonymous -
Image
Netgear R7000 SOHO Device Exploitation After a long day of hard research, it’s fun to relax, kick back, and do something easy. While modern software development processes have vastly improved the quality of commercial software as compared to 10-15 years ago, consumer network devices have largely been left behind. Thus, when it’s time for some quick fun and a nice confidence boost, I like to analyze Small Office/Home Office (SOHO) devices. This blog describes one such session of auditing the Netgear R7000 router , analyzing the resulting vulnerability, and the exploit development process that followed. The write-up and code for the vulnerability described in this blog post can be found in our NotQuite0DayFriday repository. Initial Analysis The first step when analyzing a SOHO device is to obtain the firmware. Thankfully, Netgear’s support website hosts all of the firmwares for the R7000. The Netgear R7000 version 1.0.9.88 firmware used in this blog post can be downloaded from this web
Read more