I just want a list of which vulnerabilities were exploited by which engines and in what round + all the vulnerabilities in source (which is in the repo I think). :)
In a way, having them be able to SEE people throw vulnerabilities at each other corrupts the data a bit I think, because you no longer no what they FOUND and what they SAW, if that makes sense? -dave On Thu, Aug 17, 2017 at 3:20 PM Jordan Wiens <[email protected]> wrote: > Happy to answer any questions if there are any. (As best as I can remember > anyway--been a while since we first recorded it and even longer since most > of the analysis) > > One of my favorite moments we found what looked like true back-and-forth > interaction between two of the CRS's. To be clear, we don't know at all > /why/ they behaved the way they did since they were black boxes from our > perspective. Even some of the teams I've talked to after the competition > have no idea why their systems did what they did -- whether because lack of > logging, or because the system architecture made introspection into which > component initiated which actions difficult. > > These two systems had multiple rounds of back-and-forth behavior where: > > 1) a stack based BO was exploited against a service, and the payload > obfuscated the address of the flag page data it was stealing bytes from > (reading from the flag page was one mechanism for scoring). > > 2) a patch was submitted in the minimum time possible from the team being > scored upon that generically protected the binary by remapping the stack as > non-executable (and did a few other changes as well--they were all part of > the standard toolkit this team applied to some binaries) > > 3) the attacking team re-formulated their payload to use ROP gadgets, > successfully evading the NX stack protection, but now exposing the "flag > page" address they were reading data from in cleartext on the wire > > 4) the defending team deployed a network filter that fairly naively (but > effectively it turns out) blocked the first several bytes of the address of > the flag page, stopping the exploit. > > And all it happened in less time than it would take even very good human > exploiters to land bug in the first place (at least when forced to work > with unfamiliar tools and a stressful environment). We actually have > reasonably good data on that from last year's Infiltrate NOPCert challenge. > > On Wed, Aug 9, 2017 at 6:36 PM, Kristian Erik Hermansen < > [email protected]> wrote: > >> A 2+ hour video recap released with interesting visuals and technical >> analysis: >> >> Watch "Cyber Grand Challenge: The Analysis" on YouTube >> >> https://youtu.be/SYYZjTx92KU >> >> _______________________________________________ >> Dailydave mailing list >> [email protected] >> https://lists.immunityinc.com/mailman/listinfo/dailydave >> >> > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave >
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
