Cyber Grand Shellphish: Shellphish and the DARPA Cyber Grand Challenge presented at hacklu 2016

by Kevin Borgolte,

Summary : Autonomous hacking is becoming a reality. Over the last years, DARPA organized the Cyber Grand Challenge (CGC), a security competition in which participants had to develop a system able to automatically exploit and patch binaries without any manual interaction.
We qualified for the final event and fielded our Cyber Reasoning System, the Mechanical Phish, against six other competitors. Our system placed third overall, was the first self-funded team, and the first academic-only team.
In this talk, we introduce Mechanical Phish. We present the challenges we faced and tackled, and the solutions we implemented for them while developing one of the first fully-autonomous hacking systems, which spans over 100,000 lines of code (mostly in Python).
We have open-sourced Mechanical Phish and we demonstrate how it can be used to automatically find bugs, create exploits, and patch vulnerable binaries.
Specifically, Mechanical Phish uses a combination of symbolic execution (powered by angr, the binary analysis platform developed at UC Santa Barbara) and fuzzing to find bugs. From exploitable bugs, it automatically generates proofs of vulnerability to show code execution capabilities. In addition, our system patches existing binaries to make them resilient against known and unknown attacks with negligible performance impact. Finally, given the hardware-setup and the no-human-intervention policy of the Cyber Grand Challenge final event, we will touch on how we designed Mechanical Phish to be extremely realiable, efficient in resource usage, and a fault-tolerant distributed system.