Podcasts about darpa cyber grand challenge

FEATURED VOICES IN THIS EPISODEDan GuidoDan Guido is the CEO of Trail of Bits, a cybersecurity firm he founded in 2012 to address software security challenges with cutting-edge research. In his tenure leading Trail of Bits, Dan has grown the team to 80 engineers, led the team to compete in the DARPA Cyber Grand Challenge, built an industry-leading blockchain security practice, and refined open-source tools for the endpoint security market. In addition to his work at Trail of Bits, he's active on the boards of four early-stage technology companies. Dan contributes to cybersecurity policy papers from RAND, CNAS, and Harvard. He runs Empire Hacking, a 1,500-member meetup group focused on NYC-area cybersecurity professionals. His latest hobby coding project -- AlgoVPN -- is the Internet's most recommended self-hosted VPN. In prior roles, Dan taught a capstone course on software exploitation at NYU as a faculty member and the Hacker in Residence, consulted at iSEC Partners (now NCC Group), and worked as an incident responder for the Federal Reserve System.Nat ChinNat Chin is a security engineer 2 at Trail of Bits, where she performs security reviews of blockchain projects, and develops tools that are useful when working with Ethereum. She is the author of solc-select, a tool to help switch Solidity versions. She worked as a smart contract developer and taught as a Blockchain Professor at George Brown College, before transitioning to blockchain security when she joined Trail of Bits.Opal WrightOpal Wright is a cryptography analyst at Trail of Bits. Two of the following three statements about her are true: (a) she's a long-distance unicyclist; (b) she invented a public-key cryptosystem; (c) she designed and built an award-winning sex toy.Jim MillerJim Miller is the cryptography team lead at Trail of Bits. Before joining Trail of Bits, Jim attended graduate programs at both Cambridge and Yale, where he studied and researched both Number Theory and Cryptography, focusing on topics such as lattice-based cryptography and zero-knowledge proofs. During his time at Trail of Bits, Jim has led several security reviews across a wide variety of cryptographic applications and has helped lead the development of multiple projects, such as ZKDocs and PrivacyRaven.Josselin FeistJosselin Feist is a principal security engineer at Trail of Bits where he participates in assessments of blockchain software and designs automated bug-finding tools for smart contracts. He holds a Ph.D. in static analysis and symbolic execution and regularly speaks at both academic and industrial conferences. He is the author of various security tools, including Slither - a static analyzer framework for Ethereum smart contracts and Tealer - a static analyzer for Algorand contracts.Peter GoodmanPeter Goodman is a Staff Engineer in the Research and Engineering practice at Trail of Bits, where he leads all de/compilation efforts. He is the creator of various static and dynamic program analysis tools, ranging from the Remill library for lifting machine code into LLVM bitcode, to the GRR snapshot/record/replay-based fuzzer. When Peter isn't writing code, he's mentoring a fleet of interns to push the envelope. Peter holds a Master's in Computer Science from the University of Toronto.Host: Nick SelbyAn accomplished information and physical security professional, Nick leads the Software Assurance practice at Trail of Bits, giving customers at some of the world's most targeted companies a comprehensive understanding of their security landscape. He is the creator of the Trail of Bits podcast, and does everything from writing scripts to conducting interviews to audio engineering to Foley (e.g. biting into pickles). Prior to Trail of Bits, Nick was Director of Cyber Intelligence and Investigations at the NYPD; the CSO of a blockchain startup; and VP of Operations at an industry analysis firm.Production StaffStory Editor: Chris JulinAssociate Editor: Emily HaavikExecutive Producer: Nick SelbyExecutive Producer: Dan GuidoRecordingRocky Hill Studios, Ghent, New York. Nick Selby, EngineerPreuss-Projekt Tonstudio, Salzburg, Austria. Christian Höll, EngineerRemote recordings:Whistler, BC, Canada; (Nick Selby) Queens, NY; Brooklyn, NY; Rochester, NY (Emily Haavik);Toronto, ON, Canada. TAPES//TYPES, Russell W. Gragg, EngineerTrail of Bits supports and adheres to the Tape Syncers United Fair Rates CardEdited by Emily Haavik and Chris JulinMastered by Chris JulinMusicDISPATCHES FROM TECHNOLOGY'S FUTURE, THE TRAIL OF BITS THEME, Chris JulinOPEN WINGS, Liron MeyuhasNEW WORLD, Ian PostFUNKYMANIA, Omri Smadar, The Original OrchestraGOOD AS GONE, INSTRUMENTAL VERSION, Bunker Buster ALL IN YOUR STRIDE, AbeBREATHE EASY, Omri SmadarTREEHOUSE, LingerwellLIKE THAT, Tobias BergsonSCAPES,  Gray NorthReproductionWith the exception of any Copyrighted music herein, Trail of Bits Season 1 Episode 0; Immutable © 2022 by Trail of Bits is licensed under Attribution-NonCommercial-NoDerivatives 4.0 International. This license allows reuse: reusers may copy and distribute the material in any medium or format in unadapted form and for noncommercial purposes only (noncommercial means not primarily intended for or directed towards commercial advantage or monetary compensation), provided that reusers give credit to Trail of Bits as the creator. No derivatives or adaptations of this work are permitted. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/4.0/.Meet the Team:CHRIS JULINChris Julin has spent years telling audio stories and helping other people tell theirs. These days he works as a story editor and producer for news outlets like APM Reports, West Virginia Public Broadcasting, and Marketplace. He has also taught and mentored hundreds of young journalists as a professor. For the Trail of Bits podcast, he serves as story and music editor, sound designer, and mixing and mastering engineer.EMILY HAAVIKFor the past 10 years Emily Haavik has worked as a broadcast journalist in radio, television, and digital media. She's spent time writing, reporting, covering courts, producing investigative podcasts, and serving as an editorial manager. She now works as an audio producer for several production shops including Us & Them from West Virginia Public Broadcasting and PRX, and APM Reports. For the Trail of Bits podcast, she helps with scripting, interviews, story concepts, and audio production.

Featured Voices in this Episode:Trent BrunsonTrent Brunson is a Principal Security Engineer and Research Practice Manager at Trail of Bits. He has worked in computer security since 2012 as a researcher and engineer at Assured Information Security in Rome, NY, and at the Georgia Tech Research Institute, where he served as the Threat Intelligence Branch Chief and the Associate Division Chief of Threat Intelligence & Analytics. Dan GuidoDan Guido is the CEO of Trail of Bits, a cybersecurity firm he co-founded in 2012 to address software security challenges with cutting-edge research. In his tenure leading Trail of Bits, Dan has grown the team to more than 80 engineers, led the team to compete in the DARPA Cyber Grand Challenge, built an industry-leading blockchain security practice, and refined open-source tools for the endpoint security market. In addition to his work at Trail of Bits, he runs Empire Hacking, a 1,500-member meetup group focused on NYC-area cybersecurity professionals. His latest hobby coding project, AlgoVPN, is the Internet's most recommended self-hosted VPN.Suha HussainSuha Hussain is a software security engineer who specializes in machine learning assurance. Her work also involves data privacy, program analysis, and applied cryptography. She's currently an intern at Trail of Bits, where she's worked on projects such as PrivacyRaven and Fickling. She's also pursuing a BS in Computer Science at Georgia Tech.Sam AlwsSam Alws is a computer science student at Vanderbilt University, hoping to take part in shaping the future of tech. He was a Trail of Bits wintern and also previously interned at Bloomberg LP. He serves as a volunteer software developer for Change++, writing code for charities, and spent two years with Project Spark, designing a programming curriculum for schools in India.Nick Selby (Host)An accomplished information and physical security professional, Nick leads the Software Assurance practice at Trail of Bits, giving customers at some of the world's most targeted companies a comprehensive understanding of their security landscape. He is the creator of the Trail of Bits podcast, and does everything from writing scripts to conducting interviews to audio engineering to Foley (e.g. biting into pickles). Prior to Trail of Bits, Nick was Director of Cyber Intelligence and Investigations at the NYPD; the CSO of a blockchain startup; and VP of Operations at an industry analysis firm. Production StaffStory Editor: Chris JulinAssociate Editor: Emily HaavikExecutive Producer: Nick SelbyExecutive Producer: Dan GuidoRecordingRecorded at Rocky Hill Studios, Ghent, NY - Nick Selby, Engineer22Springroad Tonstudio, Übersee, Germany - Volker Lesch, EngineerRemote recordings: New York, NY; Brooklyn, NY; Virginia; Atlanta, GA (Emily Haavik); Silver Spring, MD (Jason An). Trail of Bits supports and adheres to the Tape Syncers United Fair Rates Card.Edited by Emily Haavik and Chris JulinMastered by Chris Julin  Special ThanksDominik CzarnotaJosselin FeistMusicTRAIL OF BITS THEME: DISPATCHES FROM TECHNOLOGY'S FUTURE, Chris JulinELEMENT, Frank BentleyFOUR AM, Curtis ColeDRIVING SOLO, Ben FoxOPEN WINGS, Liron MeyuhasSHAKE YOUR STYLE, Stefano MastronardiTHE QUEEN, Jasmine J. WalkerILL PICKLE, Phil DavidPIRATE BLUES, Leon LaudenbackSCAPES, Gray NorthReproductionWith the exception of any Copyrighted music herein, Trail of Bits Season 1 Episode 2; Internships and Winternships © 2022 by Trail of Bits is licensed under Attribution-NonCommercial-NoDerivatives 4.0 International.  This license allows reuse: reusers may copy and distribute the material in any medium or format in unadapted form and for noncommercial purposes only (noncommercial means not primarily intended for or directed towards commercial advantage or monetary compensation), provided that reusers give credit to Trail of Bits as the creator. No derivatives or adaptations of this work are permitted. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/4.0/. Referenced in this Episode:Learn more about the work done by Trail of Bits interns over the years on the company blog.Apply for an internship or winternship at https://www.trailofbits.com/careersSuha Hussain and lead engineer Evan Sultanik describe the Fickling project: Never a Dill Moment: Exploiting Machine Learning Pickle Files. The Python manual refers specifically to the security issues discussed in this episode:  "The pickle module is not secure. Only unpickle data you trust... It is possible to construct malicious pickle data which will execute arbitrary code during unpickling. Never unpickle data that could have come from an untrusted source, or that could have been tampered with."Read more about PrivacyRaven and watch Suha's video introducing the project: PrivacyRaven Has Left the NestSam Alws describes his journey to speed up Echidna: Optimizing a Smart Contract FuzzerFor those interested in CTFs, especially for those who seek to start their own, Trail of Bits has posted a CTF Field Guide in the company github repository. It contains details on past CTF challenges, guidance to help you design and create your own toolkits, and case studies of attacker behavior – both in the real world, and in past CTF competitions. Each lesson is supplemented by links to supporting reference materials.Check out the AngstromCTF site here: angstromctf.comAnd here's the Montgomery Blair High School Cybersecurity Club's github repository: github.com/blairsecThe Blair students you met in this podcast were Jason An, Clarence Lam, Harikesh Kailad and Patrick Zhang. Meet the Team:Chris JulinChris Julin has spent years telling audio stories and helping other people tell theirs. These days he works as a story editor and producer for news outlets like APM Reports, West Virginia Public Broadcasting, and Marketplace. He has also taught and mentored hundreds of young journalists as a professor. For the Trail of Bits podcast, he serves as story and music editor, sound designer, and mixing and mastering engineer.Emily HaavikFor the past 10 years Emily Haavik has worked as a broadcast journalist in radio, television, and digital media. She's spent time writing, reporting, covering courts, producing investigative podcasts, and serving as an editorial manager. She now works as an audio producer for several production shops including Us & Them from West Virginia Public Broadcasting and PRX, and APM Reports. For the Trail of Bits podcast, she helps with scripting, interviews, story concepts, and audio production.

FEATURED VOICES IN THIS EPISODEDan GuidoDan Guido is the CEO of Trail of Bits, a cybersecurity firm he founded in 2012 to address software security challenges with cutting-edge research. In his tenure leading Trail of Bits, Dan has grown the team to 80 engineers, led the team to compete in the DARPA Cyber Grand Challenge, built an industry-leading blockchain security practice, and refined open-source tools for the endpoint security market. In addition to his work at Trail of Bits, he's active on the boards of four early-stage technology companies. Dan contributes to cybersecurity policy papers from RAND, CNAS, and Harvard. He runs Empire Hacking, a 1,500-member meetup group focused on NYC-area cybersecurity professionals. His latest hobby coding project -- AlgoVPN -- is the Internet's most recommended self-hosted VPN. In prior roles, Dan taught a capstone course on software exploitation at NYU as a faculty member and the Hacker in Residence, consulted at iSEC Partners (now NCC Group), and worked as an incident responder for the Federal Reserve System.Evan SultanikEvan Sultanik is a Principal Computer Security Researcher at Trail of Bits. A computer scientist with extensive experience both in industry (as a software engineer) and academia, Evan is an active contributor to open source software. He is author of more than two dozen peer-reviewed academic papers, and is particularly interested in intelligent, distributed/peer-to-peer systems. Evan is editor of and frequent contributor to the International Journal of PoC||GTFO. Trent BrunsonTrent is a Principal Security Engineer and Research Practice Manager at Trail of Bits. He has worked in computer security since 2012 as a researcher and engineer at Assured Information Security in Rome, NY, and at the Georgia Tech Research Institute, where he served as the Threat Intelligence Branch Chief and the Associate Division Chief of Threat Intelligence & Analytics.  Trent received his Ph.D. in computational physics from Emory University in Atlanta in 2014, and his dissertation work applied the renormalization group and Monte Carlo methods to study exact results on complex networks.Host: Nick SelbyAn accomplished information and physical security professional, Nick leads the Software Assurance practice at Trail of Bits, giving customers at some of the world's most targeted companies a comprehensive understanding of their security landscape. He is the creator of the Trail of Bits podcast, and does everything from writing scripts to conducting interviews to audio engineering to Foley (e.g. biting into pickles). Prior to Trail of Bits, Nick was Director of Cyber Intelligence and Investigations at the NYPD; the CSO of a blockchain startup; and VP of Operations at an industry analysis firm. Production StaffStory Editor: Chris JulinAssociate Editor: Emily HaavikExecutive Producer: Nick SelbyExecutive Producer: Dan GuidoRecordingRocky Hill Studios, Ghent, New York. Nick Selby, EngineerPreuss-Projekt Tonstudio, Salzburg, Austria. Christian Höll, EngineerRemote recordings: Whistler, BC (Nick Selby); Queens, NY (Emily Haavik)Edited and Mastered by Chris JulinTrail of Bits supports and adheres to the Tape Syncers United Fair Rates CardMusicDispatches From Technology's Future, the Trail of Bits theme, Chris JulinCANTO DELLE SCIACALLE, Cesare PastanellaSHALLOW WATER - REMIX, Omri Smadar, Yehezkel Raz, Sivan TalmorALL IN YOUR STRIDE, ABELET IT RISE, Divine Attraction ROAD LESS TRAVELED, The David Roy CollectiveKILLING ME SOFTLY, Ty SimonTECH TALK, Rex BannerLOST ON EARTH, Marek JakubowiczSCAPES, Gray NorthReproductionWith the exception of any Copyrighted music herein, Trail of Bits Season 1 Episode 0; Immutable © 2022 by Trail of Bits is licensed under Attribution-NonCommercial-NoDerivatives 4.0 International.  This license allows reuse: reusers may copy and distribute the material in any medium or format in unadapted form and for noncommercial purposes only (noncommercial means not primarily intended for or directed towards commercial advantage or monetary compensation), provided that reusers give credit to Trail of Bits as the creator. No derivatives or adaptations of this work are permitted. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/4.0/. Referenced in this EpisodeIn “Are Blockchains Decentralized? Unintended Centralities in Distributed Ledgers,” Evan Sultanik, Trent Brunson, and nine other engineers on the Trail of Bits Research and Engineering and Software Assurance teams report their findings from the year-long project to examine Blockchain centrality. Fluxture is a free and open source software crawling framework for Blockchains and peer-to-peer systems that Trail of Bits created to assist with the work described in this episode. We also link to the free and open source recursive dependency graphing tool It-Depends, which we will discuss in depth in the upcoming podcast episode that's creatively titled, It-Depends. The Are Blockchains Decentralized paper cites more than 30 academic and commercial research papers. There is literature about how malicious Tor exit nodes surveil and inject attacks into Tor-users' traffic. You may also read  comments about exit node manipulation by Tor network maintainers. One report states that On February 2, 2021, a single, malicious actor was able to fully manage 27 percent of Tor's exit capacity.The reports “How Malicious Tor Relays are Exploiting Users in 2020 (Part I)" hypothesized that the entity behind a range of malicious tor relays would not to stop its activities anytime soon; the follow-up, "Tracking One Year of Malicious Tor Exit Relay Activities" continues the discussion. Meet the Team:CHRIS JULINChris Julin has spent years telling audio stories and helping other people tell theirs. These days he works as a story editor and producer for news outlets like APM Reports, West Virginia Public Broadcasting, and Marketplace. He has also taught and mentored hundreds of young journalists as a professor. For the Trail of Bits podcast, he serves as story and music editor, sound designer, and mixing and mastering engineer.EMILY HAAVIKFor the past 10 years Emily Haavik has worked as a broadcast journalist in radio, television, and digital media. She's spent time writing, reporting, covering courts, producing investigative podcasts, and serving as an editorial manager. She now works as an audio producer for several production shops including Us & Them from West Virginia Public Broadcasting and PRX, and APM Reports. For the Trail of Bits podcast, she helps with scripting, interviews, story concepts, and audio production.

Josh and Kurt talk to David Brumley. The CEO of ForAllSecure and professor at CMU. We discuss when David's team won the Cyber Grand Challenge, what the future of automated security looks like, and what ForAllSecure is doing. It's a fascinating window into the future of the industry.

Cybersecurity experts Yan Shoshitaishvili and Adam Doupé talk with Andrew Maynard and Heather Ross about the DARPA Cyber Grand Challenge.

Zur GPN17 des Entropia e.V. im ZKM - Zentrum für Kunst und Medien und der Hochschule für Gestaltung (HfG) hat Florian Magin (@0x464d) einen Vortrag zu Automated Binary Analysis gehalten und war bereit uns auch im Podcast zu erzählen, wie er mit mathematischen Verfahren Software auf Schwachstellen analysiert. Florian studiert Informatik an der TU Darmstadt und engagiert sich im CTF-Team Wizards of Dos seiner Universität. Sein Interesse an der Computersicherheit hat ihn auch zur Firma ERNW Research geführt, wo er als Werkstudent in der IT-Sicherheitsforschung tätig ist. Wie wichtig die Suche nach Schwachstellen und deren Absicherung ist, wurde kürzlich bei der weltweiten Verbreitung der WannaCry/WannaCrypt-Schadsoftware bewusst, die die Aufmerksamkeit von einer anderen und lukrativeren Schadsoftware Adylkuzz ablenkte. Unter der Binary Analysis versteht man die quellenlose Analyse eines Programms alleine auf den Daten im Maschinencode auf einem Speichermedium. Ein erster Schritt der Analysis ist die Wandlung der Maschinensprache in Mnemonic durch einen Disassembler. Dieser Programmcode kann sich deutlich von einer ursprünglichen Quelltext des Programms unterscheiden, da der Maschinencode erzeugende Compiler eine Vielzahl von Optimierungsmöglichkeiten umsetzt, die den Ablauf und das Abbild des Programms im Maschinencode deutlich verändern können. Eine Herausforderung stellt sich inzwischen in der Größe der Programme: Während es inzwischen zahlreiche Wettbewerbe gibt, Programme unter extremen Platzbeschränkungen umzusetzen, wächst die Größe klassischer Programme stark an. Ein Maschinensprache-Befehl kann in einem Byte kodiert sein, wie früher etwa hexadezimal C9 auf dem Z80 eine Unterroutine beendet, so können in 4 Bytes Operationen wie eine Addition samt Parameter definiert sein. Die automatisierte Binäranalyse hat besonders durch die Darpa Cyber Grand Challenge im Jahr 2016 großes Interesse geweckt, wo die Teams autonome Software entwickeln sollten, die für sich alleine den CTF-Wettbewerb bestreitet. Eine Anwendung solcher automatisierten Programme ist die schnelle Überprüfung von neuer Software auf bekannte oder typische Schwachstellen oder Implementierungsfehler. Eine sehr allgemeine Methode zur Detektion von Sicherheitslücken ist das Fuzzing: Das Open Source Tool AFL modifiziert beispielsweise korrekte Eingabewerte und prüft bei welcher Modifikation das Programm vom zuvor aufgezeichneten Programmablauf abweicht und damit einen Hinweis auf eine mögliche Schwachstelle gibt. Es kann dabei idealerweise auf dem Sourcecode operieren oder auch das Programm in einem Emulator wie QEMU ausführen und analysieren. Wie schwer aber selbst Source Code zu verstehen sein kann, zeigen die Wettbewerbe International Obfuscated C Code Contest (IOCCC), zu möglichst schwer verständlichen sinnvollen Code, und der Underhanded C Contest, wo ein scheinbar sinnvoller Code für Menschen möglichst unvorhersehbare Zusatzfunktionen aufweist. Ebenso können sehr beliebte Programmiersprachen wie Python sehr unvorhersehbar reagieren, wenn man versehentlich Tabulatoren und Space vermischt, oder gleich die Programmiersprache Whitespace benutzt. Ein weiteres Beispiel ist, dass das Breitenlose Leerzeichen in neuen C++-Standards erlaubt ist, und für den Menschen ununterscheidbaren Code ermöglicht, der unterschiedliche Dinge tut. Aber auch Computer können getäuscht werden, wenn zum Vergleich unsichere Hash-Funktionen genutzt werden, wie jüngst die Shattered-Attacke auf die SHA-1 Hash zeigte. Eine automatisierte Analysemöglichkeit ist die Control Flow Graph Recovery, die beispielsweise mit IDA , radare2, binary ninja durchgeführt werden kann, um aus einer eindimensionalen Speicherdarstellung zu einem Programmnetz, wo zusammengehörige Programmblöcke miteinander vernetzt werden. Hier kann auch schon sichtbar werden, ob beschränkte Bereiche ohne Authentifikation erreicht werden können. Ein weiteres automatisierbares Verfahren ist die Datenflussanalyse, wo die Verarbeitung und Auswirkungen von Variablen und Daten im Verlauf des Programms analysiert wird. Hier kann der Verlauf von beispielsweise vertraulichen Daten kontrolliert werden. Bei einer Symbolischen Auswertung wird das Programm abstrakt mit einem Interpreter auf beliebigen variablen Daten bzw. symbolischen Ausdrücken auf allen Pfaden gleichzeitig ausgeführt. Für die Pfaderkundung benötigt man hier eine Strategie zwischen der Breitensuche und Tiefensuche, um die relevanten Teile des Ausführungsgraphen möglichst schnell abzudecken. In der automatisierten Analyse werden dabei offene Sprungmöglichkeiten zu nahezu beliebigen Adressen sehr interessant, da dies einen starken Indikator für einen Angriffsvektor liefern. Mit Return-oriented Programming kann man so bestehenden Code gezielt anspringen und für eigene Zwecke missbrauchen. Das Open-Source Framework Angr wurde von Forschern des Computer Security Lab at UC Santa Barbara entwickelt und belegte mit Shellphish auf der Darpa-Challenge den dritten Platz. Ein weiteres Open-Source Analyseframework ist Triton, welches man leicht in eigene Projekte einbinden kann. Sehr verbreitet ist auch das Framework S2E der École Polytechnique Fédérale de Lausanne. Ein weiterer Finalist der Cyber Grand Challenge ist das Team CodeJitsu von der University of California at Berkeley, Cyberhaven, and Syracuse. Die Binary Analysis Platform wurde vom Team um Professor David Brumley am Cylab der Carnegie Mellon University entwickelt. Funktionale Programmiersprachen wie OCAML oder Haskell haben für den Anwendungsfall der symbolischen Auswertung ganz besondere Vorteile. Ebenso werden Programmiersprachen auch auf ihre inherente Unsicherheit im Sinne der Language based security untersucht, sowie fertige Programme versucht auch auf ihre Korrektheit zu verifizieren. Ein Tool, das dies vereinfachen soll ist der Z3 Prover. Hier kommt die Suche nach Sicherheitslücke zur Mathematik: In der formalen Darstellung einer Routine kann das Verhalten als Abbildung aus symbolischen Variablen beschrieben werden, und die Suche nach einer Lösung führt auf die entsprechenden Logik oder Optimierungsverfahren. Literatur und weiterführende Informationen Florian Magin: Introduction to Automated Binary Analysis, Vortrag auf der GPN17, 2017. Program Analysis reading list D. Brumley: Analysis and Defense of Vulnerabilities in Binary Code, PhD thesis, School of Computer Science Carnegie Mellon University, 2008. Podcasts M. Musch: Steganographie, Gespräch mit S. Ritterbusch im Modellansatz Podcast, Folge 57, Fakultät für Mathematik, Karlsruher Institut für Technologie (KIT), 2015. J. Breitner: Incredible Proof Machine, Gespräch mit S. Ritterbusch im Modellansatz Podcast, Folge 78, Fakultät für Mathematik, Karlsruher Institut für Technologie (KIT), 2016. GPN17 Special Sibyllinische Neuigkeiten: GPN17, Folge 4 im Podcast des CCC Essen, 2017. M. Lösch: Smart Meter Gateway, Gespräch mit S. Ritterbusch im Modellansatz Podcast, Folge 135, Fakultät für Mathematik, Karlsruher Institut für Technologie (KIT), 2017. F. Magin: Automated Binary Analysis, Gespräch mit S. Ritterbusch im Modellansatz Podcast, Folge 137, Fakultät für Mathematik, Karlsruher Institut für Technologie (KIT), 2017.

Juniper joins Cisco and Fortigate, US and Canada store were infected by malware, and DARPA Cyber Grand Challenge that ran at DEFCON. Visit http://hacknaked.tv to get all the latest episodes!

Juniper joins Cisco and Fortigate, US and Canada store were infected by malware, and DARPA Cyber Grand Challenge that ran at DEFCON. Visit http://hacknaked.tv to get all the latest episodes!

Juniper joins Cisco and Fortigate, US and Canada store were infected by malware, and DARPA Cyber Grand Challenge that ran at DEFCON.

Juniper joins Cisco and Fortigate, US and Canada store were infected by malware, and DARPA Cyber Grand Challenge that ran at DEFCON.

Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Yan-Shoshitaishvili-Fish-Wang-Angry-Hacking.pdf Angry Hacking - the next generation of binary analysis Yan Shoshitaishvili PhD Student, UC Santa Barbara Fish Wang PhD Student, UC Santa Barbara Security has gone from a curiosity to a phenomenon in the last decade. Fortunately for us, despite the rise of memory-safe, interpreted, lame languages, the security of binaries is as relevant as ever. On top of that, (computer security) Capture the Flag competitions have skyrocketed in popularity, with new and exciting binaries on offer for hacking every weekend. This all sounds great, and it is. Unfortunately, the more time goes by, the older we get, and the more our skills fade. Whereas we were happy to stare at objdump a decade ago, today, we find the menial parts of reversing and pwning more and more tiring and more and more difficult. Worse, while security analysis tools have been evolving to make life easier for us hackers, the core tools that we use (like IDA Pro) have remained mostly stagnant. And on top of that, the term "binaries" have expanded to regularly include ARM, MIPS, PPC, MSP430, and every other crazy architecture you can think of, rather than the nice, comfortable x86 of yesteryear. New tools are required, and we're here to deliver. Over the last two years, we have been working on a next-generation binary analysis framework in an attempt to turn back the tide and reduce our mounting noobness. The result is called angr. angr assists in binary analysis by providing extremely powerful, state-of-the-art analyses, and making them as straightforward to use as possible. Ever wanted to know *what freaking value* some variable could take on in a function (say, can the target of a computed write point to the return address)? angr can tell you! Want to know what input you need to trigger a certain code path and export a flag? Ask angr! In the talk, we'll cover three of the analyses that angr provides: a powerful static analysis engine (able to, among other things, automatically identify potential memory corruption in binaries through the use of Value-Set Analysis), its symbolic execution engine, and dynamic emulation of various architectures (*super* useful for debugging shellcode). On top of that, angr is designed to make the life of a hacker as easy as possible -- for example, the whole system is 98% Python, and is designed to be a breeze to interact with through iPython. Plus, it comes with a nifty GUI with nice visualizations for symbolically exploring a program, tracking differences between different program paths, and understanding value ranges of variables and registers. Finally, angr is designed to be easily extensible and embeddable in other applications. We'll show off a semantic-aware ROP gadget finder ("are there any gadgets that write to a positive offset of rax but don't clobber rbx" or "given this program state, what are the gadgets that won't cause a segfault") and a binary diffing engine, both built on angr. We've used angr to solve CTF binaries, analyze embedded devices, debug shellcode, and even dabble in the DARPA Cyber Grand Challenge. We'll talk about our experiences with all of that and will release angr to the world, hopefully revolutionizing binary analysis and making everyone ANGRY! Yan and Fish are two members of Shellphish, a pretty badass hacking team famous for low SLA and getting the freaking exploit JUST A FREAKING MINUTE LATE. Their secret identities are those of PhD students in the security lab of UC Santa Barbara. When they're not CTFing or surfing, they're doing next-generation (what does that even mean?) security research. Their works have been published in numerous academic venues. For example, in 2013, they created an automatic tool, called MovieStealer, a tool to automatically break the DRM of streaming media services [1]. After taking 2014 to work on angr, in 2015, they followed this up with an analysis of backdoors in embedded devices [2]. Now, they've set their sights on helping the world analyze binaries faster, better, stronger, by revolutionizing the analysis tool landscape! [1] https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/wang_ruoyu [2] http://www.internetsociety.org/doc/firmalice-automatic-detection-authentication-bypass-vulnerabilities-binary-firmware Twitter: @zardus