WashiI participated in DEFCON CTF Qualifiers of this year with Shellphish (thanks for inviting me!), and solved a web/rev/pwn challenge where we pwned a Javascript VM with... Python Pickles🥒?
Have a read how we ended up doing this on my blog 👉 https://blog.washi.dev/posts/defcon-brinebid
Breaking Javascript with Python Pickles (Solving brinebid in DEFCON CTF Qualifiers 2023)
On May 27 until May 29, I had the pleasure to join Shellphish in the DEFCON CTF Qualifiers of 2023. I wanted to highlight one of the challenges called brinebid that I ended up working on as well as finding and submitting the flag for. It is a really interesting challenge, combining web security with some reverse engineering a virtual machine (VM), as well as exploiting a vulnerability in the VM to get arbitrary code execution.