Skip to main content

2 posts tagged with "Python"

View All Tags

3-Way Data Migration between Support Systems

· 12 min read
Kobbi Gal
Kobbi Gal
I like to pick things apart and see how they work inside

Introduction

The company I work for decided a few months ago that we’ll be moving all customer tickets and assets from two separate systems (one for chat and one for old-school tickets) into a new, integrated system which provides both capabilites. My task was to perform the migration between the systems. Even though I’m not data engineer by any means, I accepted the challenge and thought it would teach me a lot about the planning and execution of such a complex project. It would also allow me to hone in my development/scripting skills and finally have some hands-on experience using a Python library I was always interested in working with, pandas.

Angstrom CTF2021 | Exploiting Python Pickle in Flask Web App

· 11 min read
Kobbi Gal
Kobbi Gal
I like to pick things apart and see how they work inside

Introduction

Recently, I became interested in understanding a bit more about web application exploitation. This interest evolved with my daily work with web applications over the last few years, reviewing already developed web application source code, modifying it at times in order to resolve a customer issue and needing to dive deep and debug customer problems in production. But I always felt that my daily work was only focusing on how to resolve an issue for a customer. I never branched out to actually understanding the security behind the web applications and services I’m debug and the code I was reviewing and modifying. Moreover, I felt that I was not able to identify any security vulnerabilities in the applications I was working with. So I challenged to take this next step in learning more about web application security vulnerabilities by signing up to ångstromCTF 2021, an annual capture-the-flag competition hosted by Montgomery Blair High School (ironically located very near to the high school I attended in Maryland). This post describes the process by which I was able to finish one of the challenges called Jar under the Web category.