Microsoft BlueHat Prize Winners

A little over 900 invited guests attended Microsoft's Black Hat USA Researcher Appreciation Party inside the Marquee Nightclub at The Cosmopolitan in Las Vegas. Microsoft announced the BlueHat Prize winners and handed out a boatload of money to three security researchers.

At Microsoft's Black Hat USA Researcher Appreciation Party, the company announced the winners of its BlueHat Prize. The party was packed with about 900 invited guests. On stage were a DJ and two women dancing to pounding techno beats inside the Marquee Nightclub at The Cosmopolitan.

Then Microsoft had the grand announcement.

Jared DeMott won the third prize that was originally an MSDN subscription valued at $10,000. However, after the crowd of rowdy partygoers booed that, Microsoft generously said okay then $10,000 and a MSDN subscription.

DeMott is a security researcher and part of the ACME Pharm CTF team. He teaches the class "Application Security: for Hackers and Developers." His BlueHat Prize entry was a novel defensive that "lowers the effect of address space disclosures and mitigates known return-oriented programming (ROP) exploits. '/ROP,' as it is named, operates by checking that the target address of every (intended or unintended) return instruction is safe. This works because current ROP exploits contain return instructions. The protection is not perfect, but operates quickly and integrates cleanly with Microsoft technology."

The second prize of $50,000 was awarded to Ivan Fratric who, unfortunately, I don't have a decent picture of. Fratric has PhD degree in computer science and is a security researcher at the University of Zagreb. His BlueHat Prize entry was a ROPGuard, a "system that can detect and prevent the currently used forms of ROP attacks at runtime. The system works by defining a set of critical functions: functions that need to be called from the ROP code by the attacker in order to leverage the attack. A series of checks is performed on each critical function call to determine if a function was called from the ROP code or as a result of normal program execution. The system can be applied at runtime to any process and has a low CPU and memory overhead."

Finally, Vasilis Pappas was thrilled to win the grand prize of $200,000.

Vasilis Pappas is a PhD student at Columbia University researching network and system security. For his BlueHat Prize entry, he proposed "kBouncer, an efficient and fully transparent ROP mitigation technique. kBouncer is based on runtime detection of abnormal control transfers using hardware features found on commodity processors."

Backstage, Pappas said it will take time to sink in winning all that money.

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

SUBSCRIBE! Get the best of CSO delivered to your email inbox.