DARPA Cyber Grand Challenge era coming to a close

This Thursday, seven research institutions will compete against each other.  Unlike other typical hacker challenges, their automations will compete on their behalf.  The winning team will take home $2,000,000.00.  The automated programs will crack, patch, and defend applications / networks.  I will be there with my teammates as our program cracks and hacks.  You should come on by and cheer us on.  The live feed may be found @ https://www.cybergrandchallenge.com/  

 

3 years in the making

It has been an exciting three years.  So exciting that I have been writing blog posts about it during the progression of the team and competition.  After Friday, I am allowed to publish this series.

 

 The Team and Competition

It has been an interesting competition with my global peers.  While others are savants with regards to patching; my education, experience, and skill set lends itself naturally to software program cracking at big data scale and defending cloud networks with no human intervention in a minor capacity.  We plan to prove the world Skynet is nearly upon us.  However, when we all came together, we had a negative outlook we had to turn around: the techniques and automation required is subtle enough that it is not clear if the programs will be able to attack and defend at scale.

 

The series will cover the following red team at scale subject matters and philosophies

Red Teaming Intro

   CAPEC

   Risk glasses and bias

   Possibilities and space

   Irrational and rational behaviors

   Strategies

   Mitigation and / or acceptance

   Conflict avoidance

   Continuity

   Game theory and interactions

   PTES and NIST 800-115

   To adapt or not?

 

Scope

   Purpose, scope, hypothesis, and excellence criteria

   Design

   Execution

   Monitoring and real-time analysis

   Post

   Documentation

   Feedback loop

 

Legal Ethics and Layer 8

   Business cases

   Accountability

   Budget estimation

 

The way to at scale red teaming

   System thinking

   Highly scalable systems’ and architecture designs pros / cons

   CAP theorem

   Orchestration and Workflows

   Purple simulations

   Reflections

   Measuring intelligence

 

Mandatory Answers

   End results in what context and time?

   The big picture value-add?

   Which methods apply to achieve excellence?

   How do we build capacity to deliver?

   Which fundamentals need to be in place?

   How much and which resources (human capital, compute, political) are desired vs. needed?

   Total Cost of Ownership?

   Best value?  Or script kiddy?

 

Measuring is Hard

   Beware

   What is an effect?

   Analytics

   Intentional behaviors

   Systems

   Risk and the Unknown

   Noise and deliberate behaviors

   SIRA Book of Common Knowledge

   Key performance indicators

                    General theories of performance

   Analytics

                    Motivations and emulations

                    When is a challenge not a challenge?

                    Plans and concepts

                    Sensors and Effectors

                    Risk

   Pragmatic Dogma

                    Classical problem solving

                    Different red team and cracking pedagogies

 

Compute

   Ingredients

   Experimentation

   Hypothesis generation

   Scientific method and experimentation

   Search and Optimization

   Blind vs. Knowledge optimizations

   System vs. Negotiation optimizations

   Emulations at small scale

   Emulations at large scale

 

Results

   Fidelity

   Mining

   Analysis

   6V

   Architecture and Storage

   Real-time or close enough?

   Common Information Modeling

   Historical forms

   Current forms

   DARPA Cyber Grand Challenge forms

   Genetic development forms

   Advanced forms

 

I think therefore I am

   Scenarios

   Is it really a risk?  Residual risk? Vulnerability or foothold?

   Possibilities and plausibilities

   Modeling complex systems

   Capability modeling

   Strategies

   Network, physical, and socio-economic models

 

Algorithms

   Challengers

   Simulators

   Motivators

   Emulations

   Context enrichment and optimization

   Response

   Mining

   Behavioral mining

   Dealing with complexity

 

The Cyber Grand future

   Future work

   Where do we go?

   Techniques and computational methodologies to be fleshed out

   Applications

 

Please subscribe to this blog so you may be kept up to date as the posts roll out.