Malicious Command Execution via bash-completion (CVE-2018-7738)

Malicious Command Execution via bash-completion (CVE-2018-7738)

GRIMM
Note: This was a parallel discovery where we found the bug and later found out it already had a CVE from Tenable. See timeline for details. I was playing around with USB stick names when I saw something odd happen. I had named a drive `ID` by accident, and when I went to umount the drive I saw: $ umount /dev/s<tab>ID: command not found Something had obviously gone wrong here.
GRIMM Announces Cyber Partnership with Michigan Educational Non-Profit, Square One Focused on New High School Curriculum for Automotive Cybersecurity

GRIMM Announces Cyber Partnership with Michigan Educational Non-Profit, Square One Focused on New High School Curriculum for Automotive Cybersecurity

GRIMM
Earlier this month, GRIMM’s embedded security team joined Michigan’s Governor, Rick Snyder, (pictured above) along with SAE, Michigan educational non-profit, Square One, and industry leaders at the 2018 SAE CyberAuto Challenge™ to announce our new partnership. Our teams are joining forces to create, deliver, and mentor Michigan high school students with a new program: “Masters of Mobility: Cybersecurity on the Road.” This program will provide in-depth training, resources and materials that will help “train-the-trainer.
Crash Triage Process

Crash Triage Process

GRIMM
People tend to think that when a fuzzer finds a bunch of crashes that it’s exciting and fun, and it is… the first time. However, when there are 181 supposedly-unique crashes and it’s time to go through each of them to determine the impact (aka which ones are exploitable, as opposed to only denial of service), it’s a lot less fun. In fact, it can be downright grueling. Here’s what the process really looks like:
GRIMM Celebrates Its 5 Year Anniversary

GRIMM Celebrates Its 5 Year Anniversary

GRIMM
When Bryson Bort founded GRIMM, he had two objectives. Develop a world class, research and development company Change and protect the world. Five years later, these are still GRIMM’s guiding principles. To us, world class is directly linked to talent density. We have high standards for ourselves, and our workforce, and do not compromise. Our interns, most junior engineers, and our most senior engineers are passionate to help businesses succeed.
Delta Debugging

Delta Debugging

GRIMM
Introduction Have you ever been fuzzing a program and received a crash, only to find the input file was huge? Trying to manually determine which portions of an input file trigger the bug can be an extremely frustrating and time consuming process. Huge input files can make the triage of bugs much harder. This blog post describes a technique known as delta-debugging which can help you automatically produce an input file that is as small as possible while still triggering the bug in the original input file.
GRIMM’s New Michigan Cybersecurity Research Lab

GRIMM’s New Michigan Cybersecurity Research Lab

GRIMM
GRIMM has been a long time advocate of building Connected and Automated Vehicles (CAV) with a security-by-design approach. We advance our automotive and aerospace clients’ cybersecurity posture for all forms of embedded security concerns. For example, for the past several years, GRIMM has been a co-sponsor and staple at theSANS Automotive conference - a one-stop shop for bringing the automotive sector, including manufacturers as well as vendors, and the security industry together to discuss the complexities of securing citizens in commercial and personal vehicles.
Guided Fuzzing with Driller

Guided Fuzzing with Driller

GRIMM
At GRIMM, we are always trying out new tools to build our capabilities in vulnerability research. We frequently use fuzzing to search for bugs in applications, but there are some bugs a fuzzer alone would not be able to find. So, we were excited to try out Driller, a tool written by Shellphish. Driller uses symbolic execution to find new parts of the code to fuzz, helping the fuzzer to find bugs that it might not have reached otherwise.
Heap overflow in the necp_client_action syscall

Heap overflow in the necp_client_action syscall

GRIMM
One of the things that is important to us at GRIMM is making sure there is time to experiment, and explore new ways of approaching problems. We want to answer the big questions like “How can we find vulnerabilities that other tools and manual analysis has overlooked?” This is what we are passionate about. So when one of our engineers has an idea for a new fuzzer, we try to make time for them to put their idea to the test.
HAX goes International

HAX goes International

GRIMM

The eyes of the world were recently focused on PyeongChang, South Korea for the 2018 Winter Olympics. While we watched athletes curl, skate, ski and slide across the frozen South Korean landscape, we at GRIMM had our own South Korean experience!

GRIMM Named Finalist for the DC Timmy Awards: Best Tech Work Culture

GRIMM Named Finalist for the DC Timmy Awards: Best Tech Work Culture

GRIMM
GRIMM is excited to be named a finalist in the Best Tech Work Culture category for the DC Timmy Awards. These awards, now in their third year, recognize technology work cultures that actively promote technical creativity, innovation, and learning in the DC area and celebrate the organizations that make innovation possible. Vote for GRIMM here! Sponsored by Tech in Motion, the DC-area business community can vote online through September 8th to help choose who represents the best of DC tech.