Speaking at SyScan 2009 Singapore and Taipei
April 28th, 2009 | by Stefan Esser |
I will present a session at this year’s SyScan 2009 in Singapore and also in Taipei. The session is about my research into advanced post exploitation in hardened PHP environments. If you want to see some PHP memory corruption voodoo you should see it.
Session: State of the Art Post Exploitation in Hardened PHP Environments
When an attacker manages to execute arbitrary PHP code in a web application he nowadays often ends up in hardened PHP environments that not only make use of PHP’s internal protections like safemode, openbasedir or disable_functions but also make use of Suhosin and operating system, filesystem or libc level security mechanisms like ASLR, NX, hardened memory managers or unix file permissions.In such a situation taking over the server becomes a challenge and requires PHP shellcode that is able to use local PHP exploits to get around these protections. This talk will show the problems arising from the different protection mechanisms for PHP shellcode, will give an insight into the internal memory structures of PHP that are required to write stable local exploits and will demonstrate how a special class of vulnerabilities in PHP that also exists in standard functions enables PHP shellcode to get around most of these protections.
See you in Singapore between 2nd and 3rd July and in Tapei between 7th and 8th July.
2 Responses to “Speaking at SyScan 2009 Singapore and Taipei”
By jf on Apr 28, 2009 | Reply
wish I had the vacation time to go. BOO AMERICA.
By Alan Knowles on Apr 29, 2009 | Reply
dont fancy popping to hong kong for a beer on the way?
enjoy the trip, singapores a great place to visit