Building Your Botnet With WordPress

Presented at ToorCon San Diego 13 (2011), Unknown date/time (Unknown duration).

Many large scale websites use WordPress for their blog or even as the main site (Sony, Best Buy, Ebay, Wired, the list goes on) . As any easy to use and intuitive (idiot proof) application, the most common vulnerability is the user and in WordPress, the editor or admin's dictionary password, second most is the fact that many of the plugins either have un-published or un-patched vulnerabilities. I will demonstrate how using targeted attacks can lead to building a botnet with any demographic you desire. I will show how to attack a WordPress site and more specifically their subscribers/readers and usable payloads will be demonstrated, as well as how to protect default WordPress installations.

Presenters:

• Phyr3wall
  William Wallace is an experienced Software Engineer with more than 10 years of progressive production development. William is currently working as a web application engineer assigned to scale and secure several large scale blogs that are currently using WordPress.

Similar Presentations:

• ToorCon San Diego 19 (2017) / Agile Security in WordPress Deployments
• Global AppSec - DC 2019 / A Structured Code Audit Approach to Find Flaws in Highly Audited Webapps
• ShmooCon 2022 Rescheduled / Safe and Secure WordPress. Easy!