HAVOC

Halting Attacks Via Obstructing Configurations

A DARPA CFT Program

HAVOC is a software application that uses small system configuration changes to cause malware to fail at runtime. The current prototype is a Windows GUI application that presents a dashboard for the user to view and control the HAVOC methods in use on the local system.

HAVOC alters the configuration of a defender’s system in a way that specifically targets the heterogeneity relied on by autonomous malware. By making these targeted benign changes, HAVOC adds failure-causing unknowns for autonomous malware, and eliminates the traditional information asymmetry advantage of the attacker. This is a cyber-domain implementation of the Counter Intel & Special Ops theory known as the Moving Target Defense.

HAVOC was developed by Digital Operatives LLC with funding from the Defense Advanced Research Projects Agency (DARPA). The views, opinions, and/or findings contained in these articles/presentations are those of Digital Operatives LLC and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research Projects Agency or the Department of Defense. Reference herein to any specific commercial product, process, or service by trade name, trademark or other trade name, manufacturer or otherwise, does not necessarily constitute or imply endorsement by DARPA, the Defense Department or the United States Government, and shall not be used for advertising or product endorsement purposes.