On August 4th, 2016, DARPA conducted the final event of the Cyber Grand Challenge (CGC). The challenge in CGC was to build an autonomous system capable of playing in a "Capture The Flag" hacking competition. The final event pitted the systems from seven finalists against each other, with each system attempting to defend its own network services while proving vulnerabilities ("capturing flags") in other systems' defended services.

Our team built Xandra, the system that won the $1M second-place prize in the final event. In this talk I will give an overview of CGC, describe our experience participating in CGC, outline the techniques and approaches used in creating Xandra, and attempt to summarize commonalities between different teams' approaches. The commonalities in approaches may indicate something of the current consensus in how to build such systems.

Xandra was jointly developed by researchers at GrammaTech and the University of Virginia with funding from DARPA under the "proposal track" of the competition. The views in the talk are my own, not DARPA's, not UVA's, and maybe not even GrammaTech's.

David Melski graduated sum ma cum laude from the University of Wisconsin with a B.S. in Computer Sciences and Russian Studies. He also received his Ph.D. in Computer Sciences from the University of Wisconsin. Dr. Melski's work in static analysis and interprocedural path-profi ling techniques has been featured in numerous articles and conferences. He has been a part of GrammaTech's research team since June 2002 and is currently the VP of Research.