TITLE // PHP (HARD)CORE EXPLOITATION
LANGUAGE // ENGLISH
LEVEL // MASTER JEDI
PLACE // GANDALF ARENA
SCHEDULE // 19/08/2016 // 12:30 – 13:30
The talk is a walkthrough of the PHP Core attack surface, which will be analyzed both from a vulnerability research and an exploit development perspective, with the aim of outlining attack scenarios which could affect real web applications.
After a brief introduction about the internals, with a special regard to the main data structures and the Zend memory manager, the fundamental classes of vulnerabilities will be discussed in depth. Real vulnerabilities discovered during our internal researching projects and daily work engagements, along with the most interesting ones disclosed by other researchers, will be used as a tool to provide a comprehensive methodology for finding and reliably exploiting bugs in the PHP interpreter.
SHORT BIO //
Andrea Palazzo is daily engaged in security consulting activities for high profile customers (banks, public service providers, telecommunication companies and big corporations), Andrea has the chance to become very familiar with the most widespread enterprise technologies. Actively researching in the application security field since forever 🙂 , Andrea worked with a lot of major Vendors reporting security vulnerabilities through bug bounty programs and responsible disclosure.