There’s two things I really like: Capture the flag competitions and Python. Fortunately, I have found out that there are challenges that combine both. In my session I will talk about challenges from 3 different CTF competitions and about the upgraded challenges I wrote from PwCTF. I will explain the difficulties of creating Python Sandbox and I will show the security issues in the wild. Things you will learn from my session: * Why Python Sandbox is a bad idea * How to exploit Python Sandbox using knowledge of Python language to execute code remotely * Why it’s hard to protect Python from code execution using Web Application Firewall * At the end of the session you will get 3 pySandbox challenges to solve in order to check your abilities