Mayhem Blog

Open Source Security Podcast helps listeners better understand security topics of the day. In this episode, David Brumley reflects on the ForAllSecure DARPA CGC win and how it offers a glimpse into the future of autonomous security.

In February 2019, Dr. David Brumley, ForAllSecure CEO, and Zach Walker, DIU project manager, discussed how Mayhem, ForAllSecure’s behavior testing solution, has helped secure the Department of Defense’s most critical platforms.

ForAllSecure raises $15M in series A funding, led by New Enterprise Associates.

Learn how we sought to uncover the right solution to address the persistent software security issues that have existed in the market for over two decades. We began our research in a university lab, where a brand new technology was born...

I am truly honored to share that I have been named to MIT Technology Review’s prestigious annual list of Innovators Under 35 as a Pioneer.

Looking at the history of reports, objdump was ripe for additional fuzzing enhanced by symbolic execution. Most of the bugs visible to existing fuzzing tools were already found and patched. If any more bugs were to be discovered by Mayhem, this would be a great indicator that Mayhem can find things other tools cannot.

LEGIT_00004 was a challenge from Defcon CTF that implemented a file system in memory. The intended bug was a tricky memory leak that the challenge author didn't expect Mayhem to get. However, Mayhem found an unintended null-byte overwrite bug that it leveraged to gain arbitrary code execution.

Mayhem is a fully autonomous system for finding and fixing computer security vulnerabilities. On Thursday, August 4, 2016, Mayhem competed in the historical DARPA Cyber Grand Challenge against other computers in a fully automatic hacking contest...and won.

Why am I excited about the DARPA Cyber Grand Challenge (CGC)? CGC gives the world, for the first time, an objective competition to measure how well different automated tools work on a level playing field.