Two days ago I presented my session about bytecode encrypted PHP applications and how to find vulnerabilities in them at 25C3. I didn’t upload the slides until now, because I got ill during the night after my talk and therefore spent most of yesterday in my hotelroom. But here are the slides.
Session: Vulnerability Discovery in Closed Source/Encrypted PHP Applications
Security audits of PHP applications are usually performed on a source code basis. However sometimes vendors protect their source code by encrypting their applications with runtime (bytecode-)encryptors. When these tools are used source code analysis is no longer possible and because these tools change how PHP works internally, several greybox security scanning/fuzzing techniques relying on hooks fail, too.