• ## SANS Holiday Hack Challange 2022: Writeup

This is my write-up for the SANS Holiday Hack Challenge 2022.

• ## dJulkalender 2022: Write-up

The computer science chapter at my alma mater, KTH, arranges an advent calendar called “dJulkalendern”. It is a CTF-like puzzle with challenges (almost) every day until christmas and also a competition.

• ## Simpler unpickle payloads with the walrus operator

When exploiting Python deserialization, specifically, Pickle, vulnerabilities you need to craft a payload consisting of a collection of arguments and a callable that is available on the server. Most commonly you can use the eval function and a string to be evaluated. This is fairly flexible and from here you can typically import the os module and call os.system to do whatever you want. Sometimes there can be some limitations in place, for example, you might not get the output of the application directly and it might be blocking outbound connections preventing reverse shells. In some situations you need the result of the unpickle operation to return an object with specific properties. If you are lucky and convenient classes exist on the target and you have knowledge of them you might get away with simply constructing one of them. If this is not the case it is slightly trickier.