Microsoft BlueHat Prize Winners

At Microsoft’s Black Hat USA Researcher Appreciation Party, the company announced the winners of its BlueHat Prize. The party was packed with about 900 invited guests. On stage were a DJ and two women dancing to pounding techno beats inside the Marquee Nightclub at The Cosmopolitan.

Then Microsoft had the grand announcement.

Jared DeMott won the third prize that was originally an MSDN subscription valued at $10,000. However, after the crowd of rowdy partygoers booed that, Microsoft generously said okay then $10,000 and a MSDN subscription.

DeMott is a security researcher and part of the ACME Pharm CTF team. He teaches the class “Application Security: for Hackers and Developers.” His BlueHat Prize entry was a novel defensive that “lowers the effect of address space disclosures and mitigates known return-oriented programming (ROP) exploits. ‘/ROP,’ as it is named, operates by checking that the target address of every (intended or unintended) return instruction is safe. This works because current ROP exploits contain return instructions. The protection is not perfect, but operates quickly and integrates cleanly with Microsoft technology.”

The second prize of $50,000 was awarded to Ivan Fratric who, unfortunately, I don’t have a decent picture of. Fratric has PhD degree in computer science and is a security researcher at the University of Zagreb. His BlueHat Prize entry was a ROPGuard, a “system that can detect and prevent the currently used forms of ROP attacks at runtime. The system works by defining a set of critical functions: functions that need to be called from the ROP code by the attacker in order to leverage the attack. A series of checks is performed on each critical function call to determine if a function was called from the ROP code or as a result of normal program execution. The system can be applied at runtime to any process and has a low CPU and memory overhead.”

Finally, Vasilis Pappas was thrilled to win the grand prize of $200,000.

Vasilis Pappas is a PhD student at Columbia University researching network and system security. For his BlueHat Prize entry, he proposed “kBouncer, an efficient and fully transparent ROP mitigation technique. kBouncer is based on runtime detection of abnormal control transfers using hardware features found on commodity processors.”

Backstage, Pappas said it will take time to sink in winning all that money.

Like this? Here’s more posts:

• EFF: Americans may not realize it, but many are in a face recognition database now
• HOPE 9: Whistleblower Binney says the NSA has dossiers on nearly every US citizen
• NSA Whistleblower Drake: You’re automatically suspicious until proven otherwise
• Mobile Phone Surveillance Out of Control: Cops Collected 1.3 Million Customer Records
• High tech car theft: 3 minutes to steal keyless BMWs
• TSA lawlessly snubs federal court ruling for 1 year! Interview with Jim Harper
• Gov’t surveillance ‘unreasonable’ & violated the 4th amendment ‘at least once’
• Domestic drones: security and privacy game changer
• NSA claims it would violate Americans’ privacy to say how many of us it spied on
• Independence Day: Ghosts of SCOTUS on the fundamental right to privacy
• Black Hat: Microsoft incorporates BlueHat Prize finalist defensive tech & releases EMET 3.5 Preview
• Going Dark in the Golden Age of Cyber-Surveillance?
• Exploiting Windows: Upcoming Black Hat Briefings

Follow me on Twitter @PrivacyFanatic