PyCon Israel 2018

Monday 10:20 a.m.–11 a.m. in Hall 2

Escaping the Python Sandbox [Hebrew]

Tomer Zait

Audience level:
Experienced

Abstract

There’s two things I really like: Capture the flag competitions and Python.

Fortunately, I have found out that there are challenges that combine both.

In my session I will talk about challenges from 3 different CTF competitions and about the upgraded challenges I wrote from PwCTF.

I will explain the difficulties of creating Python Sandbox and I will show the security issues in the wild.

Things you will learn from my session:

  • Why Python Sandbox is a bad idea

  • How to exploit Python Sandbox using knowledge of Python language to execute code remotely

  • Why it’s hard to protect Python from code execution using Web Application Firewall

  • At the end of the session you will get 3 pySandbox challenges to solve in order to check your abilities

Presentation: Online | File