Showing posts from June, 2020

IBM i Security Demystified Blog, Episode 1

I. Introduction“Nobody Can Hack an AS/400.” “Never in my 40 years in the business has anyone hacked an AS/400!” “AS/400’s don’t have hacking problems like Windows computers.” “AS/400’s are bullet-proof. They don’t have zero-days like other computers.”

If you know anyone who works with an IBM i (formerly known as "AS/400", also branded as "eServer iSeries"), you may have heard some of these statements, typically spoken with the emphasis of someone who wants it to be true; someone willing to speak loudly enough to overcome their sense of dread: that they may be wrong.
… and you may be surprised at just who is using IBM i in 2020.
We (Security Researchers Matthew Carpenter and Roni Michaels) decided to dig into these beasts of old to answer a few question:
Is the IBM i "old" and inherently vulnerable?Or Is it a hardened ecosystem whose design and age shield it from hackers?Are it's notable uptime percentages an indicator of a safe environment?If …

While teleworking work/life balance are in conflict - a personal story

While teleworking work/life balance are in conflict - a personal story
The corona-virus pandemic has fundamentally changed the way many people and organizations operate. While many countries have started progress towards opening up and returning to normal, companies are faced with the decision of whether or not having a remote workforce makes sense for them. Working remotely might be a normal thing for some, but with the advent of the COVID-19 pandemic, a new, massive portion of the global workforce is being thrown into it without any training or past experience. As a security professional when thinking about working remotely I focused on the 3 main points: People, Process and Technology. Notice that people are first and technology is just an enabler to the business. A technology-first approach often leads to unhappy people, who break processes to be productive or at least work in a manner that's most desirable to them.Major observations from the past couple months... Many organiza…

SOHO Device Exploitation

Netgear R7000
SOHO Device Exploitation
After a long day of hard research, it’s fun to relax, kick back, and do something easy. While modern software development processes have vastly improved the quality of commercial software as compared to 10-15 years ago, consumer network devices have largely been left behind. Thus, when it’s time for some quick fun and a nice confidence boost, I like to analyze Small Office/Home Office (SOHO) devices. This blog describes one such session of auditing the Netgear R7000 router, analyzing the resulting vulnerability, and the exploit development process that followed. The write-up and code for the vulnerability described in this blog post can be found in our NotQuite0DayFriday repository.
Initial Analysis
The first step when analyzing a SOHO device is to obtain the firmware. Thankfully, Netgear’s support website hosts all of the firmwares for the R7000. The Netgear R7000 version firmware used in this blog post can be downloaded from this website. …

GRIMM 2020 Summer Internships

Program History The GRIMM Intern program began three years ago. Interns work on billable client and research projects. Additionally, past Interns worked on the development of GRIMM’s “Howdy Neighbor”, a portable Capture the Flag competition built entirely around hacking Home Automation devices. Howdy Neighbor is one of GRIMM’s go-to, hands-on demonstrations at conferences across the country. Several of the interns involved have since been hired by GRIMM and its spin-off software company, SCYTHE.

Intern life at GRIMM Program Summary

Developing the next generation of cybersecurity talent is a priority at GRIMM. Our interns receive interactive mentorship, on thought-provoking work, designed to ready them for careers in cybersecurity. Our internship program seeks passionate students, from high school to Ph.D. level, to work on the front lines of innovation, gaining meaningful real-world experience.

Interns will benefit from:
Mentorship (guidance, helping them learn, but also expecting them…


Image Credit:

I saw Alex tweeting about Zoom's end to end encryption (e2ee) plans the other day and I've since made it through the first couple chapters of their whitepaper. TL;DR, based on the first two sections, it looks pretty good.
First, I have to give credit to the authors of the whitepaper. I'm only through the first two sections and it's really good, specifically section 1.2, which lays out the actors, the things that should be protected, and who should have access to what.
Section 1.3 is also good. It acknowledges things like the fact that a malicious participant in the call who colluded with the server could masquerade as another user. It also calls out metadata and traffic analysis attacks & software flaws.  It's important to understand what "secure" actually means, and they do a good job at identifying the types of attacks they are not intending to address.  When sections …