• ## Simpler unpickle payloads with the walrus operator

When exploiting Python deserialization, specifically, Pickle, vulnerabilities you need to craft a payload consisting of a collection of arguments and a callable that is available on the server. Most commonly you can use the eval function and a string to be evaluated. This is fairly flexible and from here you can typically import the os module and call os.system to do whatever you want. Sometimes there can be some limitations in place, for example, you might not get the output of the application directly and it might be blocking outbound connections preventing reverse shells. In some situations you need the result of the unpickle operation to return an object with specific properties. If you are lucky and convenient classes exist on the target and you have knowledge of them you might get away with simply constructing one of them. If this is not the case it is slightly trickier.

• ## dJulkalender 2021: Write-up

The computer science chapter at my alma mater, KTH, arranges an advent calendar called “dJulkalendern”. It is a CTF-like puzzle with challenges (almost) every day until christmas and also a competition.

• ## CrowdStrike Adversary Quest 2021: Write-up

Recently, CrowdStrike Intelligence ran a small CTF for about two weeks with twelve challenges spread over a wide selection of categories. I managed to solve all the challenges and got eighth place. The challenges were of very high quality and I thoroughly enjoyed them so I decided to publish my solutions here. This is not a full write-up with a lot of details but more a short summary of my solution to each problem. The challenges were divided into three storylines, “adversaries” with four challenges each and as such I will structure this post in the same way.