There’s two things I really like: Capture the flag competitions and Python.
Fortunately, I have found out that there are challenges that combine both.
In my session I will talk about challenges from 3 different CTF competitions and about the upgraded challenges I wrote from PwCTF.
I will explain the difficulties of creating Python Sandbox and I will show the security issues in the wild.
Things you will learn from my session:
* Why Python Sandbox is a bad idea
* How to exploit Python Sandbox using knowledge of Python language to execute code remotely
* Why it’s hard to protect Python from code execution using Web Application Firewall
* At the end of the session you will get 3 pySandbox challenges to solve in order to check your abilities
24. from __future__ import print_function
targets = __builtins__.__dict__.keys()
targets.remove('raw_input')
targets.remove('print')
for x in targets:
del __builtins__.__dict__[x]
My name is Tomer Zait and I'm a security researcher on F5 Networks.
I’m practical software engineer and offensive security expert.
I Love CTF'S and writing open source software's.
By The Way Your are welcome to contribute code, or follow me in twitter or github.