Archive for the ‘Security’ Category
Wednesday, August 12th, 2009
I am finally back in germany after several weeks in foreign countries like singapore, taiwan and the USA. In all three countries I gave a presentation titled "State of the Art Post Exploitation in Hardened PHP Environments" that discusses a certain flaw in the design of the Zend Engine that ...
Posted in PHP, Security | 7 Comments »
Tuesday, June 16th, 2009
At this years Dutch PHP Conference I presented a PHP Security Crash Course for beginners and a session about secure programming with the Zend Framework. You can download all the slides from here.
PHP Security Crash Course for beginners
Part I - Introduction
Part II - XSS
Part III -CSRF
Part IV - SQL Security
Part ...
Posted in PHP, Security | 16 Comments »
Sunday, June 7th, 2009
Three weeks after I present my research about advanced post exploitation in hardened PHP environments at SyScan in Singapore and Taipei, I will present a similar session at this year's Blackhat Briefings 2009 in Las Vegas. The session will be a little bit different from the one at SyScan because ...
Posted in PHP, Security | 1 Comment »
Sunday, June 7th, 2009
Today there is the european parliament election 2009 in germany and around 11:55 I went to the St. Nikolaus elementary school here in cologne to vote. For me it was the first time to vote in this district and therefore I was happy that several other people were heading in ...
Posted in Security | 10 Comments »
Tuesday, April 28th, 2009
I will present a session at this year's SyScan 2009 in Singapore and also in Taipei. The session is about my research into advanced post exploitation in hardened PHP environments. If you want to see some PHP memory corruption voodoo you should see it.
Session: State of the Art Post ...
Posted in PHP, Security | 2 Comments »
Tuesday, April 28th, 2009
I will present a session and a workshop at this year's Dutch PHP Conference 2009 in Amsterdam. The session is about writing secure PHP applications with the Zend Framework and the workshop is a PHP security crash course for beginners. Don't expect any magic. If you want to see PHP ...
Posted in PHP, Security | No Comments »
Tuesday, April 28th, 2009
I will present two sessions at this year's International PHP Conference 2009 - Spring Edition in Berlin about Bytekit and writing secure PHP applications with the Zend Framework.
Session: Bytekit - An open source toolset to work with PHP bytecode
Bytekit is a PHP extension that allows PHP applications to directly read ...
Posted in PHP, Security | No Comments »
Monday, April 27th, 2009
I just wanted to announce that this wednesday (29th of April 2009) at 19:30 there will be the fifth CGNSec meetup in Cologne/Germany. With Eurocrypt 2009 in town we hope that some of the security researchers from there will join us.
The meeting takes place at Hallmackenreuther, BrĂ¼sseler Platz 9, 50674 ...
Posted in CGNSec, Security | No Comments »
Wednesday, April 1st, 2009
I just wanted to announce that two years after the Month of PHP Bugs the same crew is back to organise the Month of Java Bugs in May 2009. In days were more and more researchers join the nomorefreebugs campaign this initiative will provide Java security bugs for free, day ...
Posted in Security, java | 1 Comment »
Friday, February 6th, 2009
A few days ago phpbb.com was hacked through a super-globals-overwrite vulnerability in PHPList that was used by an attacker for a local file inclusion exploit. Details about the whole attack, written down by someone who claims to be the attacker, can be read here. From the explanation it seems that ...
Posted in PHP, Security | 13 Comments »