Reverse-Engineer and Patch an N-Day Vulnerability in a Vendor Binary
Overview
What this challenge is about.
Receive the vulnerable binary (Linux ELF, x86-64), the public CVE-2025-XXXX advisory + PoC, and the bank's deployment context (RHEL 9, the binary runs as a non-root service). Load the binary in Ghidra, identify the vulnerable TLS-handshake-parsing function, confirm the out-of-bounds write with a controlled reproduction in an isolated VM. Design a binary-level mitigation: either a Frida script hooking the function to validate the length field before the copy, or a patched binary with a manually inserted bounds check. Validate that legitimate TLS handshakes still complete and that the PoC no longer crashes the service. Deliver the Ghidra project, the reproduction VM image, the patch (Frida script or patched ELF), a validation report, and a 5-page recommendation memo for the bank's CISO.
The Brief
What you'll do, and what you'll demonstrate.
Reverse-engineer a vendor binary, confirm a public N-day exploit, and produce a binary-level patch that mitigates the vulnerability without breaking legitimate traffic.
Earning criteria — what you'll demonstrate
- Reverse-engineer a stripped binary to locate a documented vulnerability
- Reproduce a public N-day exploit in a controlled environment
- Design and apply a binary-level mitigation safely
- Communicate residual risk to a CISO clearly
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.