Archive for the ‘Security’ Category
Sunday, June 7th, 2009
Three weeks after I present my research about advanced post exploitation in hardened PHP environments at SyScan in Singapore and Taipei, I will present a similar session at this year's Blackhat Briefings 2009 in Las Vegas. The session will be a little bit different from the one at SyScan because ...
Posted in PHP, Security | 1 Comment »
Sunday, June 7th, 2009
Today there is the european parliament election 2009 in germany and around 11:55 I went to the St. Nikolaus elementary school here in cologne to vote. For me it was the first time to vote in this district and therefore I was happy that several other people were heading in ...
Posted in Security | 10 Comments »
Tuesday, April 28th, 2009
I will present a session at this year's SyScan 2009 in Singapore and also in Taipei. The session is about my research into advanced post exploitation in hardened PHP environments. If you want to see some PHP memory corruption voodoo you should see it.
Session: State of the Art Post ...
Posted in PHP, Security | 2 Comments »
Tuesday, April 28th, 2009
I will present a session and a workshop at this year's Dutch PHP Conference 2009 in Amsterdam. The session is about writing secure PHP applications with the Zend Framework and the workshop is a PHP security crash course for beginners. Don't expect any magic. If you want to see PHP ...
Posted in PHP, Security | No Comments »
Tuesday, April 28th, 2009
I will present two sessions at this year's International PHP Conference 2009 - Spring Edition in Berlin about Bytekit and writing secure PHP applications with the Zend Framework.
Session: Bytekit - An open source toolset to work with PHP bytecode
Bytekit is a PHP extension that allows PHP applications to directly read ...
Posted in PHP, Security | No Comments »
Monday, April 27th, 2009
I just wanted to announce that this wednesday (29th of April 2009) at 19:30 there will be the fifth CGNSec meetup in Cologne/Germany. With Eurocrypt 2009 in town we hope that some of the security researchers from there will join us.
The meeting takes place at Hallmackenreuther, Brüsseler Platz 9, 50674 ...
Posted in CGNSec, Security | No Comments »
Wednesday, April 1st, 2009
I just wanted to announce that two years after the Month of PHP Bugs the same crew is back to organise the Month of Java Bugs in May 2009. In days were more and more researchers join the nomorefreebugs campaign this initiative will provide Java security bugs for free, day ...
Posted in Security, java | 1 Comment »
Friday, February 6th, 2009
A few days ago phpbb.com was hacked through a super-globals-overwrite vulnerability in PHPList that was used by an attacker for a local file inclusion exploit. Details about the whole attack, written down by someone who claims to be the attacker, can be read here. From the explanation it seems that ...
Posted in PHP, Security | 13 Comments »
Wednesday, December 31st, 2008
I just wanted to announce that next wednesday (7th of January 2009) at 19:30 there will be the third CGNSec meetup in Cologne/Germany.
The meeting takes place at Hallmackenreuther, Brüsseler Platz 9, 50674 Köln (Google Maps)
Everyone working in the field of information security is invited to attend. To find us, just ...
Posted in CGNSec, Security | No Comments »
Tuesday, December 30th, 2008
Two days ago I presented my session about bytecode encrypted PHP applications and how to find vulnerabilities in them at 25C3. I didn't upload the slides until now, because I got ill during the night after my talk and therefore spent most of yesterday in my hotelroom. But here are ...
Posted in PHP, Security | 3 Comments »