GRIMM Blog

I. Introduction “Nobody Can Hack an AS/400.” “Never in my 40 years in the business has anyone hacked an AS/400!” “AS/400’s don’t have hacking problems like Windows computers.” “AS/400’s are bullet-proof. They don’t have zero-days like other computers.” If you know anyone who works with an IBM i (formerly known as "AS/400", also branded as "eServer iSeries"), you may have heard some of these statements, typically spoken with the emphasis of someone who wants it to be true; someone willing to speak loudly enough to overcome their sense of dread: that they may be wrong. … and you may be surprised at just who is using IBM i in 2020. We (Security Researchers Matthew Carpenter and  Roni Michaels ) decided to dig into these beasts of old to answer a few question: Is the IBM i "old" and inherently vulnerable? Or Is it a hardened ecosystem whose design and age shield it from hackers? Are it's notable uptime percentages an indicator of a

While teleworking work/life balance are in conflict - a personal story The corona-virus pandemic has fundamentally changed the way many people and organizations operate. While many countries have started progress towards opening up and returning to normal, companies are faced with the decision of whether or not having a remote workforce makes sense for them. Working remotely might be a normal thing for some, but with the advent of the COVID-19 pandemic, a new, massive portion of the global workforce is being thrown into it without any training or past experience.  As a security professional when thinking about working remotely I focused on the 3 main points: People, Process and Technology. Notice that people are first and technology is just an enabler to the business. A technology-first approach often leads to unhappy people, who break processes to be productive or at least work in a manner that's most desirable to them. Major observations from the past couple months... Many organ

Netgear R7000 SOHO Device Exploitation After a long day of hard research, it’s fun to relax, kick back, and do something easy. While modern software development processes have vastly improved the quality of commercial software as compared to 10-15 years ago, consumer network devices have largely been left behind. Thus, when it’s time for some quick fun and a nice confidence boost, I like to analyze Small Office/Home Office (SOHO) devices. This blog describes one such session of auditing the Netgear R7000 router , analyzing the resulting vulnerability, and the exploit development process that followed. The write-up and code for the vulnerability described in this blog post can be found in our NotQuite0DayFriday repository. Initial Analysis The first step when analyzing a SOHO device is to obtain the firmware. Thankfully, Netgear’s support website hosts all of the firmwares for the R7000. The Netgear R7000 version 1.0.9.88 firmware used in this blog post can be downloaded from this web

Program History The GRIMM Intern program began three years ago. Interns work on billable client and research projects. Additionally, past Interns worked on the development of GRIMM’s “Howdy Neighbor”, a portable Capture the Flag competition built entirely around hacking Home Automation devices. Howdy Neighbor is one of GRIMM’s go-to, hands-on demonstrations at conferences across the country. Several of the interns involved have since been hired by GRIMM and its spin-off software company, SCYTHE. Intern life at GRIMM Program Summary Developing the next generation of cybersecurity talent is a priority at GRIMM. Our interns receive interactive mentorship, on thought-provoking work, designed to ready them for careers in cybersecurity. Our internship program seeks passionate students, from high school to Ph.D. level, to work on the front lines of innovation, gaining meaningful real-world experience. Interns will benefit from: Mentorship (guidance, helping them learn, but al