Research attacking ML-based image classifiers is common, but it is less frequent to see a study on how someone can bypass ML-based malware detection. In 2019, we organized a contest where participants had to modify Windows malware in a way where the provided three ML engines do not detect it. However, the modified sample is still functionally equivalent to the original binary. As it turned out, it is not that hard to come up with a generic solution which can bypass all three engine. In this presentation, we will discuss the details of the contest, some of the techniques used by the participants (packing, overlays, adding sections), and we will present the brand new 2020 competition with updated defensive and offensive tracks. The offensive track starts with DEF CON.