Security
A Dozen Years of Shellphish
From DEFCON to the DARPA Cyber Grand Challenge
December 29, 2015
5:15 PM – 6:15 PM Add to calendar
5:15 PM – 6:15 PM Add to calendar
Hall 6
How we built an automatic exploitation system and qualified for the DARPA Cyber Grand Challenge.
From a rag-tag hackademic group to getting money from DARPA for auto-exploiting and auto-patching. A tale of surfing, CTF-playing, and releasing an angry binary-analysis framework as open source :)
Beside introducing Shellphish, we will explain how we qualified to the final round of the DARPA Cyber Grand Challenge. The CGC is a security competition played by programs. Yep, you read it right, your code must automatically exploit and patch binaries, without any human intervention!
In particular, we will show how our open source binary analysis framework (angr) can help you find vulnerabilities in binaries.
Shellphish is a group of security enthusiasts born in the University of California, Santa Barbara (UCSB) in 2004.
Since then Shellphish played countless Capture the Flag (CTF) security competitions, winning the DEFCON CTF finals in 2005.
In 2015, Shellphish enrolled in the DARPA Cyber Grand Challenge (CGC).
Differently from others security competitions, in which humans have to solve security challenges (such as exploiting binaries or web services), during the CGC participants have to build an automatic system that plays for them!
In particular, teams have to build a system that is able to automatically find vulnerabilities in binaries, exploit them, and patch them, without any human intervention.
In this talk we will present the system we developed to participate in the CGC, our almost-million dollar baby :)
Our system was able to score among the top 7 teams during the qualification event of the CGC, qualifying us for the final event (in August 2016 at Las Vegas), in which participants will compete against each other to win a first-place prize of 2 million dollars (and eternal bragging rights).
Part of the system we developed is based on angr, the open source binary analysis framework developed at UCSB.
During the talk we will demo angr, showing how it can be used to automatically find vulnerabilities in binaries.
In particular, we will first show how angr helped us during CGC and then how, more generally, it can be used to automatically solve binaries challenges proposed in recent CTF security competitions.
Additional information
| Type | lecture |
|---|---|
| Language | English |
More sessions
| 12/27/15 |
Can we build trustworthy client systems on x86 hardware? What are the main challenges? What can we do about them, realistically? Is there anything we can?
|
| 12/27/15 |
Unser Vortrag demonstriert einen PLC-only Wurm. Der PLC-Wurm kann selbstständig ein Netzwerk nach Siemens Simatic S7-1200 Geräten in den Versionen 1 bis 3 durchsuchen und diese befallen. Hierzu ist keine Unterstützung durch PCs oder Server erforderlich. Der Wurm „lebt“ ausschließlich in den PLCs.
|
| 12/27/15 |
Dr. Peter Laackmann und Marcus Janke zeigen mit einem tiefen Einblick in die Welt der Hardware-Trojaner, auf welchem Wege „Institutionen“ versuchen können, sich versteckten Zugang zu Sicherheits-Hardware zu verschaffen.
|
| 12/27/15 |
Key-Loggers are cool, really cool. It seems, however, that every conceivable aspect of key-logging has already been covered: from physical devices to hooking techniques. What possible innovation could be left in this field?
|
| 12/27/15 |
This presentation covers windows kernel driver security issues. It'll discuss some background, and then give an overview of the most common issues seen in drivers, covering both finding and fixing issues.
|
| 12/27/15 |
Did you ever want to have access to a few hundred thousand network end points? Or a few hundred thousand phone numbers? A short look behind the curtains of how not to do network security.
|
| 12/27/15 |
For years SCADA StrangeLove team speaks about vulnerabilities in Industrial Control Systems. Now we want to show by example of railway the link between information security and industrial safety and demonstrate how a root access gained in a few minutes can bring to naught all the years of efforts that were devoted to the improvement of fail-safety and reliability of the ICS system. Railroads is a complex systems and process automation is used in different areas: to control power, switches, ...
|
