Crossing the KASM -- a webapp pentest story

Presented at DEF CON 30 (2022), Aug. 13, 2022, 5:30 p.m. (45 minutes).

In this talk we will tell the story of an insane exploit we used to compromise the otherwise secure KASM Workspaces software. KASM Workspaces is enterprise software for streaming virtual workstations to end users built on top of Docker.

This talk will span python binary RE, header smuggling, configuration injection, docker networking and questionable RFC interpretation. We hope to show you a little bit of what worked and a lot a bit of what didn't work on our quest to exploit this heisenbug.


Presenters:

  • Justin Gardner - Full-time Bug Bounty Hunter
    Justin Gardner is a full-time bug bounty hunter who spent the last two years traveling around Japan with his wife Mariah, and is currently in the process of settling back down in Richmond, VA to adopt some kids and start a family. His expertise lies mostly in Web Hacking with a bug bounty focus, but he also has experience with Ethereum Smart Contract Auditing, Penetration Testing, and Mobile App Hacking. He hopes to pivot into binary exploitation over the next couple years as well.
  • Samuel Erb - Hacker
    Samuel Erb is a 2x black badge winner with Co9 in the Badge Challenge and is working to make the Internet a safer place. He has also presented 3x previously at the Packet Hacking Village. Outside of hacking, you will likely find Sam in a climbing gym or on the side of a mountain.

Links:

Similar Presentations: