About the Speaker
< Talk Title />
< Talk Category />
< Talk Abstract />
Livewire is a full-stack framework for Laravel that streamlines the creation of
dynamic and interactive web interfaces by allowing developers to build
real-time features using PHP and Blade templates. In this talk, we will show
how to exploit the unmarshalling mechanism used by Livewire to instantiate
arbitrary objects in order to achieve remote command execution on
any Livewire instance as long as you are in possession of the APP_KEY of the
application. Additionally, we will present a new feature added to our publicly
available tool laravel-crypto-killer, which fully automates the generation of
the payload described during the presentation.
< Speaker Bio />
Rémi Matasse
I am Rémi Matasse (pseudo Remsio), a pentester that worked at Synacktiv for the past four years, passionated by offensive web security, especially on anything related to PHP.
I passed some years working on concrete PHP filters chain exploitation, documenting it in blogpost and presenting it in several conferences such as Pass The Salt or hack.lu.
I then decided to focus on the Laravel since we often come across this framework during audits before jumped in with both feet on exploitation based on APP_KEY leaks.
Pierre Martin
My name is Pierre Martin (pseudo Worty), I'm 24 and I've been doing cybersecurity for about 3 years. I take part in a lot of CTFs with the TheFlatNetworkSociety team and I specialize in the web category, mainly on the backend side.
Before becoming a pentester at Synacktiv, I did a lot of bug bounty on YesWeHack and HackerOne, and I had the opportunity to take part in the HackerOne world championship with the French team, where we finished third.
Moreover, I was twice in the French team for the ECSC competition organized every year.
I mainly do vulnerability research on opensource projects, on my own time or at work, notably with Rémi Matasse.