Explore the world of autonomous hacking in this conference talk from Hack.lu 2016. Dive into the DARPA Cyber Grand Challenge and learn about Shellphish's Mechanical Phish, a fully-autonomous hacking system that placed third overall in the competition. Discover the challenges faced and solutions implemented during the development of this groundbreaking system, which combines symbolic execution and fuzzing to find bugs, generate exploits, and patch vulnerable binaries. Gain insights into the system's design for reliability, efficiency, and fault tolerance in a no-human-intervention environment. Learn about the open-source availability of Mechanical Phish and its potential applications in automatic vulnerability discovery and exploitation. The presentation covers topics such as the DARPA Grand Challenges, fuzzing techniques, automatic exploitation, patching strategies, and competition statistics, providing a comprehensive overview of this cutting-edge advancement in cybersecurity.
Cyber Grand Shellphish - Shellphish and the DARPA Cyber Grand Challenge
Overview
Syllabus
Cyber Grand Shellphish
DARPA Grand Challenges
Mechanical Phish (CFE)
DARPA Cyber Grand Challenge
CGC Final Event (CFE)
Code Freeze?
Meister
Fuzzing: American Fuzzy Lop
Automatic Exploitation (Simplified)
Exploit Techniques
Patcherex
Adversarial Patches 2/2
Generic Patches
CGC CFE Strategies / Techniques
CGC CFE Statistics 1/3
CGC CFE Pwning Statistics
CGC CFE Patching Statistics
CGC CFE St*p!d Bugs
Human Augmentation
Open source all the code!
Stay in touch!
Taught by
Cooper
