Why ForAllSecure is on MIT Technology Review’s 2017 List of Smartest Companies

I am honored to share that ForAllSecure has been named to MIT Technology Review’s 2017 list of 50 Smartest Companies.   According to the MIT Tech Review team, to make the list, a company must exhibit technological leadership and business acumen, which set them apart from competitors. 

Nanette Byrnes, senior editor for MIT Tech Review business..

Read More

Case Study: LEGIT_00004

LEGIT_00004 was a challenge from Defcon CTF that implemented a file system in memory. The intended bug was a tricky memory leak that the challenge author didn't expect Mayhem to get. However, Mayhem found an unintended null-byte overwrite bug that it leveraged to gain arbitrary code execution. We heard that other teams noticed this bug, but..

Read More

Mayhem Wins DARPA CGC

Mayhem is a fully autonomous system for finding and fixing computer security vulnerabilities.On Thursday, August 4, 2016, Mayhem competed in the historical DARPA Cyber Grand Challenge against other computers in a fully automatic hacking contest...and won.  The team walked away with $2 million dollars, which ForAllSecure will use to continue its..

Read More

Why CGC Matters to Me

By David Brumley

In 2008 I started as a new assistant professor at CMU. I sat down, thought hard about what I had learned from graduate school, and tried to figure out what to do next. My advisor in graduate school was Dawn Song, one of the top scholars in computer security. She would go on to win a MacArthur "Genius" Award in 2010. She's a..

Read More

Live Streaming Security Games

Aside from our cool research, ForAllSecure also works on creating fun and engaging games to promote computer security. Just about every employee in our company has been involved in Capture the Flag exercises for the past several years, and we have been hosting these online events for our customers for about 3 years now. One of our big dreams is..

Read More

The Motivation and Design Behind Autogenerated Challenges

In nearly all CTF competitions organizers spend dozens of hours creating challenges that are compiled once with no thought for variation or alternate deployments. For example, a challenge may hard-code in a flag, making it hard to change later, or hard-code in a system-specific resource.

At ForAllSecure, we are working to build automatically..

Read More

New Year, New Website, and New Blog!

Although we have been very busy at ForAllSecure, we finally got the time to redo our website, huzzah! This website is a bit more pleasing on the eyes, and we hope to add more up-to-date information about our projects and what we're up to.

Read More

Unleashing the Mayhem CRS

In June, ForAllSecure participated in DARPA's Cyber Grand Challenge (CGC) Qualification Event (CQE) 1. During the event our automated system tweeted its progress, and to continue the trend of openness, we decided to publish a writeup of some more details about our system. Our team, Thanassis Avgerinos, David Brumley, John Davis, Ryan Goulden,..

Read More

Categories

Stay Connected

Information Management Today

Subscribe to updates