Cyber Grand Shellphish

Presented at DEF CON 24 (2016), Aug. 7, 2016, 3 p.m. (60 minutes)

Last year, DARPA ran the qualifying event for the Cyber Grand Challenge to usher in the era of automated hacking. Shellphish, a rag-tag team of disorganized hackers mostly from UC Santa Barbara, decided to join the competition about ten minutes before the signups closed. Characteristically, we proceeded to put everything off until the last minute, and spent 3 sleepless weeks preparing our Cyber Reasoning System for the contest. Our efforts paid off and, as we talked about last DEF CON , against all expectations, we qualified and became one of the 7 finalist teams. The finals of the CGC will be held the day before DEF CON. If we win, this talk will be about how we won, or, in the overwhelmingly likely scenario of something going horribly wrong, this talk will be about butterflies. In all seriousness, we've spent the last year working hard on building a really kickass Cyber Reasoning System, and there are tons of interesting aspects of it that we will talk about. Much of the process of building the CRS involved inventing new approaches to automated program analysis, exploitation, and patching. We'll talk about those, and try to convey how hackers new to the field can make their own innovations. Other aspects of the CRS involved extreme amounts of engineering efforts to make sure that the system optimally used its computing power and was properly fault-tolerant. We'll talk about how automated hacking systems should be built to best handle this. Critically, our CRS needed to be able to adapt to the strategies of the systems fielded by the other competitors. We'll talk about the AI that we built to strategize throughout the game and decide what actions should be taken. At the end of this talk, you will know how to go about building your own autonomous hacking system! Or you might know a lot about butterflies.

Presenters:

• John Grosen - UC Santa Barbara
  Shellphish is a mysterious hacking collective famous for being great partiers and questionable hackers. The secret identities of the Shellphish CGC team are those of researchers in the security lab of UC Santa Barbara. When they're not CTFing or surfing, they're doing hard-hitting security research. Their works have been published in numerous academic venues and featured in many conferences. In 2015, they unleashed angr, the next (current?) generation of binary analysis, and have been working hard on it ever since!
• Fish Wang - UC Santa Barbara
  Shellphish is a mysterious hacking collective famous for being great partiers and questionable hackers. The secret identities of the Shellphish CGC team are those of researchers in the security lab of UC Santa Barbara. When they're not CTFing or surfing, they're doing hard-hitting security research. Their works have been published in numerous academic venues and featured in many conferences. In 2015, they unleashed angr, the next (current?) generation of binary analysis, and have been working hard on it ever since!
• Nick Stephens - UC Santa Barbara
  Shellphish is a mysterious hacking collective famous for being great partiers and questionable hackers. The secret identities of the Shellphish CGC team are those of researchers in the security lab of UC Santa Barbara. When they're not CTFing or surfing, they're doing hard-hitting security research. Their works have been published in numerous academic venues and featured in many conferences. In 2015, they unleashed angr, the next (current?) generation of binary analysis, and have been working hard on it ever since!
• Chris Salls - UC Santa Barbara
  Shellphish is a mysterious hacking collective famous for being great partiers and questionable hackers. The secret identities of the Shellphish CGC team are those of researchers in the security lab of UC Santa Barbara. When they're not CTFing or surfing, they're doing hard-hitting security research. Their works have been published in numerous academic venues and featured in many conferences. In 2015, they unleashed angr, the next (current?) generation of binary analysis, and have been working hard on it ever since!
• Aravind Machiry - UC Santa Barbara
  Shellphish is a mysterious hacking collective famous for being great partiers and questionable hackers. The secret identities of the Shellphish CGC team are those of researchers in the security lab of UC Santa Barbara. When they're not CTFing or surfing, they're doing hard-hitting security research. Their works have been published in numerous academic venues and featured in many conferences. In 2015, they unleashed angr, the next (current?) generation of binary analysis, and have been working hard on it ever since!
• Giovanni Vigna - UC Santa Barbarae
  Shellphish is a mysterious hacking collective famous for being great partiers and questionable hackers. The secret identities of the Shellphish CGC team are those of researchers in the security lab of UC Santa Barbara. When they're not CTFing or surfing, they're doing hard-hitting security research. Their works have been published in numerous academic venues and featured in many conferences. In 2015, they unleashed angr, the next (current?) generation of binary analysis, and have been working hard on it ever since!
• Andrew Dutcher - UC Santa Barbara
  Shellphish is a mysterious hacking collective famous for being great partiers and questionable hackers. The secret identities of the Shellphish CGC team are those of researchers in the security lab of UC Santa Barbara. When they're not CTFing or surfing, they're doing hard-hitting security research. Their works have been published in numerous academic venues and featured in many conferences. In 2015, they unleashed angr, the next (current?) generation of binary analysis, and have been working hard on it ever since!
• Francesco Disperati - UC Santa Barbara
  Shellphish is a mysterious hacking collective famous for being great partiers and questionable hackers. The secret identities of the Shellphish CGC team are those of researchers in the security lab of UC Santa Barbara. When they're not CTFing or surfing, they're doing hard-hitting security research. Their works have been published in numerous academic venues and featured in many conferences. In 2015, they unleashed angr, the next (current?) generation of binary analysis, and have been working hard on it ever since!
• Jacopo Corbetta - UC Santa Barbara
  Shellphish is a mysterious hacking collective famous for being great partiers and questionable hackers. The secret identities of the Shellphish CGC team are those of researchers in the security lab of UC Santa Barbara. When they're not CTFing or surfing, they're doing hard-hitting security research. Their works have been published in numerous academic venues and featured in many conferences. In 2015, they unleashed angr, the next (current?) generation of binary analysis, and have been working hard on it ever since!
• Kevin Borgolte - UC Santa Barbara
  Shellphish is a mysterious hacking collective famous for being great partiers and questionable hackers. The secret identities of the Shellphish CGC team are those of researchers in the security lab of UC Santa Barbara. When they're not CTFing or surfing, they're doing hard-hitting security research. Their works have been published in numerous academic venues and featured in many conferences. In 2015, they unleashed angr, the next (current?) generation of binary analysis, and have been working hard on it ever since!
• Antonio Bianchi - UC Santa Barbara
  Shellphish is a mysterious hacking collective famous for being great partiers and questionable hackers. The secret identities of the Shellphish CGC team are those of researchers in the security lab of UC Santa Barbara. When they're not CTFing or surfing, they're doing hard-hitting security research. Their works have been published in numerous academic venues and featured in many conferences. In 2015, they unleashed angr, the next (current?) generation of binary analysis, and have been working hard on it ever since!
• Yan Shoshitaishvili / Zardus - PhD Student, UC Santa Barbara   as Yan Shoshitaishvili
  Shellphish is a mysterious hacking collective famous for being great partiers and questionable hackers. The secret identities of the Shellphish CGC team are those of researchers in the security lab of UC Santa Barbara. When they're not CTFing or surfing, they're doing hard-hitting security research. Their works have been published in numerous academic venues and featured in many conferences. In 2015, they unleashed angr, the next (current?) generation of binary analysis, and have been working hard on it ever since!
• Shellphish Panel

Links:

• https://defcon.org/html/defcon-24/dc-24-speakers.html#Shoshitaishvili
• https://infocon.org/cons/DEF CON/DEF CON 24/DEF CON 24 video and slides/DEF CON 24 - Shellphish Panel - Cyber Grand Shellphish - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=tEtlFUEWrEY

Similar Presentations:

• DeepSec 2018 „I like to mov &6974,%bx“ / Keynote: Automatic Exploitation - The DARPA Cyber Grand Challenge, what came after, and what is next
• Nuit du Hack 2016 / A Dozen Years of Shellphish, from DEFCON to the DARPA Cyber Grand Challenge
• DeepSec 2015 „DeepSec No. 9“ / Have We Penetrated Yet??