Overview of released samples

These samples were provided to competitors in the run up to each event within the Cyber Grand Challenge. Each challenge was intended to forecast difficult problems the competitors would be face.

Qualifying Event

For the qualifying event, the first challenges to be released, LUNGE_00002 and CADET_00001 were intended to forecast a potential goalpost for the competition.

CADET_00001 demonstrated a classic stack based buffer overflow.

LUNGE_00002 demonstrated memory corruption via a reverse stack walk vulnerability, gated by a complex precondition, recreating the MS-08-067 vulnerability.

Additional samples, LUNGE_00003 and LUNGE_00004, were released to released to demonstrate the flexibility of the IPC mechanism supported by DECREE.

Final Event

For the final event, the first challenges released, CADET_00003 and EAGLE_00005, provided potential goalpost examples of some of the complexities required in the proofs of vulnerabilities required for the final event.

The POV included in CADET_00003 was implemented in the reference POVXML format and provided no dynamic computation.

The POV included in EAGLE_00005 performed state machine manipulation within the challenge, and would choose at runtime to prove a type 1 or type 2 vulnerability.

Curated by Lunge Technology, LLC. Questions or comments? Send us email