Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

LiveWire - Remote Command Execution Through Unmarshalling

nullcon via YouTube

Start learning Write review
Coursera Ad

Save 40% on 3 months of Coursera Plus

Learn More → Boot.dev Ad

The Most Addictive Python and SQL Courses

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a critical security vulnerability in Laravel's Livewire framework through this 34-minute conference talk from Nullcon Berlin 2025. Learn how attackers can exploit the unmarshalling mechanism in Livewire to instantiate arbitrary objects and achieve remote command execution on any Livewire instance when possessing the application's APP_KEY. Discover the technical details behind this vulnerability that affects the full-stack framework designed for creating dynamic and interactive web interfaces using PHP and Blade templates. Gain insights into the automated payload generation capabilities of the laravel-crypto-killer tool, which the speakers have enhanced with new features to exploit this vulnerability. Understand the security implications for Laravel applications using Livewire and the importance of protecting application keys in web development environments.

Syllabus

#NullconBerlin2025 | LiveWire: Remote Command Execution Through Unmarshalling by Rémi and Pierre

Taught by

nullcon

Reviews

Start your review of LiveWire - Remote Command Execution Through Unmarshalling

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.