Rémi Matasse
Rémi Matasse
I am Rémi Matasse (pseudo Remsio), a pentester that worked at Synacktiv for the past four years, passionated by offensive web security, especially on anything related to PHP.
I passed some years working on concrete PHP filters chain exploitation, documenting it in blogpost and presenting it in several conferences such as Pass The Salt or hack.lu.
I then decided to focus on the Laravel since we often come across this framework during audits before jumped in with both feet on exploitation based on APP_KEY leaks.
Session
Livewire is a full-stack framework for Laravel that streamlines the creation of
dynamic and interactive web interfaces by allowing developers to build
real-time features using PHP and Blade templates. In this talk, we will show
how to exploit the unmarshalling mechanism used by Livewire to instantiate
arbitrary objects in order to achieve remote command execution on
any Livewire instance as long as you are in possession of the APP_KEY of the
application. Additionally, we will present a new feature added to our publicly
available tool laravel-crypto-killer, which fully automates the generation of
the payload described during the presentation.