Several of us at GrammaTech, along with many talented people from UVA, recently participated in DARPA's Cyber Grand Challenge (CGC) as Team TECHx. The challenge in CGC was to build an autonomous Cyber Reasoning System (CRS) capable of playing in a "Capture The Flag" (CTF) hacking competition. Our system was called Xandra.
Each system was responsible for defending network services while proving vulnerabilities ("capturing flags") in other systems' defended services.
The challenge started back in 2014. In two years, what was initially over 100 teams whittled down through qualifying events to just 7 teams in the final event. During the final event, DARPA distributed Challenge Binaries (CBs) that implemented network services and that had been specifically crafted to have different vulnerabilities1. Each CRS was responsible for fielding a version of each of these CBs, which could be attacked by competitor CRSes. The trick was that CRSes could both re-write CBs to make them less vulnerable while simultaneously trying to exploit the vulnerabilities in other systems' CBs. Each time a CRS was able to successfully attack another CRS's CB, it gained points. Each time a CRS's fielded CB was successfully attacked, it lost points. In the end, our system, Xandra, did very well (2nd place!) with what I would classify a combination of good defense, good availability, and average offense.
Xandra on the CGC stage.