Monday 10:20 a.m.–11 a.m. in Hall 2
Escaping the Python Sandbox [Hebrew]
- Audience level:
There’s two things I really like: Capture the flag competitions and Python.
Fortunately, I have found out that there are challenges that combine both.
In my session I will talk about challenges from 3 different CTF competitions and about the upgraded challenges I wrote from PwCTF.
I will explain the difficulties of creating Python Sandbox and I will show the security issues in the wild.
Things you will learn from my session:
Why Python Sandbox is a bad idea
How to exploit Python Sandbox using knowledge of Python language to execute code remotely
Why it’s hard to protect Python from code execution using Web Application Firewall
At the end of the session you will get 3 pySandbox challenges to solve in order to check your abilities