We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Crossing the KASM - a Webapp Pentest Story

00:00

Formal Metadata

Title
Crossing the KASM - a Webapp Pentest Story
Title of Series
Number of Parts
85
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
In this talk we will tell the story of an insane exploit we used to compromise the otherwise secure KASM Workspaces software. KASM Workspaces is enterprise software for streaming virtual workstations to end users built on top of Docker. This talk will span python binary RE, header smuggling, configuration injection, docker networking and questionable RFC interpretation. We hope to show you a little bit of what worked and a lot a bit of what didn't work on our quest to exploit this Heisenbug.
Operating systemWeb applicationPhysical systemComputer virusCartesian coordinate systemSeries (mathematics)Electronic mailing listProxy serverReal numberSoftware testingSoftware bugVirtual machineTwitterWindowDocument management systemOperator (mathematics)Order (biology)Enterprise architectureService (economics)Row (database)Source codeMobile appInformation securityScheduling (computing)Configuration spaceHacker (term)Graphical user interfaceInformationGame controllerSoftwareBitContext awarenessExploit (computer security)Square numberMultiplication signGreatest elementToken ringBridging (networking)Speech synthesisHecke operatorProduct (business)Shared memoryPresentation of a groupVisualization (computer graphics)Server (computing)InfinityVulnerability (computing)Moment (mathematics)Computer fileRoutingCellular automatonLevel (video gaming)Remote procedure callRight angleComputer animation
MassFile formatProcess (computing)Context awarenessServer (computing)Default (computer science)Client (computing)Entire functionDependent and independent variablesRegulärer Ausdruck <Textverarbeitung>1 (number)String (computer science)Point (geometry)Electronic mailing listRight angleDrop (liquid)CASE <Informatik>Web 2.0Computer fileUniform resource locatorInformation securityVulnerability (computing)DistanceSpacetimeComputer wormFluid staticsDirection (geometry)Server (computing)Configuration spacePlotterProxy serverAttribute grammarPoint cloudReal numberMultiplicationReading (process)Dependent and independent variablesMessage passingCuboidPerspective (visual)Matching (graph theory)Translation (relic)Key (cryptography)GeometryEmailSimilarity (geometry)Level (video gaming)Sign (mathematics)BitRemote procedure callModule (mathematics)CodeCross-site scriptingSingle-precision floating-point formatSystem callMultiplication signRootVariable (mathematics)SoftwareEquals signReverse engineeringInjektivitätThumbnailSoftware bugElectronic program guideSystem administratorPresentation of a groupProcess (computing)Domain nameWeb pageFunctional (mathematics)Context awarenessOperating systemMereologyExpected valueFront and back endsLocal ringBinary codeInclusion mapMixed realityTwitterDefault (computer science)Regular graphBit rateLogicParsingGame controllerMaxima and minimaComputer clusterSelf-organizationPosition operatorEscape characterToken ringRead-only memoryPhysical systemBackdoor (computing)Client (computing)Series (mathematics)RoutingIntegrated development environmentSlide ruleArrow of timePlastikkarteAddress spaceGoodness of fitDatabaseCase moddingWritingComputer programmingWebsiteForm (programming)Source codeStack (abstract data type)File formatProof theoryCodierung <Programmierung>ChainTerm (mathematics)Buffer overflowConnected spaceCollaborationism2 (number)Game theoryQuicksortCausalityExploit (computer security)Directory serviceMetropolitan area networkoutputBlock (periodic table)MiniDiscLeakComputer animation
Transcript: English(auto-generated)