Be the first to like this
There’s two things I really like: Capture the flag competitions and Python.
Fortunately, I have found out that there are challenges that combine both.
In my session I will talk about challenges from 3 different CTF competitions and about the upgraded challenges I wrote from PwCTF.
I will explain the difficulties of creating Python Sandbox and I will show the security issues in the wild.
Things you will learn from my session:
* Why Python Sandbox is a bad idea
* How to exploit Python Sandbox using knowledge of Python language to execute code remotely
* Why it’s hard to protect Python from code execution using Web Application Firewall
* At the end of the session you will get 3 pySandbox challenges to solve in order to check your abilities