diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..fad25bb --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +_site/ +.jekyll-cache/ +.jekyll-metadata +Gemfile.lock +vendor/ +.sass-cache/ +.DS_Store diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..837a64e --- /dev/null +++ b/Dockerfile @@ -0,0 +1,28 @@ +# Local Jekyll dev environment for shellphish.github.io. +# Matches the Ruby/Bundler setup GitHub Pages uses to build the site. +FROM ruby:3.3-slim + +# build-essential + git are needed to compile native gem extensions +# (eventmachine, ffi, nokogiri, http_parser.rb) that github-pages pulls in. +RUN apt-get update \ + && apt-get install -y --no-install-recommends build-essential git \ + && rm -rf /var/lib/apt/lists/* + +# Keep bundled gems OUTSIDE /site — at runtime we bind-mount the project onto +# /site, which would otherwise hide anything installed there at build time. +# /usr/local/bundle is the ruby image default and survives the mount. +ENV BUNDLE_PATH=/usr/local/bundle \ + BUNDLE_JOBS=4 + +# Pre-seed gems into the image so `docker run` starts fast. Gemfile.lock is +# optional — copied if present so we resolve the exact pinned versions. +WORKDIR /tmp/gems +COPY Gemfile Gemfile.loc[k] ./ +RUN bundle install + +WORKDIR /site +EXPOSE 4000 35729 + +# On startup, reconcile against whatever Gemfile/.lock is currently mounted +# (no-op if the image already has the right gems), then serve with livereload. +CMD bundle install && bundle exec jekyll serve --host 0.0.0.0 --livereload --force_polling diff --git a/Gemfile b/Gemfile new file mode 100644 index 0000000..b359dcf --- /dev/null +++ b/Gemfile @@ -0,0 +1,12 @@ +source "https://rubygems.org" + +# Mirrors the Jekyll / plugin versions that GitHub Pages runs in production. +# Pinning to this gem guarantees `bundle exec jekyll serve` locally matches prod. +gem "github-pages", group: :jekyll_plugins + +# webrick was dropped from Ruby stdlib in 3.0; Jekyll 3.x's `serve` needs it. +gem "webrick", "~> 1.8" + +# Tzinfo data for Windows + JRuby (harmless on macOS/Linux). +gem "tzinfo-data", platforms: [:mingw, :x64_mingw, :mswin, :jruby] +gem "wdm", ">= 0.1.0", platforms: [:mingw, :x64_mingw, :mswin] diff --git a/README.md b/README.md index 24ff3b1..f00899b 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,55 @@ # shellphish.github.io -Shellphish web site currently a repo for the static HTML -The previous website was done with hugo and housed internally, -the url was: https://git.seclab.cs.ucsb.edu/shellphish/shellphish.net +Source for . Built with [Jekyll](https://jekyllrb.com/) +and hosted on GitHub Pages. Most pages are plain Markdown; the members list +and AIxCC publication list live in YAML under `_data/` so new entries are a +one-line edit. -(don't expect to find it here, the path is just relevant for historical purposes) +## Layout -Moving the website here solves the problem of expiring certificates. +``` +_config.yml Jekyll config +_layouts/default.html shared /navbar; every page uses this +_data/members.yml member roster +_data/aixcc_publications.yml AIxCC publication list +index.md / — home +members/index.md /members/ +cgc/index.md /cgc/ +aixcc/index.md /aixcc/ +aixcc/shellphish_aixcc_qualification.md /aixcc/shellphish_aixcc_qualification/ +aixcc/publications/ PDFs + BibTeX (unchanged) +shellphish.css original stylesheet (unchanged) +*.png, *.jpg original images (unchanged) +``` + +## Run it locally + +### With Docker (no Ruby install needed) + +```sh +docker build -t shellphish-site . +docker run --rm -p 4000:4000 -p 35729:35729 -v "$PWD:/site" shellphish-site +``` + +Site serves at . Edits to `.md` / `.yml` / layouts hot-reload. + +### With a local Ruby -The real url is https://shellphish.net. +Requires Ruby 3.x (macOS ships with 2.x — use `brew install ruby` or `rbenv`). + +```sh +bundle install # first time only +bundle exec jekyll serve --livereload +``` + +## Publish + +Push to `master`. GitHub Pages builds with the `github-pages` gem pinned in the +`Gemfile`, so the production build matches what you saw locally. + +--- + +The previous website was done with hugo and housed internally, +the URL was: https://git.seclab.cs.ucsb.edu/shellphish/shellphish.net +(don't expect to find it there, the path is just relevant for historical purposes). +Moving the website here solves the problem of expiring certificates. diff --git a/_config.yml b/_config.yml new file mode 100644 index 0000000..6949b61 --- /dev/null +++ b/_config.yml @@ -0,0 +1,23 @@ +title: Shellphish +description: Shellphish pursues the joy of hacking. + +# Use the safe Kramdown + Liquid stack that GitHub Pages runs. +markdown: kramdown +kramdown: + input: GFM + hard_wrap: false + +# We ship our own layout; no theme needed. +theme: null + +# Keep tooling/infra files out of the built site. +exclude: + - Gemfile + - Gemfile.lock + - README.md + - vendor + - .DS_Store + - "**/.DS_Store" + +# Keep URLs identical to the old site (…/members/, …/cgc/, …/aixcc/). +permalink: pretty diff --git a/_data/aixcc_publications.yml b/_data/aixcc_publications.yml new file mode 100644 index 0000000..51d6b4a --- /dev/null +++ b/_data/aixcc_publications.yml @@ -0,0 +1,178 @@ +# Publications featured on the AIxCC page. +# Each entry renders as a bullet with title/authors/venue/location/date and PDF/Bib links. +# "slug" is the filename stem under aixcc/publications/.pdf and .bib. + +- title: "ACTOR: Action-Guided Kernel Fuzzing" + authors: "Marius Fleischer, Dipanjan Das, Priyanka Bose, Weiheng Bai, Kangjie Lu, Mathias Payer, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the USENIX Security Symposium" + where: "Los Angeles, USA" + when: "August 2023" + slug: 2023_USENIX_Actor + +- title: "Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities" + authors: "Erik Trickel, Fabio Pagani, Chang Zhu, Lukas Dresel, Giovanni Vigna, Christopher Kruegel, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupe" + venue: "Proceedings of the IEEE Symposium on Security and Privacy (SP)" + where: "San Francisco" + when: "May 2023" + slug: 2023_SP_Witcher + +- title: "Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing" + authors: "Tobias Scharnowski, Nils Bars, Moritz Schloegel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, Ali Abbas" + venue: "Proceedings of the USENIX Security Symposium" + where: "Boston, USA" + when: "August 2022" + slug: 2022_USENIXSecurity_Fuzzware + +- title: "HEAPSTER: Analyzing the Security of Dynamic Allocators for Monolithic Firmware Images" + authors: "Fabio Gritti, Fabio Pagani, Ilya Grishchenko, Lukas Dresel, Nilo Redini, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the IEEE Symposium on Security and Privacy (SP)" + where: "San Francisco" + when: "May 2022" + slug: 2022_SP_Heapster + +- title: "SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning" + authors: "Nicola Ruaro, Lukas Dresel, Kyle Zeng, Tiffany Bao, Mario Polino, Andrea Continella, Stefano Zanero, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID)" + where: "San Sebastian, Spain" + when: "October 2021" + slug: 2021_RAID_SyML + +- title: "Token-Level Fuzzing" + authors: "Christopher Salls, Chani Jindal, Jake Corina, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the USENIX Security Symposium" + where: "Virtual" + when: "August 2021" + slug: 2021_USENIXSecurity_JSToken + +- title: "Bran: Reduce Vulnerability Search Space in Large Open-Source Repositories by Learning Bug Symptoms" + authors: "Dongyu Meng, Michele Guerriero, Aravind Machiry, Hojjat Aghakhani, Priyanka Bose, Andrea Continella, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the ACM Asia Conference on Computer and Communications Security (AsiaCCS)" + where: "Hong Kong, China" + when: "June 2021" + slug: 2021_AsiaCCS_Bran + +- title: "DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices" + authors: "Nilo Redini, Andrea Continella, Dipanjan Das, Giulio Pasquale, Noah Spahn, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the IEEE Symposium on Security and Privacy" + where: "Virtual" + when: "May 2021" + slug: 2021_SP_Diane + +- title: "Exploring Abstraction Functions in Fuzzing" + authors: "Christopher Salls, Aravind Machiry, Adam Doupe, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the IEEE Conference on Communications and Network Security (CNS)" + where: "Avignon, France" + when: "June 2020" + slug: 2020_CNS_FuzzSense + +- title: "SYMBION: Interleaving Symbolic with Concrete Execution" + authors: "Fabio Gritti, Lorenzo Fontana, Eric Gustafson, Fabio Pagani, Andrea Continella, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the IEEE Conference on Communications and Network Security (CNS)" + where: "Avignon, France" + when: "June 2020" + slug: 2020_CNS_Symbion + +- title: "SPIDER: Enabling Fast Patch Propagation in Related Software Repositories" + authors: "Aravind Machiry, Nilo Redini, Eric Camellini, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the IEEE Symposium on Security and Privacy" + where: "San Francisco, CA" + when: "May 2020" + slug: 2020_SP_Spider + +- title: "KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware" + authors: "Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the IEEE Symposium on Security and Privacy" + where: "San Francisco, CA" + when: "May 2020" + slug: 2020_SP_Karonte + +- title: "Sleak: Automating Address Space Layout Derandomization" + authors: "Christophe Hauser, Jayakrishna Menon, Yan Shoshitaishvili, Ruoyu Wang, Giovanni Vigna, Christopher Kruegel" + venue: "Proceedings of the Annual Computer Security Applications Conference (ACSAC)" + where: "San Juan, Puerto Rico" + when: "December 2019" + slug: 2019_ACSAC_Sleak + +- title: "PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary" + authors: "Dokyung Song, Felicitas Hetzelt, Dipanjan Das, Chad Spensky, Yeoul Na, Stijn Volckaert, Giovanni Vigna, Christopher Kruegel, Jean-Pierre Seifert, Michael Franz" + venue: "Proceedings of the Network and Distributed Systems Security Symposium (NDSS)" + where: "San Diego, USA" + when: "February 2019" + slug: 2019_NDSS_Periscope + +- title: "HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security" + authors: "Moritz Eckert, Antonio Bianchi, Ruoyu Wang, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the USENIX Security Symposium" + where: "Baltimore, MD" + when: "August 2018" + slug: 2018_USENIXSecurity_HeapHopper + +- title: "Mechanical Phish: Resilient Autonomous Hacking" + authors: "Yan Shoshitaishvili, Antonio Bianchi, Kevin Borgolte, Amat Cama, Jacopo Corbetta, Francesco Disperati, Audrey Dutcher, John Grosen, Paul Grosen, Aravind Machiry, Chris Salls, Nick Stephens, Ruoyu Wang, Giovanni Vigna" + venue: "IEEE Security and Privacy Magazine" + where: "vol. 16, no. 2" + when: "March 2018" + slug: 2018_SPMag_MechPhish + +- title: "Piston: Uncooperative Remote Runtime Patching" + authors: "Christopher Salls, Yan Shoshitaishvili, Nick Stephens, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the Annual Computer Security Applications Conference (ACSAC)" + where: "Orlando, FL" + when: "December 2017" + slug: 2017_ACSAC_Piston + +- title: "Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance" + authors: "Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the ACM Conference on Computer and Communications Security (CCS)" + where: "Dallas, TX" + when: "October 2017" + slug: 2017_CCS_HaCRS + +- title: "DIFUZE: Interface Aware Fuzzing for Kernel Drivers" + authors: "Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the ACM Conference on Computer and Communications Security (CCS)" + where: "Dallas, TX" + when: "October 2017" + slug: 2017_CCS_Difuze + +- title: "DR.CHECKER: A Soundy Analysis for Linux Kernel Drivers" + authors: "Aravind Machiry, Chad Spensky, Jake Corina, Nick Stephens, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the USENIX Security Symposium" + where: "Vancouver, BC" + when: "August 2017" + slug: 2017_USENIXSecurity_DrChecker + +- title: "Ramblr: Making Reassembly Great Again" + authors: "Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the Network and Distributed System Security Symposium (NDSS)" + where: "San Diego, CA" + when: "February 2017" + slug: 2017_NDSS_Ramblr + +- title: "Cyber Grand Shellphish" + authors: "Shellphish Group" + venue: "Phrack Magazine" + where: "Online Publication" + when: "January 2017" + slug: 2017_Phrack_CyberGrandShellphish + +- title: "(State of) The Art of War: Offensive Techniques in Binary Analysis" + authors: "Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Audrey Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the IEEE Symposium on Security and Privacy" + where: "San Jose, CA" + when: "May 2016" + slug: 2016_SP_angrSoK + +- title: "Driller: Augmenting Fuzzing Through Selective Symbolic Execution" + authors: "Nick Stephens, John Grosen, Christopher Salls, Audrey Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the Network and Distributed System Security Symposium (NDSS)" + where: "San Diego, CA" + when: "February 2016" + slug: 2016_NDSS_Driller + +- title: "Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware" + authors: "Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel, Giovanni Vigna" + venue: "Proceedings of the Network and Distributed System Security Symposium (NDSS)" + where: "San Diego, CA" + when: "February 2015" + slug: 2015_NDSS_Firmalice diff --git a/_data/members.yml b/_data/members.yml new file mode 100644 index 0000000..9850b1a --- /dev/null +++ b/_data/members.yml @@ -0,0 +1,207 @@ +- handle: zanardi/z4n4rd1 + name: Giovanni Vigna + note: Founded the team in 2005 +- handle: void + joined: 2005 +- handle: sicko + joined: 2005 +- handle: beetal + joined: 2005 +- handle: nullptr + joined: 2005 +- handle: ViRus + name: Vika Felmetsger + joined: 2005 +- handle: weaver + joined: 2005 +- handle: irish + joined: 2005 +- handle: deadi + joined: 2005 +- handle: balzaroth + name: Davide Balzarotti + joined: 2005 +- handle: marco + name: Marco Cova + joined: 2006 +- handle: collin + name: Collin Mulliner + joined: 2006 +- handle: odo + name: Sean Ford + joined: 2008 +- handle: engiman + joined: 2008 +- handle: gigi sullivan + joined: 2008 +- handle: voltaire + joined: 2008 +- handle: adamd + name: "Adam Doupé" + joined: 2008 +- handle: cavedon + name: Ludovico Cavedon + joined: 2009 +- handle: bboe + name: Bryce Boe + joined: 2009 +- handle: zardus + name: Yan Shoshitaishvili + joined: 2009 +- handle: pizzaman + joined: 2009 +- handle: freeman + joined: 2009 +- handle: invernizzi + name: Luca Invernizzi + joined: 2009 +- handle: gianluca + joined: 2010 +- handle: hunt3r + joined: 2010 +- handle: reyammer + name: "Yanick \u201Creyammer\u201D Fratantonio" + joined: 2010 +- handle: dhilung + name: Dhilung Kirat + joined: 2010 +- handle: spjsschl + name: Johannes Schlumberger + joined: 2010 +- handle: greg + name: Gregoire Jacob + joined: 2011 +- handle: anton00b + name: Antonio Bianchi + joined: 2011 +- handle: hacopo + name: Jacopo Corbetta + joined: 2011 +- handle: mw + name: Michael Weissbacher + joined: 2011 +- handle: cao + name: Kevin Borgolte + joined: 2012 +- handle: fish + joined: 2013 +- handle: jay + joined: 2013 +- handle: kereoz + joined: 2014 +- handle: ocean + joined: 2014 +- handle: rhelmot + name: Audrey Dutcher + joined: 2014 +- handle: venom00 + joined: 2014 +- handle: donfos + name: Aravind Machiry + joined: 2014 +- handle: badnack + joined: 2014 +- handle: subwire + name: Eric Gustafson + joined: 2014 +- handle: acez + joined: 2014 +- handle: salls + joined: 2014 +- handle: spermachine + joined: 2015 +- handle: nezorg + joined: 2015 +- handle: crowell + joined: 2015 +- handle: shortman + joined: 2015 +- handle: situation + joined: 2015 +- handle: mpizza + joined: 2016 +- handle: conand + name: Andrea Continella + joined: 2016 +- handle: nebirhos + joined: 2016 +- handle: lockshaw + name: Colin Unger + joined: 2016 +- handle: sartina + joined: 2016 +- handle: init + emphasized: true + joined: 2017 +- handle: honululu + joined: 2017 +- handle: sherlock + joined: 2017 +- handle: mightymo + joined: 2017 +- handle: 9yte + joined: 2017 +- handle: phate + name: Sebastiano Mariani + joined: 2017 +- handle: cub01d + joined: 2017 +- handle: dex + joined: 2017 +- handle: mahaloz + name: Zion Leonahenahe Basque + joined: 2018 +- handle: kanak + joined: 2018 +- handle: clasm + joined: 2018 +- handle: kylebot + joined: 2018 +- handle: gkrishna + joined: 2018 +- handle: 4rbit3r + joined: 2018 +- handle: degrigis + joined: 2018 +- handle: eugenek + joined: 2018 +- handle: DuSu + joined: 2018 +- handle: saagarjha + joined: 2018 +- handle: overwatch + joined: 2019 +- handle: mdy + joined: 2019 +- handle: yuzu + joined: 2019 +- handle: cinderella + joined: 2019 +- handle: Samuel + joined: 2019 +- handle: GH0S1 + name: Bader AlBassam + joined: 2019 +- handle: frqmod + joined: 2020 +- handle: pagabuc + name: Fabio Pagani + joined: 2020 +- handle: F4_U57 + name: Jude O'Kain + joined: 2021 +- handle: mzakocs + name: Mitchell Zakocs + joined: 2021 +- handle: xenia + name: xenia dragon + joined: 2022 +- handle: zolutal + name: Jennifer Miller + joined: 2022 +- handle: Flipout50 + name: Caden Thomas Sounart + joined: 2022 +- handle: x3ero0 + name: Pulkit Singh Singaria + joined: 2022 diff --git a/_layouts/default.html b/_layouts/default.html new file mode 100644 index 0000000..cd77d68 --- /dev/null +++ b/_layouts/default.html @@ -0,0 +1,20 @@ + + + + + + + {% if page.title %}{{ page.title }} | {% endif %}Shellphish + + + + + {{ content }} + + diff --git a/aixcc/index.html b/aixcc/index.html deleted file mode 100644 index 04f1234..0000000 --- a/aixcc/index.html +++ /dev/null @@ -1,456 +0,0 @@ - - - - - - - AI Cyber Challenge (AIxCC) | Shellphish - - - - -

The AI Cyber Challenge

- -
- - Shellphish AIxCC Logo - -
- - -

The AI Cyber Challenge (AIxCC) is a two-year competition sponsored by DARPA and ARPA-H, -designed to address pressing cybersecurity challenges in an increasingly interconnected world.

- -

Complex open-source software is part of the backbone of essential systems from financial networks to public utilities, and therefore there is a need - for autonomous, scalable, efficient, and robust AI-enabled cybersecurity solutions to identify vulnerabilities in software and fix them before they are exploited - by adversaries with disastrous consequences.

- -

AIxCC brings together top minds in AI and cybersecurity to develop innovative AI systems capable of safeguarding the software that - underpins critical sectors, including healthcare, transportation, and public utilities. - The competition offers a total of $29.5 million in prizes, with $7 million specifically allocated to small businesses to encourage entrepreneurial innovation.

- -

AIxCC is a collaboration between leading AI companies, DARPA, and ARPA-H, ensuring that - competitors have access to the latest technology and expertise. - The competition also works closely with the open-source community, emphasizing the importance of - securing open-source software, which is integral to much of the world's critical infrastructure.

- -

The competition takes place at DEF CON, one of the world's premier cybersecurity conferences. - The semifinals were carried out during DEF CON 2024, with the final competition at DEF CON 2025, where the top team will be awarded a $4 million prize.

- -

The Shellphish team participates to this competition with a novel Cyber Reasoning System (CRS), called ARTIPHISHELL, which qualified for the final competition in August 2024, - receiving a 2 million dollar award (see the press release for details).

- -

The ARTIPHISHELL AI-based Cyber Reasoning System is the result of many year of research work from the members of the Shellphish hacker collective. - Some of the relevant works published in the last ten years are listed below.

-
    - -
  • - - ACTOR: Action-Guided Kernel Fuzzing - -
    - - Marius Fleischer, Dipanjan Das, Priyanka Bose, Weiheng Bai, Kangjie Lu, Mathias Payer, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the USENIX Security Symposium -
    - Los Angeles, USA August 2023 -
    - [ PDF, Bib ] -
    • - -
  • - - Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities - -
    - - Erik Trickel, Fabio Pagani, Chang Zhu, Lukas Dresel, Giovanni Vigna, Christopher Kruegel, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupe - -
    - Proceedings of the IEEE Symposium on Security and Privacy (SP) -
    - San Francisco May 2023 -
    - [ PDF, Bib ] -
    • - -
  • - - Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing - -
    - - Tobias Scharnowski, Nils Bars, Moritz Schloegel, Eric Gustafson, Marius Muench, Giovanni Vigna, Christopher Kruegel, Thorsten Holz, Ali Abbas - -
    - Proceedings of the USENIX Security Symposium -
    - Boston, USA August 2022 -
    - [ PDF, Bib ] -
    • - -
  • - - HEAPSTER: Analyzing the Security of Dynamic Allocators for Monolithic Firmware Images - -
    - - Fabio Gritti, Fabio Pagani, Ilya Grishchenko, Lukas Dresel, Nilo Redini, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the IEEE Symposium on Security and Privacy (SP) -
    - San Francisco May 2022 -
    - [ PDF, Bib ] -
    • - - -
  • - - SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning - -
    - - Nicola Ruaro, Lukas Dresel, Kyle Zeng, Tiffany Bao, Mario Polino, Andrea Continella, Stefano Zanero, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID) -
    - San Sebastian, Spain October 2021 -
    - [ PDF, Bib ] -
    • - -
  • - - Token-Level Fuzzing - -
    - - Christopher Salls, Chani Jindal, Jake Corina, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the USENIX Security Symposium -
    - Virtual August 2021 -
    - [ PDF, Bib ] -
    • - -
  • - - Bran: Reduce Vulnerability Search Space in Large Open-Source Repositories by Learning Bug Symptoms - -
    - - Dongyu Meng, Michele Guerriero, Aravind Machiry, Hojjat Aghakhani, Priyanka Bose, Andrea Continella, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the ACM Asia Conference on Computer and Communications Security (AsiaCCS) -
    - Hong Kong, China June 2021 -
    - [ PDF, Bib ] -
    • - -
  • - - DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices - -
    - - Nilo Redini, Andrea Continella, Dipanjan Das, Giulio Pasquale, Noah Spahn, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the IEEE Symposium on Security and Privacy -
    - Virtual May 2021 -
    - [ PDF, Bib ] -
    • - -
  • - - Exploring Abstraction Functions in Fuzzing - -
    - - Christopher Salls, Aravind Machiry, Adam Doupe, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the IEEE Conference on Communications and Network Security (CNS) -
    - Avignon, France June 2020 -
    - [ PDF, Bib ] -
    • - -
  • - - SYMBION: Interleaving Symbolic with Concrete Execution - -
    - - Fabio Gritti, Lorenzo Fontana, Eric Gustafson, Fabio Pagani, Andrea Continella, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the IEEE Conference on Communications and Network Security (CNS) -
    - Avignon, France June 2020 -
    - [ PDF, Bib ] -
    • - -
  • - - SPIDER: Enabling Fast Patch Propagation in Related Software Repositories - -
    - - Aravind Machiry, Nilo Redini, Eric Camellini, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the IEEE Symposium on Security and Privacy -
    - San Francisco, CA May 2020 -
    - [ PDF, Bib ] -
    • - -
  • - - KARONTE: Detecting Insecure Multi-binary Interactions in Embedded Firmware - -
    - - Nilo Redini, Aravind Machiry, Ruoyu Wang, Chad Spensky, Andrea Continella, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the IEEE Symposium on Security and Privacy -
    - San Francisco, CA May 2020 -
    - [ PDF, Bib ] -
    • - -
  • - - Sleak: Automating Address Space Layout Derandomization - -
    - - Christophe Hauser, Jayakrishna Menon, Yan Shoshitaishvili, Ruoyu Wang, Giovanni Vigna, Christopher Kruegel - -
    - Proceedings of the Annual Computer Security Applications Conference (ACSAC) -
    - San Juan, Puerto Rico December 2019 -
    - [ PDF, Bib ] -
    • - -
  • - - PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary - -
    - - Dokyung Song, Felicitas Hetzelt, Dipanjan Das, Chad Spensky, Yeoul Na, Stijn Volckaert, Giovanni Vigna, Christopher Kruegel, Jean-Pierre Seifert, Michael Franz - -
    - Proceedings of the Network and Distributed Systems Security Symposium (NDSS) -
    - San Diego, USA February 2019 -
    - [ PDF, Bib ] -
    • - -
  • - - HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security - -
    - - Moritz Eckert, Antonio Bianchi, Ruoyu Wang, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the USENIX Security Symposium -
    - Baltimore, MD August 2018 -
    - [ PDF, Bib ] -
    • - -
  • - - Mechanical Phish: Resilient Autonomous Hacking - -
    - - Yan Shoshitaishvili, Antonio Bianchi, Kevin Borgolte, Amat Cama, Jacopo Corbetta, Francesco Disperati, Audrey Dutcher, John Grosen, Paul Grosen, Aravind Machiry, Chris Salls, Nick Stephens, Ruoyu Wang, Giovanni Vigna - -
    - IEEE Security and Privacy Magazine -
    - vol. 16, no. 2 March 2018 -
    - [ PDF, Bib ] -
    • - -
  • - - Piston: Uncooperative Remote Runtime Patching - -
    - - Christopher Salls, Yan Shoshitaishvili, Nick Stephens, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the Annual Computer Security Applications Conference (ACSAC) -
    - Orlando, FL December 2017 -
    - [ PDF, Bib ] -
    • - -
  • - - Rise of the HaCRS: Augmenting Autonomous Cyber Reasoning Systems with Human Assistance - -
    - - Yan Shoshitaishvili, Michael Weissbacher, Lukas Dresel, Christopher Salls, Ruoyu Wang, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the ACM Conference on Computer and Communications Security (CCS) -
    - Dallas, TX October 2017 -
    - [ PDF, Bib ] -
    • - -
  • - - DIFUZE: Interface Aware Fuzzing for Kernel Drivers - -
    - - Jake Corina, Aravind Machiry, Christopher Salls, Yan Shoshitaishvili, Shuang Hao, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the ACM Conference on Computer and Communications Security (CCS) -
    - Dallas, TX October 2017 -
    - [ PDF, Bib ] -
    • - -
  • - - DR.CHECKER: A Soundy Analysis for Linux Kernel Drivers - -
    - - Aravind Machiry, Chad Spensky, Jake Corina, Nick Stephens, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the USENIX Security Symposium -
    - Vancouver, BC August 2017 -
    - [ PDF, Bib ] -
    • - -
  • - - Ramblr: Making Reassembly Great Again - -
    - - Ruoyu Wang, Yan Shoshitaishvili, Antonio Bianchi, Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the Network and Distributed System Security Symposium (NDSS) -
    - San Diego, CA February 2017 -
    - [ PDF, Bib ] -
    • - -
  • - - Cyber Grand Shellphish - -
    - - Shellphish Group - -
    - Phrack Magazine -
    - Online Publication January 2017 -
    - [ PDF, Bib ] -
    • - -
  • - - (State of) The Art of War: Offensive Techniques in Binary Analysis - -
    - - Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Audrey Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the IEEE Symposium on Security and Privacy -
    - San Jose, CA May 2016 -
    - [ PDF, Bib ] -
    • - -
  • - - Driller: Augmenting Fuzzing Through Selective Symbolic Execution - -
    - - Nick Stephens, John Grosen, Christopher Salls, Audrey Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the Network and Distributed System Security Symposium (NDSS) -
    - San Diego, CA February 2016 -
    - [ PDF, Bib ] -
    • - -
  • - - Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware - -
    - - Yan Shoshitaishvili, Ruoyu Wang, Christophe Hauser, Christopher Kruegel, Giovanni Vigna - -
    - Proceedings of the Network and Distributed System Security Symposium (NDSS) -
    - San Diego, CA February 2015 -
    - [ PDF, Bib ] -
    • - -
- - diff --git a/aixcc/index.md b/aixcc/index.md new file mode 100644 index 0000000..37d0a91 --- /dev/null +++ b/aixcc/index.md @@ -0,0 +1,52 @@ +--- +layout: default +title: AI Cyber Challenge (AIxCC) +permalink: /aixcc/ +--- + +# The AI Cyber Challenge + +
+ Shellphish AIxCC Logo +
+ +The [AI Cyber Challenge (AIxCC)](https://aicyberchallenge.com/) is a two-year competition sponsored by DARPA and ARPA-H, +designed to address pressing cybersecurity challenges in an increasingly interconnected world. + +Complex open-source software is part of the backbone of essential systems from financial networks to public utilities, and therefore there is a need +for autonomous, scalable, efficient, and robust AI-enabled cybersecurity solutions to identify vulnerabilities in software and fix them before they are exploited +by adversaries with disastrous consequences. + +AIxCC brings together top minds in AI and cybersecurity to develop innovative AI systems capable of safeguarding the software that +underpins critical sectors, including healthcare, transportation, and public utilities. +The competition offers a total of $29.5 million in prizes, with $7 million specifically allocated to small businesses to encourage entrepreneurial innovation. + +AIxCC is a collaboration between leading AI companies, DARPA, and ARPA-H, ensuring that +competitors have access to the latest technology and expertise. +The competition also works closely with the open-source community, emphasizing the importance of +securing open-source software, which is integral to much of the world's critical infrastructure. + +The competition takes place at DEF CON, one of the world's premier cybersecurity conferences. +The semifinals were carried out during DEF CON 2024, with the final competition at DEF CON 2025, where the top team will be awarded a $4 million prize. + +The Shellphish team participates to this competition with a novel Cyber Reasoning System (CRS), called ARTIPHISHELL, which qualified for the final competition in August 2024, +receiving a 2 million dollar award (see the [press release]({{ '/aixcc/shellphish_aixcc_qualification/' | relative_url }}) for details). + +The ARTIPHISHELL AI-based Cyber Reasoning System is the result of many year of research work from the members of the Shellphish hacker collective. +Some of the relevant works published in the last ten years are listed below. + +
    +{% for p in site.data.aixcc_publications %} +
  • + {{ p.title }} +
    + {{ p.authors }} +
    + {{ p.venue }} +
    + {{ p.where }} {{ p.when }} +
    + [ PDF, Bib ] +
    • +{% endfor %} +
diff --git a/aixcc/shellphish_aixcc_qualification.html b/aixcc/shellphish_aixcc_qualification.html deleted file mode 100644 index 3e71383..0000000 --- a/aixcc/shellphish_aixcc_qualification.html +++ /dev/null @@ -1,76 +0,0 @@ - - - - - - - AI Cyber Challenge (AIxCC) | Shellphish - - - - -
- Shellphish Logo - ARTIPHISHELL Logo -
- -

Shellphish Qualifies for the AIxCC Final Event with $2 Million Cash Award

- -

August 13, 2024 - The Shellphish hacker collective is proud to announce that their cutting-edge Cyber Reasoning System (CRS), - ARTIPHISHELL, has successfully qualified for the finals of the prestigious AI Cyber Challenge (AIxCC - https://aicyberchallenge.com/) - sponsored by DARPA and ARPA-H. This remarkable achievement comes with a significant milestone-a $2 million cash award. -The DARPA AIxCC competition brings together the brightest minds in artificial intelligence and cybersecurity, to develop novel -AI-driven systems that can find and repair the software components supporting the nation's critical infrastructure.

- -

ARTIPHISHELL's qualification for the finals is a testament to the team's dedication, innovative approach, and technical expertise in - developing advanced AI-driven solutions to address critical cybersecurity threats. -"We are thrilled to see ARTIPHISHELL making it to the final round," said Adam Doupe, CEO at Shellphish Support Syndicate -(the company supporting Shellphish's effort) and Director of the Center for Cybersecurity and Trusted Foundations at Arizona State University, -where he is an Associate Professor. "This accomplishment reflects the team's hard work and collaborative spirit. We are eager to -compete in the finals and continue pushing the boundaries of what AI and LLMs can achieve in cybersecurity." -ARTIPHISHELL has demonstrated exceptional capabilities in autonomously identifying, analyzing, and patching complex -vulnerabilities found in real-world software, making it a formidable contender in the DARPA AIxCC competition. -"This is a natural evolution of Mechanical Phish, which is the system that Shellphish developed to participate in the DARPA Cyber Grand Challenge of 2016", -said Giovanni Vigna, Professor at UC Santa Barbara. "Many ideas developed as part of other cutting-edge DARPA programs, such as CHESS, HACCS, AMP, and -HARDEN have contributed to defining the ideas at the basis of ARTIPHISHELL", said Antonio Bianchi, an Assistant Professor at Purdue University.

- -

Having been the only CRS in the competition to patch one of the identified vulnerabilities in the nginx target, the team - is looking forward to seeing how far they can advance the CRS in the upcoming year. The $2 million cash award will further support the - Shellphish team's efforts to refine and enhance ARTIPHISHELL as they prepare for the final phase of the competition, which is scheduled for - August 2025, where the seven qualifying teams will compete for not only bragging rights but also a portion of the $8.5 million of prize - money reserved for the top three. -The Shellphish team comprises professors and students from Arizona State University, Purdue University, -and UC Santa Barbara who have been collaborators for years. "It's a team with a proven record of collaboration and innovation", said -Fish Wang, an Associate Professor at Arizona State University, "and the success of ARTIPHISHELL shows the effectiveness of multi-university cooperation".

- -

The Shellphish team extends their gratitude to DARPA and ARPA-H, the competition organizers, and their supporters for this opportunity. - As the finals approach, the team remains focused on advancing their technology and contributing to the broader goal of strengthening global cybersecurity.

- -

For media inquiries, please contact media@shellphish.net.

- - -

About Shellphish

- -

Shellphish was founded in 2005 when it won the prestigious DEF CON Capture the Flag competition. - Since then, the Shellphish team has grown into a team of "hackademics" participating in both security - competitions and producing a substantial corpus of research. Shellphish also competed in the DARPA Cyber Grand Challenge (CGC) in 2016, - ultimately winning 3rd place and $750,000 in prize money with the world's first open-source cyber reasoning system, the Mechanical Phish.

- - - diff --git a/aixcc/shellphish_aixcc_qualification.md b/aixcc/shellphish_aixcc_qualification.md new file mode 100644 index 0000000..115f826 --- /dev/null +++ b/aixcc/shellphish_aixcc_qualification.md @@ -0,0 +1,69 @@ +--- +layout: default +title: "Shellphish Qualifies for the AIxCC Final Event" +permalink: /aixcc/shellphish_aixcc_qualification/ +--- + + + +
+ Shellphish Logo + ARTIPHISHELL Logo +
+ +# Shellphish Qualifies for the AIxCC Final Event with $2 Million Cash Award + +August 13, 2024 - The Shellphish hacker collective is proud to announce that their cutting-edge Cyber Reasoning System (CRS), +ARTIPHISHELL, has successfully qualified for the finals of the prestigious AI Cyber Challenge (AIxCC - ) +sponsored by DARPA and ARPA-H. This remarkable achievement comes with a significant milestone—a $2 million cash award. +The DARPA AIxCC competition brings together the brightest minds in artificial intelligence and cybersecurity, to develop novel +AI-driven systems that can find and repair the software components supporting the nation's critical infrastructure. + +ARTIPHISHELL's qualification for the finals is a testament to the team's dedication, innovative approach, and technical expertise in +developing advanced AI-driven solutions to address critical cybersecurity threats. +"We are thrilled to see ARTIPHISHELL making it to the final round," said Adam Doupe, CEO at Shellphish Support Syndicate +(the company supporting Shellphish's effort) and Director of the Center for Cybersecurity and Trusted Foundations at Arizona State University, +where he is an Associate Professor. "This accomplishment reflects the team's hard work and collaborative spirit. We are eager to +compete in the finals and continue pushing the boundaries of what AI and LLMs can achieve in cybersecurity." +ARTIPHISHELL has demonstrated exceptional capabilities in autonomously identifying, analyzing, and patching complex +vulnerabilities found in real-world software, making it a formidable contender in the DARPA AIxCC competition. +"This is a natural evolution of Mechanical Phish, which is the system that Shellphish developed to participate in the DARPA Cyber Grand Challenge of 2016", +said Giovanni Vigna, Professor at UC Santa Barbara. "Many ideas developed as part of other cutting-edge DARPA programs, such as CHESS, HACCS, AMP, and +HARDEN have contributed to defining the ideas at the basis of ARTIPHISHELL", said Antonio Bianchi, an Assistant Professor at Purdue University. + +Having been the only CRS in the competition to patch one of the identified vulnerabilities in the nginx target, the team +is looking forward to seeing how far they can advance the CRS in the upcoming year. The $2 million cash award will further support the +Shellphish team's efforts to refine and enhance ARTIPHISHELL as they prepare for the final phase of the competition, which is scheduled for +August 2025, where the seven qualifying teams will compete for not only bragging rights but also a portion of the $8.5 million of prize +money reserved for the top three. +The Shellphish team comprises professors and students from Arizona State University, Purdue University, +and UC Santa Barbara who have been collaborators for years. "It's a team with a proven record of collaboration and innovation", said +Fish Wang, an Associate Professor at Arizona State University, "and the success of ARTIPHISHELL shows the effectiveness of multi-university cooperation". + +The Shellphish team extends their gratitude to DARPA and ARPA-H, the competition organizers, and their supporters for this opportunity. +As the finals approach, the team remains focused on advancing their technology and contributing to the broader goal of strengthening global cybersecurity. + +For media inquiries, please contact . + +## About Shellphish + +Shellphish was founded in 2005 when it won the prestigious DEF CON Capture the Flag competition. +Since then, the Shellphish team has grown into a team of "hackademics" participating in both security +competitions and producing a substantial corpus of research. Shellphish also competed in the DARPA Cyber Grand Challenge (CGC) in 2016, +ultimately winning 3rd place and $750,000 in prize money with the world's first open-source cyber reasoning system, the Mechanical Phish. diff --git a/cgc/index.html b/cgc/index.html deleted file mode 100644 index d80a5a5..0000000 --- a/cgc/index.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - The Cyber Grand Challenge | Shellphish - - - - -

The Cyber Grand Challenge

- -
- - Shellphish CGC Logo - -
- - -

In 2014, with no battle plan and little idea of what it would do to our lives, Shellphish signed up for the DARPA Cyber Cyber Grand Challenge. -The CGC was a competition to create autonomous hacking systems that went head-to-head against each other in a no-humans-allowed computer hacking match. -This had never been done before. -There was no blueprint, and no one, especially not us, knew quite what to expect.

- -

The competition was challenging beyond anything we had experienced before. -To qualify for the final event, we had to defeat many established security companies and researcher labs, with a system that we had to build in what little time we had left over from research and classes. -In the leadup to the final event, our team was pushed to the limit as we faced ever-increasing pressure to finish our system in time.

- -

In the end, we made it. -This page is a central archive to hold the story of our participation in the CGC, track various things written about it around the internet, and provide a central index for our proud open-sourcing of the Mechanical Phish.

- -

The Event

- -

Our autonomous cyber-creature, the Mechanical Phish faced off against six other cleverly-named competitors and fought well, winning third place and a $750,000 prize (in addition to the $750,000 qualification award).

- -

It was the top system not developed by a corporation, beating systems made by companies such as Raytheon, the best-ranking system on offense, and the second-best on defense. -It also marked the beginning of the obsolescence of humanity from yet another field…

- - -
- - The CGC Scoreboard - - -
- - -

The Team

- - -
- - The Shellphish Team - - -
- - -

From Left to Right:

- -
-
Antonio Bianchi (anton00b)
-
“FIXME”
-
Kevin Borgolte (cao)
-
Scheduling, Infrastructure
-
Jacopo Corbetta (hacopo)
-
Resident Know-it-all
-
Francesco Disperati (nebirhos)
-
Chief Surfing Officer, Infrastructure
-
Audrey Dutcher (rhelmot)
-
Second Youngest Program Analysis Expert
-
Giovanni Vigna (zanardi)
-
The Professor - Hackademic Representative
-
Aravind Machiry (donfos)
-
Hack -> Crossfit -> Repeat
-
Chris Salls (salls)
-
Automated Exploitation Engine
-
Yan Shoshitaishvili (zardus)
-
Fearless(?) Captain
-
Nick Stephens (mike_pizza)
-
Chief Intern and Third Youngest Automated Exploitation Expert
-
Ruoyu Wang (fish)
-
Fish, Human CRS
-
- -

Not in the Picture:

- -
-
John Grosen (nezorg)
-
Youngest Program Analysis Expert
-
Paul Grosen (paul)
-
Youngest Program Analysis Intern, knows x86 better than you
-
- -

Our Tools

- -

As hackademics, we want to push forward the scope of what is possible.
-To that end, we are open-sourcing every last line of code of the Mechanical Phish for the community to use, learn from, and build on!

- -

The Cyber Grand Challenge was the first time anything like this was attempted in the security world. -As such, Mechanical Phish is an extremely complicated piece of software, with an absurd amount of components.
-No blueprint for doing this existed before the CGC, so we had to figure things out as we went along.
-Unfortunately, rather than being a software development shop, we are a “mysterious hacker collective”.
-This means that Mechanical Phish has some rough components, missing documentation, and ghosts in the machine. -Our hope is that, going forward, we can polish and extend Mechanical Phish, as a community, to continue to push the limits of automated hacking.
-For now, keep in mind that this was never designed to be turn-key, might not install without extreme effort, and might not work without a lot of tweaking. -Otherwise, have at it!

- -

We have split the components of the Mechanical Phish up to form three categories:

- -
    -

  • The underlying binary analysis framework, angr angr

    • - -

  • Components that can be used as standalone tools in security research and CTF competitions, such as Driller -driller (our crash discovery technique), Rexrex (our automated exploitation tool), Patcherex patcherex (for automated patching), and angropangrop (our automatic ropchain builder).

    • - -

  • The glue components docs of the Mechanical Phish, containing everything specific to the CGC itself.

    • -
- -

Want to Know More?

- -

The Cyber Grand Challenge drew intense media attention. -We’ve compiled the set of media articles here that show us in the best possible light. Enjoy!

- -

Videos

- - - -

Articles

- - - -

Papers

- -
    -
  • Cyber Grand Shellphish, Phrack Magazine, 2017.
    • -
  • Mechanical Phish: Resilient Autonomous Hacking, Yan Shoshitaishvili, Antonio Bianchi, Kevin Borgolte, Amat Cama, Jacopo Corbetta, Francesco Disperati, Audrey Dutcher, John Grosen, Paul Grosen, Aravind Machiry, Chris Salls, Nick Stephens, Ruoyu Wang, Giovanni Vigna, IEEE Security and Privacy Magazine, vol. 16, no. 2, March 2018.
    • -
- -

You can contact the Shellphish CGC team at cgc@shellphish.net.

- - - diff --git a/cgc/index.md b/cgc/index.md new file mode 100644 index 0000000..3ec1b28 --- /dev/null +++ b/cgc/index.md @@ -0,0 +1,124 @@ +--- +layout: default +title: The Cyber Grand Challenge +permalink: /cgc/ +--- + +# The Cyber Grand Challenge + +
+ Shellphish CGC Logo +
+ +In 2014, with no battle plan and little idea of what it would do to our lives, Shellphish signed up for the DARPA Cyber Cyber Grand Challenge. +The CGC was a competition to create autonomous hacking systems that went head-to-head against each other in a no-humans-allowed computer hacking match. +This had never been done before. +There was no blueprint, and no one, *especially* not us, knew quite what to expect. + +The competition was challenging beyond anything we had experienced before. +To qualify for the final event, we had to defeat many established security companies and researcher labs, with a system that we had to build in what little time we had left over from research and classes. +In the leadup to the final event, our team was pushed to the limit as we faced ever-increasing pressure to finish our system in time. + +In the end, we made it. +This page is a central archive to hold the story of our participation in the CGC, track various things written about it around the internet, and provide a central index for our proud open-sourcing of the Mechanical Phish. + +## The Event + +Our autonomous cyber-creature, the Mechanical Phish faced off against six other cleverly-named competitors and fought well, winning third place and a $750,000 prize (in addition to the $750,000 qualification award). + +It was the top system not developed by a corporation, beating systems made by companies such as Raytheon, the best-ranking system on offense, and the second-best on defense. +It also marked the beginning of the obsolescence of humanity from yet another field… + +
+ The CGC Scoreboard +
+ +## The Team + +
+ The Shellphish Team +
+ +From Left to Right: + +
+
Antonio Bianchi (anton00b)
+
“FIXME”
+
Kevin Borgolte (cao)
+
Scheduling, Infrastructure
+
Jacopo Corbetta (hacopo)
+
Resident Know-it-all
+
Francesco Disperati (nebirhos)
+
Chief Surfing Officer, Infrastructure
+
Audrey Dutcher (rhelmot)
+
Second Youngest Program Analysis Expert
+
Giovanni Vigna (zanardi)
+
The Professor - Hackademic Representative
+
Aravind Machiry (donfos)
+
Hack -> Crossfit -> Repeat
+
Chris Salls (salls)
+
Automated Exploitation Engine
+
Yan Shoshitaishvili (zardus)
+
Fearless(?) Captain
+
Nick Stephens (mike_pizza)
+
Chief Intern and Third Youngest Automated Exploitation Expert
+
Ruoyu Wang (fish)
+
Fish, Human CRS
+
+ +Not in the Picture: + +
+
John Grosen (nezorg)
+
Youngest Program Analysis Expert
+
Paul Grosen (paul)
+
Youngest Program Analysis Intern, knows x86 better than you
+
+ +## Our Tools + +As hackademics, we want to push forward the scope of what is possible.\ +To that end, we are open-sourcing every last line of code of the Mechanical Phish for the community to use, learn from, and build on! + +The Cyber Grand Challenge was the first time anything like this was attempted in the security world. +As such, Mechanical Phish is an extremely complicated piece of software, with an absurd amount of components.\ +No blueprint for doing this existed before the CGC, so we had to figure things out as we went along.\ +Unfortunately, rather than being a software development shop, we are a "mysterious hacker collective".\ +This means that Mechanical Phish has some rough components, missing documentation, and ghosts in the machine. +Our hope is that, going forward, we can polish and extend Mechanical Phish, as a community, to continue to push the limits of automated hacking.\ +For now, keep in mind that this was never designed to be turn-key, might not install without extreme effort, and might not work without a lot of tweaking. +Otherwise, have at it! + +We have split the components of the Mechanical Phish up to form three categories: + +- The underlying binary analysis framework, [angr](https://github.com/angr/angr) ![angr](https://img.shields.io/github/stars/angr/angr.svg?style=social&label=angr) + +- Components that can be used as standalone tools in security research and CTF competitions, such as [*Driller*](https://github.com/shellphish/driller) ![driller](https://img.shields.io/github/stars/shellphish/driller.svg?style=social&label=Driller) (our crash discovery technique), [*Rex*](https://github.com/shellphish/rex) ![rex](https://img.shields.io/github/stars/shellphish/rex.svg?style=social&label=Rex) (our automated exploitation tool), [*Patcherex*](https://github.com/shellphish/patcherex) ![patcherex](https://img.shields.io/github/stars/shellphish/patcherex.svg?style=social&label=Patcherex) (for automated patching), and [*angrop*](https://github.com/salls/angrop) ![angrop](https://img.shields.io/github/stars/salls/angrop.svg?style=social&label=angrop) (our automatic ropchain builder). + +- The [glue components](https://github.com/mechaphish/mecha-docs) ![docs](https://img.shields.io/github/stars/mechaphish/mecha-docs.svg?style=social&label=Docs) of the Mechanical Phish, containing everything specific to the CGC itself. + +## Want to Know More? + +The Cyber Grand Challenge drew intense media attention. +We've compiled the set of media articles here that show us in the best possible light. Enjoy! + +### Videos + +- [DARPA's Cyber Grand Challenge: The Highlights from the Final Event](https://www.youtube.com/watch?v=v5ghK6yUJv4) +- [DARPA's Cyber Grand Challenge: Final Event Program](https://www.youtube.com/watch?v=n0kn4mDXY6I) +- [Team Shellphish: DARPA's Cyber Grand Challenge](https://www.youtube.com/watch?v=9y5Myzt7Zaw) +- [New York Times Interview (Facebook Live)](https://www.facebook.com/nytimes/videos/10150864919889999/) + +### Articles + +- [Mechanical Phish auto-exploit auto-patch kit lands on GitHub, The Register](http://www.theregister.co.uk/2016/08/22/mechanical_phish_autoexploit_autopatch_kit_lands_on_github/) +- [Will Humans or Bots Rule Cybersecurity? The Answer Is Yes, Wired](http://www.wired.com/2016/08/will-humans-bots-rule-cybersecurity-answer-yes/?mbid=social_twitter) +- [Cyber-Gladiators, The UCSB Current](http://www.news.ucsb.edu/2016/017082/cyber-gladiators) +- [These grad students want to make history by crushing the world's hackers, Yahoo Finance](http://finance.yahoo.com/news/cyber-grand-challenge-darpa-team-000000358.html) + +### Papers + +- [Cyber Grand Shellphish](http://www.phrack.org/papers/cyber_grand_shellphish.html), Phrack Magazine, 2017. +- [Mechanical Phish: Resilient Autonomous Hacking](https://ieeexplore.ieee.org/document/8328966), Yan Shoshitaishvili, Antonio Bianchi, Kevin Borgolte, Amat Cama, Jacopo Corbetta, Francesco Disperati, Audrey Dutcher, John Grosen, Paul Grosen, Aravind Machiry, Chris Salls, Nick Stephens, Ruoyu Wang, Giovanni Vigna, IEEE Security and Privacy Magazine, vol. 16, no. 2, March 2018. + +You can contact the Shellphish CGC team at [cgc@shellphish.net](mailto:cgc@shellphish.net). diff --git a/index.html b/index.html deleted file mode 100644 index 9b6f18e..0000000 --- a/index.html +++ /dev/null @@ -1,43 +0,0 @@ - - - - - - - Shellphish - - - - -

- -
- - Shellphish - -
- - -

Shellphish pursues the joy of hacking.

- -

Shellphish is a team of hackers that was founded by Professor Giovanni Vigna at UC Santa Barbara in 2005 to participate in the DEF CON CTF with his graduate students.

- -

Since then, Shellphish has evolved into a group that includes dozens of individuals (students - now professors elsewhere, their students, their friends, visiting researchers, enthusiasts, etc.) who are now spread all across the world, from the United States to France, from China to Austria, from Senegal to Italy.

- -

Shellphish participated in more DEF CON CTF competitions than any other team in the world. -In addition, in 2016 Shellphish participated in the DARPA Cyber Grand Challenge (CGC) competition with its autonomous hacking system, Mechanical Phish, which is the very first publicly available system of its kind.

- -

Even though its members organize and participate in hacking competitions, Shellphish is more than a hacking team. -Shellphish is characterized by a “hackademic” background, and its mission is to explore the science behind hacking, looking for novel approaches to break and fix real-world systems.

- -

Shellphish strives to make every member feel welcome, supported, and safe. -Shellphish believes in inclusion, diversity, and the fun that comes with hacking everything.

- - - diff --git a/index.md b/index.md new file mode 100644 index 0000000..7b3de74 --- /dev/null +++ b/index.md @@ -0,0 +1,27 @@ +--- +layout: default +title: Home +--- + +

+ +
+ + Shellphish + +
+ +Shellphish pursues the joy of hacking. + +Shellphish is a team of hackers that was founded by Professor Giovanni Vigna at UC Santa Barbara in 2005 to participate in the DEF CON CTF with his graduate students. + +Since then, Shellphish has evolved into a group that includes dozens of individuals (students - now professors elsewhere, their students, their friends, visiting researchers, enthusiasts, etc.) who are now spread all across the world, from the United States to France, from China to Austria, from Senegal to Italy. + +Shellphish participated in more DEF CON CTF competitions than any other team in the world. +In addition, in 2016 Shellphish participated in the DARPA Cyber Grand Challenge (CGC) competition with its autonomous hacking system, Mechanical Phish, which is the very first publicly available system of its kind. + +Even though its members organize and participate in hacking competitions, Shellphish is more than a hacking team. +Shellphish is characterized by a "hackademic" background, and its mission is to explore the science behind hacking, looking for novel approaches to break and fix real-world systems. + +Shellphish strives to make every member feel welcome, supported, and safe. +Shellphish believes in inclusion, diversity, and the fun that comes with hacking everything. diff --git a/members/index.html b/members/index.html deleted file mode 100644 index a6c7cab..0000000 --- a/members/index.html +++ /dev/null @@ -1,228 +0,0 @@ - - - - - - - Members | Shellphish - - - - -

Members

-
-
zanardi/z4n4rd1
-
Giovanni Vigna
-
Founded the team in 2005
-
void
-
Joined in 2005
-
sicko
-
Joined in 2005
-
beetal
-
Joined in 2005
-
nullptr
-
Joined in 2005
-
ViRus
-
Vika Felmetsger
-
Joined in 2005
-
weaver
-
Joined in 2005
-
irish
-
Joined in 2005
-
deadi
-
Joined in 2005
-
balzaroth
-
Davide Balzarotti
-
Joined in 2005
-
marco
-
Marco Cova
-
Joined in 2006
-
collin
-
Collin Mulliner
-
Joined in 2006
-
odo
-
Sean Ford
-
Joined in 2008
-
engiman
-
Joined in 2008
-
gigi sullivan
-
Joined in 2008
-
voltaire
-
Joined in 2008
-
adamd
-
Adam Doupé
-
Joined in 2008
-
cavedon
-
Ludovico Cavedon
-
Joined in 2009
-
bboe
-
Bryce Boe
-
Joined in 2009
-
zardus
-
Yan Shoshitaishvili
-
Joined in 2009
-
pizzaman
-
Joined in 2009
-
freeman
-
Joined in 2009
-
invernizzi
-
Luca Invernizzi
-
Joined in 2009
-
gianluca
-
Joined in 2010
-
hunt3r
-
Joined in 2010
-
reyammer
-
Yanick “reyammer” Fratantonio
-
Joined in 2010
-
dhilung
-
Dhilung Kirat
-
Joined in 2010
-
spjsschl
-
Johannes Schlumberger
-
Joined in 2010
-
greg
-
Gregoire Jacob
-
Joined in 2011
-
anton00b
-
Antonio Bianchi
-
Joined in 2011
-
hacopo
-
Jacopo Corbetta
-
Joined in 2011
-
mw
-
Michael Weissbacher
-
Joined in 2011
-
cao
-
Kevin Borgolte
-
Joined in 2012
-
fish
-
Joined in 2013
-
jay
-
Joined in 2013
-
kereoz
-
Joined in 2014
-
ocean
-
Joined in 2014
-
rhelmot
-
Audrey Dutcher
-
Joined in 2014
-
venom00
-
Joined in 2014
-
donfos
-
Aravind Machiry
-
Joined in 2014
-
badnack
-
Joined in 2014
-
subwire
-
Eric Gustafson
-
Joined in 2014
-
acez
-
Joined in 2014
-
salls
-
Joined in 2014
-
spermachine
-
Joined in 2015
-
nezorg
-
Joined in 2015
-
crowell
-
Joined in 2015
-
shortman
-
Joined in 2015
-
situation
-
Joined in 2015
-
mpizza
-
Joined in 2016
-
conand
-
Andrea Continella
-
Joined in 2016
-
nebirhos
-
Joined in 2016
-
lockshaw
-
Colin Unger
-
Joined in 2016
-
sartina
-
Joined in 2016
-
init
-
Joined in 2017
-
honululu
-
Joined in 2017
-
sherlock
-
Joined in 2017
-
mightymo
-
Joined in 2017
-
9yte
-
Joined in 2017
-
phate
-
Sebastiano Mariani
-
Joined in 2017
-
cub01d
-
Joined in 2017
-
dex
-
Joined in 2017
-
mahaloz
-
Zion Leonahenahe Basque
-
Joined in 2018
-
kanak
-
Joined in 2018
-
clasm
-
Joined in 2018
-
kylebot
-
Joined in 2018
-
gkrishna
-
Joined in 2018
-
4rbit3r
-
Joined in 2018
-
degrigis
-
Joined in 2018
-
eugenek
-
Joined in 2018
-
DuSu
-
Joined in 2018
-
saagarjha
-
Joined in 2018
-
overwatch
-
Joined in 2019
-
mdy
-
Joined in 2019
-
yuzu
-
Joined in 2019
-
cinderella
-
Joined in 2019
-
Samuel
-
Joined in 2019
-
GH0S1
-
Bader AlBassam
-
Joined in 2019
-
frqmod
-
Joined in 2020
-
pagabuc
-
Fabio Pagani
-
Joined in 2020
-
F4_U57
-
Jude O'Kain
-
Joined in 2021
-
mzakocs
-
Mitchell Zakocs
-
Joined in 2021
-
xenia
-
xenia dragon
-
Joined in 2022
-
zolutal
-
Jennifer Miller
-
Joined in 2022
-
Flipout50
-
Caden Thomas Sounart
-
Joined in 2022
-
x3ero0
-
Pulkit Singh Singaria
-
Joined in 2022
-
- - diff --git a/members/index.md b/members/index.md new file mode 100644 index 0000000..00f2a1a --- /dev/null +++ b/members/index.md @@ -0,0 +1,16 @@ +--- +layout: default +title: Members +permalink: /members/ +--- + +# Members + +
+{% for m in site.data.members -%} +
{% if m.emphasized %}{{ m.handle }}{% else %}{{ m.handle }}{% endif %}
+ {% if m.name %}
{{ m.name }}
{% endif %} + {% if m.note %}
{{ m.note }}
{% endif %} + {% if m.joined %}
Joined in {{ m.joined }}
{% endif %} +{% endfor -%} +