Mayhem Blog
Expert insights and tips on application security, API security, and other DevSecOps topics.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Open Source Security Podcast EP. 151 - The DARPA Cyber Grand Challenge With David Brumley
Open Source Security Podcast helps listeners better understand security topics of the day. In this episode, David Brumley reflects on the ForAllSecure DARPA CGC win and how it offers a glimpse into the future of autonomous security.
Top 5 Takeaways From The “ForAllSecure Makes Software Security Automous” Livestream
In February 2019, Dr. David Brumley, ForAllSecure CEO, and Zach Walker, DIU project manager, discussed how Mayhem, ForAllSecure’s behavior testing solution, has helped secure the Department of Defense’s most critical platforms.
A Reflection On ForAllSecure's Journey In Bootstrapping Behavior Testing Technology
Learn how we sought to uncover the right solution to address the persistent software security issues that have existed in the market for over two decades. We began our research in a university lab, where a brand new technology was born...
Applying Cyber Grand Challenge Technology To Real Software
Looking at the history of reports, objdump was ripe for additional fuzzing enhanced by symbolic execution. Most of the bugs visible to existing fuzzing tools were already found and patched. If any more bugs were to be discovered by Mayhem, this would be a great indicator that Mayhem can find things other tools cannot.
Case Study: LEGIT_00004
LEGIT_00004 was a challenge from Defcon CTF that implemented a file system in memory. The intended bug was a tricky memory leak that the challenge author didn't expect Mayhem to get. However, Mayhem found an unintended null-byte overwrite bug that it leveraged to gain arbitrary code execution.