PHP Internals: Exploit Dev Edition

Presented at Kiwicon X: The Truth is In Here (2016), Nov. 17, 2016, 5 p.m. (45 minutes)

This talk will give a tour about PHP Internals. It'll take the audience on a journey from the design behind a custom PHP fuzzer, to how PHP internal heap can be exploited. It will also cover some of the changes in PHP 7 Internals and what that means from an exploit dev perspective. A sample of interesting and unusual PHP bugs that I had discovered will also be presented. I hope to be able to share what had worked for me and what are some of the lessons I've learnt throughout this journey.


Presenters:

  • Emmanuel Law
    Emmanuel Law (@libnex) is a Principal Security Consultant from Aura Information Security. He works as a penetration tester during the day. By night he can be found fuzzing and exploiting binaries. Recently he has a new found hobby in hacking away at PHP internals.

Links:

Similar Presentations: