In short: find a way to get your requests signed, then exploit insecure unpickling.

[Original Writeup](https://zackorndorff.com/2017/11/15/csaw-ctf-finals-2017-kws-1-writeup/)