Difference between revisions of "ESC16-Contenuti"
From Enter the ESC
m (Arki moved page ESC16-Programma to ESC16-Contenuti: Nuova versione pagina contenuti) |
(→T1601 : Titolo - (autore/i)) |
||
Line 11: | Line 11: | ||
== Lista Talk == | == Lista Talk == | ||
<!-- {{Pink|TEXT=Ricorda: l'esposizione del talk non dovrebbe superare i 18 minuti. Poi puoi discutere del tuo talk con un capanello !}} --> | <!-- {{Pink|TEXT=Ricorda: l'esposizione del talk non dovrebbe superare i 18 minuti. Poi puoi discutere del tuo talk con un capanello !}} --> | ||
− | === T1601 : | + | === T1601 : PHP backdoor obfuscation: the rise of the vuln - <small>guly</small> === |
− | + | Backdooring the web is the cheapest and most hidden way to achieve persistence on a compromised network, both if you're looking at privileges on the webapp itself or at executing command to underlying system. | |
+ | During the talk, we will discuss the context of a web backdoor: the environment where she can born and grow up will be defined. | ||
+ | Each environmental aspect will be thoroughly analyzed: where is the best point of injection, why we choose a specific function or trick, what permissions are needed, how to trigger the backdoor in a safe, hidden and reproducible way, and of course what to inject. | ||
+ | |||
+ | The talk will thus present several ways to inject obfuscated and hard to spot vulnerabilities in PHP code. Shown examples will backdoor CMS plugins as well as custom code, altering the code and polluting the webapp ecosystem (read: DBMS and webservers). | ||
+ | |||
+ | === T1602 : Titolo - <small>(autore/i)</small> === | ||
+ | ...breve abstract... | ||
== Lista Caps == | == Lista Caps == |
Revision as of 16:38, 14 March 2016
HOME WIKI | PROPOSTE | CAMPEGGIO | CALL FOR PAPER | ARRIVARE | FAQ | MATERIALI |
Questo è il contenuto provvisorio di ESC 2K16. Da sempre i contenuti dell'ESC sono creati dai suoi stessi partecipanti: è fortemente incoraggiata la pubblicazione e condivisione di informazioni frutto della propria esperienza e ricerca personale. Puoi editare liberamente questa pagina o inviare una mail allo STAFF |
Leggi anche il call 4 paper ! |
Contents |
Proposte
In allestimento... |
Lista Talk
T1601 : PHP backdoor obfuscation: the rise of the vuln - guly
Backdooring the web is the cheapest and most hidden way to achieve persistence on a compromised network, both if you're looking at privileges on the webapp itself or at executing command to underlying system.
During the talk, we will discuss the context of a web backdoor: the environment where she can born and grow up will be defined. Each environmental aspect will be thoroughly analyzed: where is the best point of injection, why we choose a specific function or trick, what permissions are needed, how to trigger the backdoor in a safe, hidden and reproducible way, and of course what to inject.
The talk will thus present several ways to inject obfuscated and hard to spot vulnerabilities in PHP code. Shown examples will backdoor CMS plugins as well as custom code, altering the code and polluting the webapp ecosystem (read: DBMS and webservers).
T1602 : Titolo - (autore/i)
...breve abstract...
Lista Caps
C1601 : Titolo - (autore/i)
...breve abstract...
Lista Labs
L1601 : Titolo - (referente)
...breve abstract...
Ville
V1601 : Titolo - (referente)
...breve abstract...
Programma
Il programma definitivo con gli orari sara' disponibile da agosto.