FuzzBomb

SIFT led the FuzzBomb project for the 2015 DARPA Cyber Grand Challenge (CGC).  FuzzBomb is a fully autonomous cyber reasoning system that automatically identifies vulnerabilities in stripped binary programs and then repairs the program by automatically rewriting the executable.

FuzzBomb uses static analysis methods to extract the control flow graph (CFG) of an executable and identify potential vulnerabilities, and then it performs dynamic symbolic execution technology to rapidly traverse the control flow of an executable and verify these vulnerabilities.  Finally, it uses novel binary rewriting technology to inject safeguards to protect the program's memory and control flow, ultimately preventing exploitation of the program.

SIFT teamed with the University of Minnesota for the FuzzBomb project.