Cyber Team Secures Winning Spot in Rapid Prototyping Challenge

CAMBRIDGE, MA—Examples of cyber-attacks are all around us—even sophisticated government drones are not immune. With critical infrastructure potentially at risk, from utility grids to banking systems, cybersecurity experts are warning that the digital battlefield of the future is already upon us.

Recognizing that the best defense is a good offense, Draper put its offensive cyber expertise to the test in a recent competition—and came out on top. Draper, led by its BreakerSpace cyber experts, won a rapid prototyping event that focused on evading detection of a cyber attack in a simulated U.S. Cyber Command battlefield.

The team developed a malware evasion prototype to avoid automated and manual malware detection during The Chameleon and the Snake competition, which was conducted at the DreamPort facility in Maryland from Sept. 17 to 20.

Pitting their prototype against advanced defensive tool suites, the Draper team created software code using a process called binary obfuscation that made it difficult for humans and automated analyses to detect their handiwork. The team’s Twisted Mirror framework is specially designed to allow various obfuscation techniques to be chained together to create a compounding effect, increasing the difficulty to manually or automatically analyze or deobfuscate binaries.

Paul Rosenstrach, principal director of special programs at Draper, said the company continues to develop ways to showcase its cybersecurity skillsets in realistic environments. “In cyber warfare, the front line is everywhere, and that makes offensive cyber capabilities both an important force-multiplier for conventional capabilities as well as an independent asset. Draper’s top place in the offensive cyber category shows how we can defeat security defenses and discover and understand exploitable vulnerabilities quickly.”

He added that Draper anticipates more opportunities to further demonstrate its understanding of the cyber battlefield and USCYBERCOM’s missions. Draper aims to participate in a DreamPort rapid prototyping event in early December.

Draper built its BreakerSpace as an offensive security lab on its deep experience in cybersecurity. BreakerSpace efforts have identified vulnerabilities in more than 100 software products and hardware devices to date. Using a top-tier hacker’s insight and Draper-developed tools, BreakerSpace finds vulnerabilities that commercially available software tools alone can miss, knowledge that developers can use to protect the most critical systems from malicious attacks.