The challenge begins by installing a Python audit hook written in C:
static int auditor_hook(const char *event, PyObject *Py_UNUSED(args), void *Py_UNUSED(user_data))
{
if (!atomic_load(&auditor_may_exec) || atomic_flag_test_and_set(&auditor_did_exec) || strcmp(event, "exec"))
auditor_exit(EXIT_FAILURE);
return 0;