Markus
Lead Penetration Tester & Cybercrime Podcast Host.
Sessions
11-22
13:40
15min
how malicious code pwned a secure coding CTF
Markus
Secure coding challenges in CTFs typically ask participants to patch vulnerabilities in (web-) application code. But what happens when the validation system itself is vulnerable and not so ... secure?
This talk examines the irony of breaking security challenges by attacking the infrastructure and demonstrates the exploitation techniques against os.popen().
Second Track
Second Room