EkoParty Reverse && GO challenge

Introduction

Don't have a ticket to EkoParty (EkoParty.org) yet? Don't Worry! The EkoParty organizers and Immunity, Inc. would like to invite you to take part in the "Reverse && GO" challenge. The first five people to complete the challenge will win official tickets for EkoParty 2009, which takes place September 17-18, in beautiful Buenos Aires, Argentina.

How

The Reverse & GO challenge consists of two significant parts:

  • Reversing: Immunity will give you a binary that will contain at least one bug. Your job is to find the bugs and crash the software to then determine its security impact.
  • Reporting: Write a simple advisory, include an introduction, how you found the bug, detailed information about the vulnerability, attack scopes, a proof of concept exploit (including source code) and a recommended solution to the problem.

    The Binary

    The target binary is a simple win32 executable (with full symbols) that parses XML files. Run it without arguments and it will read a file called "immunity.xml" from the current working directory.

    You can download the binary here, and the binary with symbols here.

    Criteria

  • Number of bugs found (there might be more than one!)
  • Bug originality
  • Understanding of the vulnerability
  • Clarity of advisory

    The challenge deadline is the 1st of September. The winners will be announced the 7th of September on EkoParty.org. Send your results to argentina@immunityinc.com.

    For any questions and comments regarding EkoParty, please visit EkoParty.org; for any questions and comments regarding the Reverse && GO challenge please contact argentina@immunityinc.com.

    Happy hunting!


    • Contact    |    Privacy Policy    |    Usage Policy

    Copyright © 2002-2004 - Immunity, Inc. All Rights Reserved.