Title image: AFL: Creative Commons Attribution 3.0 Unported Tux: By email@example.com KLEE: Creative Commons Attribution 3.0 Unported Analyzing the Linux Kernel in Userland with AFL and KLEE At GRIMM we do a lot of vulnerability research and one of our favorite techniques for finding bugs in software is to repurpose or extend security tools from one area of research to another. One great example of this is when Juwei Lin and Lilang Wu ported syzkaller, the popular Linux kernel fuzzer, to macOS.
Power Architecture Research Collaboration The National Motor Freight Traffic Association, Inc. (NMFTA), NXP® Semiconductors and GRIMM, a cybersecurity research firm, recently partnered to conduct an R&D project focused on Power Architecture®, also known as PowerPC®, a technology commonly found in automotive ECUs, to determine its cyber security impact on the heavy vehicle industry. NMFTA commissioned the research project to deliver an open-source software library and/or code enhancements. The research also supported testing validation code and tooling accuracy to perform the necessary regression testing on the NXP-provided devices built on Power Architecture® technology.
GRIMM purchased a GeoVision camera that arrived off-the-shelf with security vulnerabilities like most consumer IOT devices. The camera is a stand-in for any IOT device in a residential, industrial, or enterprise environment. The team demonstrated through a practical hands-on-exercise at HackNYC, RSA, Hack the Capitol, and multiple BSides where participants learn how to use a publically available exploit to compromise an emulated home network. The team modeled the design and configuration of the hands-on-exercise from a traditional use case:
Note: This was a parallel discovery where we found the bug and later found out it already had a CVE from Tenable. See timeline for details. I was playing around with USB stick names when I saw something odd happen. I had named a drive `ID` by accident, and when I went to umount the drive I saw: $ umount /dev/s<tab>ID: command not found Something had obviously gone wrong here.
Earlier this month, GRIMM’s embedded security team joined Michigan’s Governor, Rick Snyder, (pictured above) along with SAE, Michigan educational non-profit, Square One, and industry leaders at the 2018 SAE CyberAuto Challenge™ to announce our new partnership. Our teams are joining forces to create, deliver, and mentor Michigan high school students with a new program: “Masters of Mobility: Cybersecurity on the Road.” This program will provide in-depth training, resources and materials that will help “train-the-trainer.
People tend to think that when a fuzzer finds a bunch of crashes that it’s exciting and fun, and it is… the first time. However, when there are 181 supposedly-unique crashes and it’s time to go through each of them to determine the impact (aka which ones are exploitable, as opposed to only denial of service), it’s a lot less fun. In fact, it can be downright grueling. Here’s what the process really looks like:
When Bryson Bort founded GRIMM, he had two objectives. Develop a world class, research and development company Change and protect the world. Five years later, these are still GRIMM’s guiding principles. To us, world class is directly linked to talent density. We have high standards for ourselves, and our workforce, and do not compromise. Our interns, most junior engineers, and our most senior engineers are passionate to help businesses succeed.
Introduction Have you ever been fuzzing a program and received a crash, only to find the input file was huge? Trying to manually determine which portions of an input file trigger the bug can be an extremely frustrating and time consuming process. Huge input files can make the triage of bugs much harder. This blog post describes a technique known as delta-debugging which can help you automatically produce an input file that is as small as possible while still triggering the bug in the original input file.
GRIMM has been a long time advocate of building Connected and Automated Vehicles (CAV) with a security-by-design approach. We advance our automotive and aerospace clients’ cybersecurity posture for all forms of embedded security concerns. For example, for the past several years, GRIMM has been a co-sponsor and staple at theSANS Automotive conference - a one-stop shop for bringing the automotive sector, including manufacturers as well as vendors, and the security industry together to discuss the complexities of securing citizens in commercial and personal vehicles.
At GRIMM, we are always trying out new tools to build our capabilities in vulnerability research. We frequently use fuzzing to search for bugs in applications, but there are some bugs a fuzzer alone would not be able to find. So, we were excited to try out Driller, a tool written by Shellphish. Driller uses symbolic execution to find new parts of the code to fuzz, helping the fuzzer to find bugs that it might not have reached otherwise.