Monday 10:20 a.m.–11 a.m. in Hall 2
Escaping the Python Sandbox [Hebrew]
Tomer Zait
- Audience level:
- Experienced
Abstract
There’s two things I really like: Capture the flag competitions and Python.
Fortunately, I have found out that there are challenges that combine both.
In my session I will talk about challenges from 3 different CTF competitions and about the upgraded challenges I wrote from PwCTF.
I will explain the difficulties of creating Python Sandbox and I will show the security issues in the wild.
Things you will learn from my session:
-
Why Python Sandbox is a bad idea
-
How to exploit Python Sandbox using knowledge of Python language to execute code remotely
-
Why it’s hard to protect Python from code execution using Web Application Firewall
-
At the end of the session you will get 3 pySandbox challenges to solve in order to check your abilities
