Abusing PHP 7's OPcache to Spawn Webshells

Presented at Hackfest 2016, Unknown date/time (Unknown duration)

PHP 7 comes with a new built-in caching engine called OPcache. With this caching engine, a 10x performance increase can be expected depending on your workload. What you won't expect though, is that OPcache offers a new and stealthy way to inject malicious code even under hardened environments. As the title suggests, this talk will cover a new exploitation technique allowing attackers to obtain and operate hidden webshells given the right circumstances. We'll talk about how the technique works, how OPcache works internally, as well as some tools that can be used to facilitate exploitation and incident response.

Presenters:

• Ian bouchard
  Ian Bouchard is a freshman at the Laval University in Quebec City. He is the winner of the OWASP CTF at Hackfest 2015. Graduating college in computer science, he has worked as an intern with the security firm GoSecure in its R&D department. He is also a freelance pentester for Sekcore.

Links:

• https://infocon.org/cons/Hackfest/Hackfest 8 2016/Hackfest 2016 - Ian Bouchard presented Abusing PHP 7s OPcache to Spawn Webshells.mp4
• https://www.youtube.com/watch?v=yLpsIWh7rvU